starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-11 03:27:20 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

policy/v2: convert ACL compat tests to data-driven format with Tailscale SaaS captures

Browse Source 
Replace 9,937 lines of inline Go test expectations with 215 JSON golden files captured from Tailscale SaaS. The new data-driven test driver compares headscale's filter compilation output against real Tailscale behavior for each node in an 8-node topology.

Updates #2180
This commit is contained in:
Kristoffer Dalby
2026-03-17 11:13:04 +00:00
parent 9f7aa55689
commit 2fb71690e8
217 changed files with 40024 additions and 9937 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
hscontrol/policy/v2/testdata/acl_results/ACL-A01.json vendored Normal file
View File

@@ -0,0 +1,283 @@
{
"test_id": "ACL-A01",
"timestamp": "2026-03-17T14:16:33Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

315
hscontrol/policy/v2/testdata/acl_results/ACL-A02.json vendored Normal file
View File

@@ -0,0 +1,315 @@
{
"test_id": "ACL-A02",
"timestamp": "2026-03-17T14:16:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

152
hscontrol/policy/v2/testdata/acl_results/ACL-A03.json vendored Normal file
View File

@@ -0,0 +1,152 @@
{
"test_id": "ACL-A03",
"timestamp": "2026-03-17T14:16:54Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

183
hscontrol/policy/v2/testdata/acl_results/ACL-A04.json vendored Normal file
View File

@@ -0,0 +1,183 @@
{
"test_id": "ACL-A04",
"timestamp": "2026-03-17T14:17:04Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-A05.json vendored Normal file
View File

@@ -0,0 +1,123 @@
{
"test_id": "ACL-A05",
"timestamp": "2026-03-17T14:17:15Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

198
hscontrol/policy/v2/testdata/acl_results/ACL-A06.json vendored Normal file
View File

@@ -0,0 +1,198 @@
{
"test_id": "ACL-A06",
"timestamp": "2026-03-17T14:17:25Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:member:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

208
hscontrol/policy/v2/testdata/acl_results/ACL-A07.json vendored Normal file
View File

@@ -0,0 +1,208 @@
{
"test_id": "ACL-A07",
"timestamp": "2026-03-17T14:17:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*", "tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

248
hscontrol/policy/v2/testdata/acl_results/ACL-A08.json vendored Normal file
View File

@@ -0,0 +1,248 @@
{
"test_id": "ACL-A08",
"timestamp": "2026-03-17T14:17:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:tagged:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

183
hscontrol/policy/v2/testdata/acl_results/ACL-A09.json vendored Normal file
View File

@@ -0,0 +1,183 @@
{
"test_id": "ACL-A09",
"timestamp": "2026-03-17T14:17:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-A10.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-A10",
"timestamp": "2026-03-17T14:18:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["autogroup:self:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-A11.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-A11",
"timestamp": "2026-03-17T14:18:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a11.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["autogroup:self:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

183
hscontrol/policy/v2/testdata/acl_results/ACL-A12.json vendored Normal file
View File

@@ -0,0 +1,183 @@
{
"test_id": "ACL-A12",
"timestamp": "2026-03-17T14:18:28Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a12.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

183
hscontrol/policy/v2/testdata/acl_results/ACL-A13.json vendored Normal file
View File

@@ -0,0 +1,183 @@
{
"test_id": "ACL-A13",
"timestamp": "2026-03-17T14:18:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a13.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:80-443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
}
}
}

267
hscontrol/policy/v2/testdata/acl_results/ACL-A14.json vendored Normal file
View File

@@ -0,0 +1,267 @@
{
"test_id": "ACL-A14",
"timestamp": "2026-03-17T14:18:49Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a14.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:22,80,443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.110.121.96",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.103.90.82",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
}
}
}

363
hscontrol/policy/v2/testdata/acl_results/ACL-A15.json vendored Normal file
View File

@@ -0,0 +1,363 @@
{
"test_id": "ACL-A15",
"timestamp": "2026-03-17T14:19:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a15.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

160
hscontrol/policy/v2/testdata/acl_results/ACL-A16.json vendored Normal file
View File

@@ -0,0 +1,160 @@
{
"test_id": "ACL-A16",
"timestamp": "2026-03-17T14:19:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a16.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

280
hscontrol/policy/v2/testdata/acl_results/ACL-A17.json vendored Normal file
View File

@@ -0,0 +1,280 @@
{
"test_id": "ACL-A17",
"timestamp": "2026-03-17T14:19:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a17.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*", "tag:server:22", "autogroup:member:80"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-AH01",
"timestamp": "2026-03-17T14:19:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "subnet24"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-AH02",
"timestamp": "2026-03-17T14:19:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "100.108.74.26"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "100.108.74.26"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

166
hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json vendored Normal file
View File

@@ -0,0 +1,166 @@
{
"test_id": "ACL-AH03",
"timestamp": "2026-03-17T14:19:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22", "subnet24:80", "tag:server:443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-AH04",
"timestamp": "2026-03-17T14:20:02Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "10.0.0.0/8"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-AH05",
"timestamp": "2026-03-17T14:20:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-AH06",
"timestamp": "2026-03-17T14:20:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["10.0.0.0/8:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

176
hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json vendored Normal file
View File

@@ -0,0 +1,176 @@
{
"test_id": "ACL-AR01",
"timestamp": "2026-03-17T14:20:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80,443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

207
hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json vendored Normal file
View File

@@ -0,0 +1,207 @@
{
"test_id": "ACL-AR02",
"timestamp": "2026-03-17T14:20:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80,443"]
},
{
"action": "accept",
"src": ["*"],
"proto": "udp",
"dst": ["tag:server:53"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 53,
"Last": 53
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 53,
"Last": 53
}
}
],
"IPProto": [17]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

181
hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json vendored Normal file
View File

@@ -0,0 +1,181 @@
{
"test_id": "ACL-AR03",
"timestamp": "2026-03-17T14:20:55Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

191
hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json vendored Normal file
View File

@@ -0,0 +1,191 @@
{
"test_id": "ACL-AR04",
"timestamp": "2026-03-17T14:21:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:router"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": ["100.92.142.61", "fd7a:115c:a1e0::3e37:8e3d"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

205
hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json vendored Normal file
View File

@@ -0,0 +1,205 @@
{
"test_id": "ACL-AR05",
"timestamp": "2026-03-17T14:21:16Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

172
hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json vendored Normal file
View File

@@ -0,0 +1,172 @@
{
"test_id": "ACL-AR06",
"timestamp": "2026-03-17T14:21:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:80"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

315
hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json vendored Normal file
View File

@@ -0,0 +1,315 @@
{
"test_id": "ACL-AT01",
"timestamp": "2026-03-17T14:21:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

248
hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json vendored Normal file
View File

@@ -0,0 +1,248 @@
{
"test_id": "ACL-AT02",
"timestamp": "2026-03-17T14:21:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22", "tag:client:22", "tag:prod:22", "tag:router:22", "tag:exit:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

216
hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json vendored Normal file
View File

@@ -0,0 +1,216 @@
{
"test_id": "ACL-AT03",
"timestamp": "2026-03-17T14:21:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"],
"dst": ["autogroup:member:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

185
hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json vendored Normal file
View File

@@ -0,0 +1,185 @@
{
"test_id": "ACL-AT04",
"timestamp": "2026-03-17T14:22:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:80"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

168
hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json vendored Normal file
View File

@@ -0,0 +1,168 @@
{
"test_id": "ACL-AT05",
"timestamp": "2026-03-17T14:22:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:client:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

217
hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json vendored Normal file
View File

@@ -0,0 +1,217 @@
{
"test_id": "ACL-AT06",
"timestamp": "2026-03-17T14:22:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:client:80"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:prod:443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-AU01",
"timestamp": "2026-03-17T14:22:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kristoffer@dalby.cc"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-AU02",
"timestamp": "2026-03-17T14:22:49Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["monitorpasskeykradalby@passkey"],
"dst": ["tag:prod:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

163
hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json vendored Normal file
View File

@@ -0,0 +1,163 @@
{
"test_id": "ACL-AU03",
"timestamp": "2026-03-17T14:23:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:developers"],
"dst": ["tag:server:22", "tag:prod:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

173
hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json vendored Normal file
View File

@@ -0,0 +1,173 @@
{
"test_id": "ACL-AU04",
"timestamp": "2026-03-17T14:23:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["group:developers:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

148
hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json vendored Normal file
View File

@@ -0,0 +1,148 @@
{
"test_id": "ACL-AU05",
"timestamp": "2026-03-17T14:23:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["group:monitors:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": null
}
}
}

150
hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json vendored Normal file
View File

@@ -0,0 +1,150 @@
{
"test_id": "ACL-AU06",
"timestamp": "2026-03-17T14:23:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins", "group:developers", "group:monitors"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

204
hscontrol/policy/v2/testdata/acl_results/ACL-C01.json vendored Normal file
View File

@@ -0,0 +1,204 @@
{
"test_id": "ACL-C01",
"timestamp": "2026-03-17T14:23:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:80"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:prod:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

201
hscontrol/policy/v2/testdata/acl_results/ACL-C02.json vendored Normal file
View File

@@ -0,0 +1,201 @@
{
"test_id": "ACL-C02",
"timestamp": "2026-03-17T14:23:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "autogroup:member"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:80"]
},
{
"action": "accept",
"src": ["group:admins"],
"dst": ["tag:prod:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

235
hscontrol/policy/v2/testdata/acl_results/ACL-C03.json vendored Normal file
View File

@@ -0,0 +1,235 @@
{
"test_id": "ACL-C03",
"timestamp": "2026-03-17T14:24:03Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22", "tag:prod:5432", "webserver:80"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

238
hscontrol/policy/v2/testdata/acl_results/ACL-C04.json vendored Normal file
View File

@@ -0,0 +1,238 @@
{
"test_id": "ACL-C04",
"timestamp": "2026-03-17T14:24:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

388
hscontrol/policy/v2/testdata/acl_results/ACL-C05.json vendored Normal file
View File

@@ -0,0 +1,388 @@
{
"test_id": "ACL-C05",
"timestamp": "2026-03-17T14:24:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": [
"tag:server:22",
"tag:prod:5432",
"tag:client:80",
"tag:router:*",
"tag:exit:*",
"autogroup:member:443",
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

156
hscontrol/policy/v2/testdata/acl_results/ACL-C06.json vendored Normal file
View File

@@ -0,0 +1,156 @@
{
"test_id": "ACL-C06",
"timestamp": "2026-03-17T14:24:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "tag:prod", "tag:server", "autogroup:member", "group:admins"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

200
hscontrol/policy/v2/testdata/acl_results/ACL-C07.json vendored Normal file
View File

@@ -0,0 +1,200 @@
{
"test_id": "ACL-C07",
"timestamp": "2026-03-17T14:24:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:443"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:8080"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

248
hscontrol/policy/v2/testdata/acl_results/ACL-C08.json vendored Normal file
View File

@@ -0,0 +1,248 @@
{
"test_id": "ACL-C08",
"timestamp": "2026-03-17T14:24:55Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22", "tag:prod:22", "tag:client:22", "tag:router:22", "tag:exit:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

287
hscontrol/policy/v2/testdata/acl_results/ACL-C09.json vendored Normal file
View File

@@ -0,0 +1,287 @@
{
"test_id": "ACL-C09",
"timestamp": "2026-03-17T14:25:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:prod:22"]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["group:developers"],
"dst": ["tag:router:*"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

400
hscontrol/policy/v2/testdata/acl_results/ACL-C10.json vendored Normal file
View File

@@ -0,0 +1,400 @@
{
"test_id": "ACL-C10",
"timestamp": "2026-03-17T14:25:16Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:22", "tag:prod:5432"]
},
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["autogroup:tagged:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

172
hscontrol/policy/v2/testdata/acl_results/ACL-D01.json vendored Normal file
View File

@@ -0,0 +1,172 @@
{
"test_id": "ACL-D01",
"timestamp": "2026-03-17T14:25:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

150
hscontrol/policy/v2/testdata/acl_results/ACL-D02.json vendored Normal file
View File

@@ -0,0 +1,150 @@
{
"test_id": "ACL-D02",
"timestamp": "2026-03-17T14:25:37Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22", "webserver:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-D03.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-D03",
"timestamp": "2026-03-17T14:25:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26", "tag:server"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-D04.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-D04",
"timestamp": "2026-03-17T14:25:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26", "webserver"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

155
hscontrol/policy/v2/testdata/acl_results/ACL-D05.json vendored Normal file
View File

@@ -0,0 +1,155 @@
{
"test_id": "ACL-D05",
"timestamp": "2026-03-17T14:26:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22", "tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

148
hscontrol/policy/v2/testdata/acl_results/ACL-D06.json vendored Normal file
View File

@@ -0,0 +1,148 @@
{
"test_id": "ACL-D06",
"timestamp": "2026-03-17T14:26:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22", "webserver:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

363
hscontrol/policy/v2/testdata/acl_results/ACL-D07.json vendored Normal file
View File

@@ -0,0 +1,363 @@
{
"test_id": "ACL-D07",
"timestamp": "2026-03-17T14:26:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

202
hscontrol/policy/v2/testdata/acl_results/ACL-D08.json vendored Normal file
View File

@@ -0,0 +1,202 @@
{
"test_id": "ACL-D08",
"timestamp": "2026-03-17T14:26:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["kratail2tid@passkey:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-E01.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-E01",
"timestamp": "2026-03-17T14:26:50Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-E02.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-E02",
"timestamp": "2026-03-17T14:27:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-E03.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-E03",
"timestamp": "2026-03-17T14:27:11Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-E04.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-E04",
"timestamp": "2026-03-17T14:27:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

148
hscontrol/policy/v2/testdata/acl_results/ACL-E05.json vendored Normal file
View File

@@ -0,0 +1,148 @@
{
"test_id": "ACL-E05",
"timestamp": "2026-03-17T14:27:32Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-E06.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-E06",
"timestamp": "2026-03-17T14:27:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-E07.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-E07",
"timestamp": "2026-03-17T14:27:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-E08.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-E08",
"timestamp": "2026-03-17T14:28:03Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-E09.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-E09",
"timestamp": "2026-03-17T14:28:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "group:admins"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR01",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:nonexistent"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR02",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:self"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "\"autogroup:self\" not valid on the src side of a rule" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR03",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"autogroup:self\": port range \"self\": invalid first integer" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR04",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:nonexistent"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR05",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:nonexistent:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"tag:nonexistent\": tag not found: \"tag:nonexistent\"" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR06",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "deny",
"src": ["tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "action=\"deny\" is not supported" }
}
}

46
hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"test_id": "ACL-ERR07",
"timestamp": "2026-03-17T14:28:29Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:ssh"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"tag:server:ssh\": port range \"ssh\": invalid first integer" }
}
}

51
hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json vendored Normal file
View File

@@ -0,0 +1,51 @@
{
"test_id": "ACL-ERR08",
"timestamp": "2026-03-17T14:28:34Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["autogroup:self:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" }
}
}

51
hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json vendored Normal file
View File

@@ -0,0 +1,51 @@
{
"test_id": "ACL-ERR09",
"timestamp": "2026-03-17T14:28:39Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
},
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["autogroup:self:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" }
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-H01.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-H01",
"timestamp": "2026-03-17T14:28:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:80"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-H02.json vendored Normal file
View File

@@ -0,0 +1,227 @@
{
"test_id": "ACL-H02",
"timestamp": "2026-03-17T14:28:59Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver"],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-H03.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-H03",
"timestamp": "2026-03-17T14:29:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["internal"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

141
hscontrol/policy/v2/testdata/acl_results/ACL-H04.json vendored Normal file
View File

@@ -0,0 +1,141 @@
{
"test_id": "ACL-H04",
"timestamp": "2026-03-17T14:29:20Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

159
hscontrol/policy/v2/testdata/acl_results/ACL-H05.json vendored Normal file
View File

@@ -0,0 +1,159 @@
{
"test_id": "ACL-H05",
"timestamp": "2026-03-17T14:29:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:22", "prodbox:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-H06.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-H06",
"timestamp": "2026-03-17T14:29:41Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

136
hscontrol/policy/v2/testdata/acl_results/ACL-H07.json vendored Normal file
View File

@@ -0,0 +1,136 @@
{
"test_id": "ACL-H07",
"timestamp": "2026-03-17T14:29:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["webserver:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-H08.json vendored Normal file
View File

@@ -0,0 +1,123 @@
{
"test_id": "ACL-H08",
"timestamp": "2026-03-17T14:30:02Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["subnet24:80"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

172
hscontrol/policy/v2/testdata/acl_results/ACL-K01.json vendored Normal file
View File

@@ -0,0 +1,172 @@
{
"test_id": "ACL-K01",
"timestamp": "2026-03-17T14:30:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": [
"*",
"autogroup:member",
"autogroup:tagged",
"group:admins",
"tag:client",
"webserver",
"100.90.199.68"
],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::/48",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

226
hscontrol/policy/v2/testdata/acl_results/ACL-K02.json vendored Normal file
View File

@@ -0,0 +1,226 @@
{
"test_id": "ACL-K02",
"timestamp": "2026-03-17T14:30:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": [
"tag:server:22",
"tag:prod:5432",
"webserver:80",
"prodbox:443",
"group:admins:8080",
"kratail2tid@passkey:3000",
"100.108.74.26:9000"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 9000,
"Last": 9000
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 3000,
"Last": 3000
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 3000,
"Last": 3000
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
}
}
}

374
hscontrol/policy/v2/testdata/acl_results/ACL-K03.json vendored Normal file
View File

@@ -0,0 +1,374 @@
{
"test_id": "ACL-K03",
"timestamp": "2026-03-17T14:30:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"autogroup:tagged",
"group:admins",
"group:developers",
"kratail2tid@passkey",
"tag:client",
"tag:prod",
"tag:server",
"webserver",
"prodbox"
],
"dst": ["*:*"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

278
hscontrol/policy/v2/testdata/acl_results/ACL-K04.json vendored Normal file
View File

@@ -0,0 +1,278 @@
{
"test_id": "ACL-K04",
"timestamp": "2026-03-17T14:30:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": [
"tag:server:22",
"tag:server:80",
"tag:server:443",
"tag:prod:5432",
"tag:prod:3306",
"tag:client:80",
"tag:client:443",
"webserver:8080",
"prodbox:8080"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.83.200.69",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 3306,
"Last": 3306
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 3306,
"Last": 3306
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

221
hscontrol/policy/v2/testdata/acl_results/ACL-K05.json vendored Normal file
View File

@@ -0,0 +1,221 @@
{
"test_id": "ACL-K05",
"timestamp": "2026-03-17T14:30:54Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"group:admins",
"kratail2tid@passkey",
"tag:client",
"tag:prod",
"100.83.200.69",
"100.103.8.15"
],
"dst": ["tag:server:22", "webserver:80", "100.108.74.26:443", "group:admins:8080", "kratail2tid@passkey:9000"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 9000,
"Last": 9000
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 9000,
"Last": 9000
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
}
}
}

150
hscontrol/policy/v2/testdata/acl_results/ACL-M01.json vendored Normal file
View File

@@ -0,0 +1,150 @@
{
"test_id": "ACL-M01",
"timestamp": "2026-03-17T14:31:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "tag:client", "group:monitors"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M02.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M02",
"timestamp": "2026-03-17T14:31:15Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["100.90.199.68", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M03.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M03",
"timestamp": "2026-03-17T14:31:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver", "tag:client"],
"dst": ["tag:prod:5432"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M04.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M04",
"timestamp": "2026-03-17T14:31:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M05.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M05",
"timestamp": "2026-03-17T14:31:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "group:monitors"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::9e37:5a52"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

150
hscontrol/policy/v2/testdata/acl_results/ACL-M06.json vendored Normal file
View File

@@ -0,0 +1,150 @@
{
"test_id": "ACL-M06",
"timestamp": "2026-03-17T14:31:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["*", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"100.83.200.69",
"fd7a:115c:a1e0::/48",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

180
hscontrol/policy/v2/testdata/acl_results/ACL-M07.json vendored Normal file
View File

@@ -0,0 +1,180 @@
{
"test_id": "ACL-M07",
"timestamp": "2026-03-17T14:32:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:22,80,443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

152
hscontrol/policy/v2/testdata/acl_results/ACL-M08.json vendored Normal file
View File

@@ -0,0 +1,152 @@
{
"test_id": "ACL-M08",
"timestamp": "2026-03-17T14:32:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:80-443"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M09.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M09",
"timestamp": "2026-03-17T14:32:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "internal"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-M10.json vendored Normal file
View File

@@ -0,0 +1,143 @@
{
"test_id": "ACL-M10",
"timestamp": "2026-03-17T14:32:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
}
},
"acls": [
{
"action": "accept",
"src": ["100.92.142.61", "tag:client"],
"dst": ["tag:server:22"]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d"
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.92.142.61", "fd7a:115c:a1e0::c537:c845"],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

Some files were not shown because too many files have changed in this diff Show More