starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-28 03:27:15 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

policy/v2: add SSH compatibility testdata from Tailscale SaaS

Browse Source 
Add 39 test fixtures captured from Tailscale SaaS API responses
to validate SSH policy compilation parity. Each JSON file contains
the SSH policy section and expected compiled SSHRule arrays for 5
test nodes (3 user-owned, 2 tagged).

Test series: SSH-A (basic), SSH-B (specific sources), SSH-C
(destination combos), SSH-D (localpart), SSH-E (edge cases),
SSH-F (multi-rule), SSH-G (acceptEnv).

The data-driven TestSSHDataCompat harness uses cmp.Diff with
principal order tolerance but strict rule ordering (first-match-wins
semantics require exact order).

Updates #3049
This commit is contained in:
Kristoffer Dalby
2026-02-24 19:40:04 +00:00
parent 0acf09bdd2
commit 6c59d3e601
40 changed files with 3498 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json vendored Normal file
View File

@@ -0,0 +1,177 @@
{
"test_id": "SSH-F5",
"policy_file": "ssh_policies/ssh_f5.json",
"ssh_section": [
{ "action": "accept", "src": ["autogroup:member"], "dst": ["autogroup:self"], "users": ["localpart:*@passkey"] },
{ "action": "accept", "src": ["autogroup:member"], "dst": ["tag:server"], "users": ["localpart:*@passkey"] }
],
"nodes": {
"user1": {
"rules": [
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "kratail2tid": "kratail2tid" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "kratail2tid": "kratail2tid" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [{ "nodeIP": "100.110.121.96" }, { "nodeIP": "fd7a:115c:a1e0::1737:7960" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.110.121.96" }, { "nodeIP": "fd7a:115c:a1e0::1737:7960" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "monitorpasskeykradalby": "monitorpasskeykradalby" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "monitorpasskeykradalby": "monitorpasskeykradalby" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.90.199.68" }, { "nodeIP": "fd7a:115c:a1e0::2d01:c747" }],
"sshUsers": { "kratail2tid": "kratail2tid" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.110.121.96" }, { "nodeIP": "fd7a:115c:a1e0::1737:7960" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "root": "" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [{ "nodeIP": "100.103.90.82" }, { "nodeIP": "fd7a:115c:a1e0::9e37:5a52" }],
"sshUsers": { "monitorpasskeykradalby": "monitorpasskeykradalby" },
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": { "rules": [] }
}
}