| 57 | ) |
| 58 | |
| 59 | func TestMatchRule(t *testing.T) { |
| 60 | someAction := new(tailcfg.SSHAction) |
| 61 | tests := []struct { |
| 62 | name string |
| 63 | rule *tailcfg.SSHRule |
| 64 | ci *sshConnInfo |
| 65 | wantErr error |
| 66 | wantUser string |
| 67 | wantAcceptEnv []string |
| 68 | }{ |
| 69 | { |
| 70 | name: "invalid-conn", |
| 71 | rule: &tailcfg.SSHRule{ |
| 72 | Action: someAction, |
| 73 | Principals: []*tailcfg.SSHPrincipal{{Any: true}}, |
| 74 | SSHUsers: map[string]string{ |
| 75 | "*": "ubuntu", |
| 76 | }, |
| 77 | }, |
| 78 | wantErr: errInvalidConn, |
| 79 | }, |
| 80 | { |
| 81 | name: "nil-rule", |
| 82 | ci: &sshConnInfo{}, |
| 83 | rule: nil, |
| 84 | wantErr: errNilRule, |
| 85 | }, |
| 86 | { |
| 87 | name: "nil-action", |
| 88 | ci: &sshConnInfo{}, |
| 89 | rule: &tailcfg.SSHRule{}, |
| 90 | wantErr: errNilAction, |
| 91 | }, |
| 92 | { |
| 93 | name: "expired", |
| 94 | rule: &tailcfg.SSHRule{ |
| 95 | Action: someAction, |
| 96 | RuleExpires: new(time.Unix(100, 0)), |
| 97 | }, |
| 98 | ci: &sshConnInfo{}, |
| 99 | wantErr: errRuleExpired, |
| 100 | }, |
| 101 | { |
| 102 | name: "no-principal", |
| 103 | rule: &tailcfg.SSHRule{ |
| 104 | Action: someAction, |
| 105 | SSHUsers: map[string]string{ |
| 106 | "*": "ubuntu", |
| 107 | }}, |
| 108 | ci: &sshConnInfo{}, |
| 109 | wantErr: errPrincipalMatch, |
| 110 | }, |
| 111 | { |
| 112 | name: "no-user-match", |
| 113 | rule: &tailcfg.SSHRule{ |
| 114 | Action: someAction, |
| 115 | Principals: []*tailcfg.SSHPrincipal{{Any: true}}, |
| 116 | }, |