mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-05-06 04:26:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

testdata: drop unused uppercase SSH-*.hujson fixtures

Browse Source 
The 39 SSH-*.hujson files in hscontrol/policy/v2/testdata/ssh_results/
were legacy hand-written "expected SSH rules" snippets superseded by
the lowercase tscap captures (ssh-*.hujson). The active loader in
TestSSHDataCompat globs ssh-*.hujson; filepath.Glob is case-sensitive
on Linux so the uppercase set was loaded by no test.

The duplication caused permanent dirty git state on case-insensitive
filesystems (APFS, NTFS) where only one of SSH-A1.hujson and
ssh-a1.hujson can physically exist in the working tree.

Add an assertion to TestSSHDataCompat that the loader picks up every
*.hujson under ssh_results/ so future fixture migrations cannot leave
stranded files behind.

Fixes #3240
This commit is contained in:
Kristoffer Dalby 2026-05-04 09:57:33 +00:00
parent 3d0f597b23
commit 9482cdf590
40 changed files with 10 additions and 5476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hscontrol/policy/v2/tailscale_ssh_data_compat_test.go
View File

@ -172,6 +172,16 @@ func TestSSHDataCompat(t *testing.T) {
"no ssh-*.hujson test files found in testdata/ssh_results/",
)
allHujson, err := filepath.Glob(
filepath.Join("testdata", "ssh_results", "*.hujson"),
)
require.NoError(t, err, "failed to glob all hujson files")
require.Lenf(t, files, len(allHujson),
"ssh_results/ contains hujson files not picked up by the ssh-*.hujson loader; "+
"loader sees %d, directory has %d. Stale fixtures should be deleted.",
len(files), len(allHujson),
)
t.Logf("Loaded %d SSH test files", len(files))
users := setupSSHDataCompatUsers()

99
hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson vendored
View File

@ -1,99 +0,0 @@
// SSH-A1
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A1",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

102
hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson vendored
View File

@ -1,102 +0,0 @@
// SSH-A2
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['autogroup:nonroot']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A2",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

103
hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson vendored
View File

@ -1,103 +0,0 @@
// SSH-A3
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root', 'autogroup:nonroot']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A3",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root",
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

72
hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson vendored
View File

@ -1,72 +0,0 @@
// SSH-A4
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['ubuntu']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-A4",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"ubuntu"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

73
hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson vendored
View File

@ -1,73 +0,0 @@
// SSH-A5
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root', 'ubuntu']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-A5",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root",
"ubuntu"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

102
hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson vendored
View File

@ -1,102 +0,0 @@
// SSH-A6
//
// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A6",
"ssh_section": [
{
"action": "check",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 43200000000000
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 43200000000000
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 43200000000000
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

103
hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson vendored
View File

@ -1,103 +0,0 @@
// SSH-A7
//
// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A7",
"ssh_section": [
{
"action": "check",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
],
"checkPeriod": "1h"
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

103
hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson vendored
View File

@ -1,103 +0,0 @@
// SSH-A8
//
// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-A8",
"ssh_section": [
{
"action": "check",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
],
"checkPeriod": "always"
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 0
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 0
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 0
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

59
hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson vendored
View File

@ -1,59 +0,0 @@
// SSH-B1
//
// SSH: accept: src=['kristoffer@dalby.cc'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-B1",
"ssh_section": [
{
"action": "accept",
"src": [
"kristoffer@dalby.cc"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

65
hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson vendored
View File

@ -1,65 +0,0 @@
// SSH-B2
//
// SSH: accept: src=['group:developers'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-B2",
"ssh_section": [
{
"action": "accept",
"src": [
"group:developers"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

59
hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson vendored
View File

@ -1,59 +0,0 @@
// SSH-B3
//
// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-B3",
"ssh_section": [
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.8.15"
},
{
"nodeIP": "fd7a:115c:a1e0::5b37:80f"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

65
hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson vendored
View File

@ -1,65 +0,0 @@
// SSH-B5
//
// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-B5",
"ssh_section": [
{
"action": "accept",
"src": [
"user:*@passkey"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

65
hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson vendored
View File

@ -1,65 +0,0 @@
// SSH-B6
//
// SSH: accept: src=['autogroup:tagged'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-B6",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:tagged"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.8.15"
},
{
"nodeIP": "100.108.74.26"
},
{
"nodeIP": "fd7a:115c:a1e0::5b37:80f"
},
{
"nodeIP": "fd7a:115c:a1e0::b901:4a87"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

99
hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson vendored
View File

@ -1,99 +0,0 @@
// SSH-C1
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-C1",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

71
hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson vendored
View File

@ -1,71 +0,0 @@
// SSH-C2
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-C2",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

59
hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson vendored
View File

@ -1,59 +0,0 @@
// SSH-C3
//
// SSH: accept: src=['kristoffer@dalby.cc'] dst=['kristoffer@dalby.cc'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-C3",
"ssh_section": [
{
"action": "accept",
"src": [
"kristoffer@dalby.cc"
],
"dst": [
"kristoffer@dalby.cc"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

104
hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson vendored
View File

@ -1,104 +0,0 @@
// SSH-C4
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server', 'tag:prod'] users=['root']
//
// Expected: SSH rules on 2 of 5 nodes
{
"test_id": "SSH-C4",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server",
"tag:prod"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
}
}
}

194
hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson vendored
View File

@ -1,194 +0,0 @@
// SSH-D10
//
// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-D10",
"ssh_section": [
{
"action": "accept",
"src": [
"user:*@passkey"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

240
hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson vendored
View File

@ -1,240 +0,0 @@
// SSH-D11
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D11",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"ubuntu"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

240
hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson vendored
View File

@ -1,240 +0,0 @@
// SSH-D12
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D12",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"ubuntu"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "",
"ubuntu": "ubuntu"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

233
hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson vendored
View File

@ -1,233 +0,0 @@
// SSH-D2
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D2",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

234
hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson vendored
View File

@ -1,234 +0,0 @@
// SSH-D3
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D3",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

240
hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson vendored
View File

@ -1,240 +0,0 @@
// SSH-D4
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D4",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

241
hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson vendored
View File

@ -1,241 +0,0 @@
// SSH-D5
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D5",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"root",
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

240
hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson vendored
View File

@ -1,240 +0,0 @@
// SSH-D6
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D6",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

241
hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson vendored
View File

@ -1,241 +0,0 @@
// SSH-D7
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-D7",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey",
"root",
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

137
hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson vendored
View File

@ -1,137 +0,0 @@
// SSH-D8
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-D8",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"localpart:*@passkey"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

138
hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson vendored
View File

@ -1,138 +0,0 @@
// SSH-D9
//
// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey', 'root']
//
// Expected: SSH rules on 3 of 5 nodes
{
"test_id": "SSH-D9",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"localpart:*@passkey",
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

26
hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson vendored
View File

@ -1,26 +0,0 @@
// SSH-E3
//
// SSH: (no SSH rules)
//
// Expected: No SSH rules
{
"test_id": "SSH-E3",
"ssh_section": [],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

26
hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson vendored
View File

@ -1,26 +0,0 @@
// SSH-E4
//
// SSH: (no SSH rules)
//
// Expected: No SSH rules
{
"test_id": "SSH-E4",
"ssh_section": null,
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": []
},
"tagged-prod": {
"rules": []
}
}
}

79
hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson vendored
View File

@ -1,79 +0,0 @@
// SSH-E5
//
// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 2 of 5 nodes
{
"test_id": "SSH-E5",
"ssh_section": [
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.8.15"
},
{
"nodeIP": "fd7a:115c:a1e0::5b37:80f"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.8.15"
},
{
"nodeIP": "fd7a:115c:a1e0::5b37:80f"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
}
}
}

244
hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson vendored
View File

@ -1,244 +0,0 @@
// SSH-E6
//
// SSH: check: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-E6",
"ssh_section": [
{
"action": "check",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
],
"checkPeriod": "1h"
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 3600000000000
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

146
hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson vendored
View File

@ -1,146 +0,0 @@
// SSH-F1
//
// SSH rules:
// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root']
// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-F1",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"root"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

117
hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson vendored
View File

@ -1,117 +0,0 @@
// SSH-F2
//
// SSH rules:
// accept: src=['autogroup:member'] dst=['tag:server'] users=['root']
// check: src=['autogroup:member'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-F2",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
},
{
"action": "check",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER",
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true,
"sessionDuration": 43200000000000
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

278
hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson vendored
View File

@ -1,278 +0,0 @@
// SSH-F3
//
// SSH rules:
// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey']
// accept: src=['autogroup:member'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-F3",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

279
hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson vendored
View File

@ -1,279 +0,0 @@
// SSH-F4
//
// SSH rules:
// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey']
// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-F4",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"autogroup:nonroot"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"*": "=",
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

342
hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson vendored
View File

@ -1,342 +0,0 @@
// SSH-F5
//
// SSH rules:
// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey']
// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey']
//
// Expected: SSH rules on 4 of 5 nodes
{
"test_id": "SSH-F5",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self"
],
"users": [
"localpart:*@passkey"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"localpart:*@passkey"
]
}
],
"nodes": {
"user1": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-kris": {
"rules": [
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"user-mon": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
}
],
"sshUsers": {
"kratail2tid": "kratail2tid"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": ""
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
},
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"monitorpasskeykradalby": "monitorpasskeykradalby"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
}
}
]
},
"tagged-prod": {
"rules": []
}
}
}

79
hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson vendored
View File

@ -1,79 +0,0 @@
// SSH-G1
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-G1",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
],
"acceptEnv": [
"GIT_EDITOR",
"TERM"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
},
"acceptEnv": [
"GIT_EDITOR",
"TERM"
]
}
]
},
"tagged-prod": {
"rules": []
}
}
}

79
hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson vendored
View File

@ -1,79 +0,0 @@
// SSH-G2
//
// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root']
//
// Expected: SSH rules on 1 of 5 nodes
{
"test_id": "SSH-G2",
"ssh_section": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server"
],
"users": [
"root"
],
"acceptEnv": [
"GIT_*",
"CUSTOM_VAR_?"
]
}
],
"nodes": {
"user1": {
"rules": []
},
"user-kris": {
"rules": []
},
"user-mon": {
"rules": []
},
"tagged-server": {
"rules": [
{
"principals": [
{
"nodeIP": "100.103.90.82"
},
{
"nodeIP": "100.110.121.96"
},
{
"nodeIP": "100.90.199.68"
},
{
"nodeIP": "fd7a:115c:a1e0::1737:7960"
},
{
"nodeIP": "fd7a:115c:a1e0::2d01:c747"
},
{
"nodeIP": "fd7a:115c:a1e0::9e37:5a52"
}
],
"sshUsers": {
"root": "root"
},
"action": {
"accept": true,
"allowAgentForwarding": true,
"allowLocalPortForwarding": true,
"allowRemotePortForwarding": true
},
"acceptEnv": [
"GIT_*",
"CUSTOM_VAR_?"
]
}
]
},
"tagged-prod": {
"rules": []
}
}
}