diff --git a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go index 610aa95d..33b24c23 100644 --- a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go @@ -172,6 +172,16 @@ func TestSSHDataCompat(t *testing.T) { "no ssh-*.hujson test files found in testdata/ssh_results/", ) + allHujson, err := filepath.Glob( + filepath.Join("testdata", "ssh_results", "*.hujson"), + ) + require.NoError(t, err, "failed to glob all hujson files") + require.Lenf(t, files, len(allHujson), + "ssh_results/ contains hujson files not picked up by the ssh-*.hujson loader; "+ + "loader sees %d, directory has %d. Stale fixtures should be deleted.", + len(files), len(allHujson), + ) + t.Logf("Loaded %d SSH test files", len(files)) users := setupSSHDataCompatUsers() diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson deleted file mode 100644 index 217c07e1..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson +++ /dev/null @@ -1,99 +0,0 @@ -// SSH-A1 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A1", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson deleted file mode 100644 index 63e1e3d3..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson +++ /dev/null @@ -1,102 +0,0 @@ -// SSH-A2 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['autogroup:nonroot'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson deleted file mode 100644 index 457baed4..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson +++ /dev/null @@ -1,103 +0,0 @@ -// SSH-A3 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root', 'autogroup:nonroot'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A3", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root", - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson deleted file mode 100644 index 5915802e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson +++ /dev/null @@ -1,72 +0,0 @@ -// SSH-A4 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['ubuntu'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-A4", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "ubuntu" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson deleted file mode 100644 index cefbf317..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson +++ /dev/null @@ -1,73 +0,0 @@ -// SSH-A5 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root', 'ubuntu'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-A5", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root", - "ubuntu" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson deleted file mode 100644 index f9dec569..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson +++ /dev/null @@ -1,102 +0,0 @@ -// SSH-A6 -// -// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A6", - "ssh_section": [ - { - "action": "check", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 43200000000000 - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 43200000000000 - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 43200000000000 - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson deleted file mode 100644 index 030bcec3..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson +++ /dev/null @@ -1,103 +0,0 @@ -// SSH-A7 -// -// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A7", - "ssh_section": [ - { - "action": "check", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ], - "checkPeriod": "1h" - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson deleted file mode 100644 index 6217eb68..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson +++ /dev/null @@ -1,103 +0,0 @@ -// SSH-A8 -// -// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-A8", - "ssh_section": [ - { - "action": "check", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ], - "checkPeriod": "always" - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 0 - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 0 - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 0 - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson deleted file mode 100644 index 837ff10c..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson +++ /dev/null @@ -1,59 +0,0 @@ -// SSH-B1 -// -// SSH: accept: src=['kristoffer@dalby.cc'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-B1", - "ssh_section": [ - { - "action": "accept", - "src": [ - "kristoffer@dalby.cc" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson deleted file mode 100644 index f04d1f93..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson +++ /dev/null @@ -1,65 +0,0 @@ -// SSH-B2 -// -// SSH: accept: src=['group:developers'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-B2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "group:developers" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson deleted file mode 100644 index 5e9e435e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson +++ /dev/null @@ -1,59 +0,0 @@ -// SSH-B3 -// -// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-B3", - "ssh_section": [ - { - "action": "accept", - "src": [ - "tag:prod" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.8.15" - }, - { - "nodeIP": "fd7a:115c:a1e0::5b37:80f" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson deleted file mode 100644 index c3e6febe..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson +++ /dev/null @@ -1,65 +0,0 @@ -// SSH-B5 -// -// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-B5", - "ssh_section": [ - { - "action": "accept", - "src": [ - "user:*@passkey" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson deleted file mode 100644 index 9aabaf21..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson +++ /dev/null @@ -1,65 +0,0 @@ -// SSH-B6 -// -// SSH: accept: src=['autogroup:tagged'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-B6", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:tagged" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.8.15" - }, - { - "nodeIP": "100.108.74.26" - }, - { - "nodeIP": "fd7a:115c:a1e0::5b37:80f" - }, - { - "nodeIP": "fd7a:115c:a1e0::b901:4a87" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson deleted file mode 100644 index 579ed814..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson +++ /dev/null @@ -1,99 +0,0 @@ -// SSH-C1 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-C1", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson deleted file mode 100644 index 833818ce..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson +++ /dev/null @@ -1,71 +0,0 @@ -// SSH-C2 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-C2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson deleted file mode 100644 index b1e15207..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson +++ /dev/null @@ -1,59 +0,0 @@ -// SSH-C3 -// -// SSH: accept: src=['kristoffer@dalby.cc'] dst=['kristoffer@dalby.cc'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-C3", - "ssh_section": [ - { - "action": "accept", - "src": [ - "kristoffer@dalby.cc" - ], - "dst": [ - "kristoffer@dalby.cc" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson deleted file mode 100644 index 45f40d6e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson +++ /dev/null @@ -1,104 +0,0 @@ -// SSH-C4 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server', 'tag:prod'] users=['root'] -// -// Expected: SSH rules on 2 of 5 nodes -{ - "test_id": "SSH-C4", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server", - "tag:prod" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson deleted file mode 100644 index 8582932e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson +++ /dev/null @@ -1,194 +0,0 @@ -// SSH-D10 -// -// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-D10", - "ssh_section": [ - { - "action": "accept", - "src": [ - "user:*@passkey" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson deleted file mode 100644 index e052a8f1..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson +++ /dev/null @@ -1,240 +0,0 @@ -// SSH-D11 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D11", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "ubuntu" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson deleted file mode 100644 index 4301cc32..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson +++ /dev/null @@ -1,240 +0,0 @@ -// SSH-D12 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D12", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "ubuntu" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "", - "ubuntu": "ubuntu" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson deleted file mode 100644 index 02681a7d..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson +++ /dev/null @@ -1,233 +0,0 @@ -// SSH-D2 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson deleted file mode 100644 index e54ec97d..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson +++ /dev/null @@ -1,234 +0,0 @@ -// SSH-D3 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D3", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson deleted file mode 100644 index c0cbf935..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson +++ /dev/null @@ -1,240 +0,0 @@ -// SSH-D4 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D4", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson deleted file mode 100644 index 846e5e9a..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson +++ /dev/null @@ -1,241 +0,0 @@ -// SSH-D5 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D5", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "root", - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson deleted file mode 100644 index 39be0be8..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson +++ /dev/null @@ -1,240 +0,0 @@ -// SSH-D6 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D6", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson deleted file mode 100644 index edb0d6c8..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson +++ /dev/null @@ -1,241 +0,0 @@ -// SSH-D7 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-D7", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey", - "root", - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson deleted file mode 100644 index c5dfd4ff..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson +++ /dev/null @@ -1,137 +0,0 @@ -// SSH-D8 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-D8", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "localpart:*@passkey" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson deleted file mode 100644 index 4fbcbce7..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson +++ /dev/null @@ -1,138 +0,0 @@ -// SSH-D9 -// -// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey', 'root'] -// -// Expected: SSH rules on 3 of 5 nodes -{ - "test_id": "SSH-D9", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "localpart:*@passkey", - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson deleted file mode 100644 index e2555bf2..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson +++ /dev/null @@ -1,26 +0,0 @@ -// SSH-E3 -// -// SSH: (no SSH rules) -// -// Expected: No SSH rules -{ - "test_id": "SSH-E3", - "ssh_section": [], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson deleted file mode 100644 index 387078ec..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson +++ /dev/null @@ -1,26 +0,0 @@ -// SSH-E4 -// -// SSH: (no SSH rules) -// -// Expected: No SSH rules -{ - "test_id": "SSH-E4", - "ssh_section": null, - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson deleted file mode 100644 index c8c715c6..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson +++ /dev/null @@ -1,79 +0,0 @@ -// SSH-E5 -// -// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 2 of 5 nodes -{ - "test_id": "SSH-E5", - "ssh_section": [ - { - "action": "accept", - "src": [ - "tag:prod" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.8.15" - }, - { - "nodeIP": "fd7a:115c:a1e0::5b37:80f" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.8.15" - }, - { - "nodeIP": "fd7a:115c:a1e0::5b37:80f" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson deleted file mode 100644 index 35323b40..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson +++ /dev/null @@ -1,244 +0,0 @@ -// SSH-E6 -// -// SSH: check: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-E6", - "ssh_section": [ - { - "action": "check", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ], - "checkPeriod": "1h" - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 3600000000000 - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson deleted file mode 100644 index 264387c2..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson +++ /dev/null @@ -1,146 +0,0 @@ -// SSH-F1 -// -// SSH rules: -// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] -// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-F1", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "root" - ] - }, - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson deleted file mode 100644 index 611ba32e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson +++ /dev/null @@ -1,117 +0,0 @@ -// SSH-F2 -// -// SSH rules: -// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// check: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-F2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - }, - { - "action": "check", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "holdAndDelegate": "unused-server-url/machine/ssh/action/from/$SRC_NODE_ID/to/$DST_NODE_ID?ssh_user=$SSH_USER&local_user=$LOCAL_USER", - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true, - "sessionDuration": 43200000000000 - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson deleted file mode 100644 index d561ee20..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson +++ /dev/null @@ -1,278 +0,0 @@ -// SSH-F3 -// -// SSH rules: -// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] -// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-F3", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - }, - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson deleted file mode 100644 index 407b46f8..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson +++ /dev/null @@ -1,279 +0,0 @@ -// SSH-F4 -// -// SSH rules: -// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] -// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-F4", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - }, - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "autogroup:nonroot" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "*": "=", - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson deleted file mode 100644 index a3cde17e..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson +++ /dev/null @@ -1,342 +0,0 @@ -// SSH-F5 -// -// SSH rules: -// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] -// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] -// -// Expected: SSH rules on 4 of 5 nodes -{ - "test_id": "SSH-F5", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "autogroup:self" - ], - "users": [ - "localpart:*@passkey" - ] - }, - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "localpart:*@passkey" - ] - } - ], - "nodes": { - "user1": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-kris": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "user-mon": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - } - ], - "sshUsers": { - "kratail2tid": "kratail2tid" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - }, - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "monitorpasskeykradalby": "monitorpasskeykradalby" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - } - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson deleted file mode 100644 index 8a3b3731..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson +++ /dev/null @@ -1,79 +0,0 @@ -// SSH-G1 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-G1", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ], - "acceptEnv": [ - "GIT_EDITOR", - "TERM" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - }, - "acceptEnv": [ - "GIT_EDITOR", - "TERM" - ] - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -} diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson b/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson deleted file mode 100644 index 2bf0f272..00000000 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson +++ /dev/null @@ -1,79 +0,0 @@ -// SSH-G2 -// -// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] -// -// Expected: SSH rules on 1 of 5 nodes -{ - "test_id": "SSH-G2", - "ssh_section": [ - { - "action": "accept", - "src": [ - "autogroup:member" - ], - "dst": [ - "tag:server" - ], - "users": [ - "root" - ], - "acceptEnv": [ - "GIT_*", - "CUSTOM_VAR_?" - ] - } - ], - "nodes": { - "user1": { - "rules": [] - }, - "user-kris": { - "rules": [] - }, - "user-mon": { - "rules": [] - }, - "tagged-server": { - "rules": [ - { - "principals": [ - { - "nodeIP": "100.103.90.82" - }, - { - "nodeIP": "100.110.121.96" - }, - { - "nodeIP": "100.90.199.68" - }, - { - "nodeIP": "fd7a:115c:a1e0::1737:7960" - }, - { - "nodeIP": "fd7a:115c:a1e0::2d01:c747" - }, - { - "nodeIP": "fd7a:115c:a1e0::9e37:5a52" - } - ], - "sshUsers": { - "root": "root" - }, - "action": { - "accept": true, - "allowAgentForwarding": true, - "allowLocalPortForwarding": true, - "allowRemotePortForwarding": true - }, - "acceptEnv": [ - "GIT_*", - "CUSTOM_VAR_?" - ] - } - ] - }, - "tagged-prod": { - "rules": [] - } - } -}