MCPcopy
hub / github.com/juanfont/headscale / TestSSHCheckModeNegativeCLI

Function TestSSHCheckModeNegativeCLI

integration/ssh_test.go:1351–1399  ·  view source on GitHub ↗

TestSSHCheckModeNegativeCLI verifies that `headscale auth reject` properly denies an SSH check.

(t *testing.T)

Source from the content-addressed store, hash-verified

1349// TestSSHCheckModeNegativeCLI verifies that `headscale auth reject`
1350// properly denies an SSH check.
1351func TestSSHCheckModeNegativeCLI(t *testing.T) {
1352 IntegrationSkip(t)
1353
1354 scenario := sshScenario(t, sshCheckPolicy(), "ssh-negcli", 1)
1355 defer scenario.ShutdownAssertNoPanics(t)
1356
1357 allClients, err := scenario.ListTailscaleClients()
1358 requireNoErrListClients(t, err)
1359
1360 user1Clients, err := scenario.ListTailscaleClients("user1")
1361 requireNoErrListClients(t, err)
1362
1363 headscale, err := scenario.Headscale()
1364 require.NoError(t, err)
1365
1366 err = scenario.WaitForTailscaleSync()
1367 requireNoErrSync(t, err)
1368
1369 _, err = scenario.ListTailscaleClientsFQDNs()
1370 requireNoErrListFQDN(t, err)
1371
1372 for _, client := range user1Clients {
1373 for _, peer := range allClients {
1374 if client.Hostname() == peer.Hostname() {
1375 continue
1376 }
1377
1378 sshResult := doSSHCheck(t, client, peer)
1379 authID := findSSHCheckAuthID(t, headscale)
1380
1381 // Reject via CLI
1382 _, err := headscale.Execute(
1383 []string{
1384 "headscale", "auth", "reject",
1385 "--auth-id", authID,
1386 },
1387 )
1388 require.NoError(t, err)
1389
1390 select {
1391 case result := <-sshResult:
1392 require.Error(t, result.err, "SSH should be rejected")
1393 assert.Empty(t, result.stdout, "no command output expected on rejection")
1394 case <-time.After(30 * time.Second):
1395 t.Fatal("SSH did not complete after auth rejection")
1396 }
1397 }
1398 }
1399}
1400
1401// TestSSHLocalpart tests that SSH with localpart:*@<domain> works correctly.
1402// localpart maps the local-part of each user's OIDC email to an OS user,

Callers

nothing calls this directly

Calls 15

IntegrationSkipFunction · 0.85
sshScenarioFunction · 0.85
sshCheckPolicyFunction · 0.85
requireNoErrListClientsFunction · 0.85
requireNoErrSyncFunction · 0.85
requireNoErrListFQDNFunction · 0.85
doSSHCheckFunction · 0.85
findSSHCheckAuthIDFunction · 0.85
ListTailscaleClientsMethod · 0.80
HeadscaleMethod · 0.80
WaitForTailscaleSyncMethod · 0.80

Tested by

no test coverage detected