policy/v2: add SSH compatibility testdata from Tailscale SaaS

Add 39 test fixtures captured from Tailscale SaaS API responses to validate SSH policy compilation parity. Each JSON file contains the SSH policy section and expected compiled SSHRule arrays for 5 test nodes (3 user-owned, 2 tagged). Test series: SSH-A (basic), SSH-B (specific sources), SSH-C (destination combos), SSH-D (localpart), SSH-E (edge cases), SSH-F (multi-rule), SSH-G (acceptEnv). The data-driven TestSSHDataCompat harness uses cmp.Diff with principal order tolerance but strict rule ordering (first-match-wins semantics require exact order). Updates #3049
2026-04-27 11:07:15 +02:00 · 2026-02-24 19:40:04 +00:00
parent 0acf09bdd2
commit 6c59d3e601
40 changed files with 3498 additions and 0 deletions
--- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json
+++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json
@@ -0,0 +1,32 @@
+{
+  "test_id": "SSH-A4",
+  "policy_file": "ssh_policies/ssh_a4.json",
+  "ssh_section": [{ "action": "accept", "src": ["autogroup:member"], "dst": ["tag:server"], "users": ["ubuntu"] }],
+  "nodes": {
+    "user1": { "rules": [] },
+    "user-kris": { "rules": [] },
+    "user-mon": { "rules": [] },
+    "tagged-server": {
+      "rules": [
+        {
+          "principals": [
+            { "nodeIP": "100.103.90.82" },
+            { "nodeIP": "100.110.121.96" },
+            { "nodeIP": "100.90.199.68" },
+            { "nodeIP": "fd7a:115c:a1e0::1737:7960" },
+            { "nodeIP": "fd7a:115c:a1e0::2d01:c747" },
+            { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }
+          ],
+          "sshUsers": { "root": "", "ubuntu": "ubuntu" },
+          "action": {
+            "accept": true,
+            "allowAgentForwarding": true,
+            "allowLocalPortForwarding": true,
+            "allowRemotePortForwarding": true
+          }
+        }
+      ]
+    },
+    "tagged-prod": { "rules": [] }
+  }
+}