eliott/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale synced 2026-04-25 17:15:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

testdata: add SaaS captures for compat tests

Browse Source 
Golden captures of SaaS filter-rules and netmaps across the ACL,
grant, routes, and SSH corpora. These back the data-driven compat tests
that verify headscale's policy output against Tailscale SaaS verbatim.

Updates #3157
This commit is contained in:
Kristoffer Dalby
2026-04-15 08:31:58 +00:00
parent 813eb2d733
commit f49c42e716
1199 changed files with 8873302 additions and 127319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson vendored
View File

@@ -1,258 +0,0 @@
// ACL-A01
//
// ACL: accept: src=['autogroup:member'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

290
hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson vendored
View File

@@ -1,290 +0,0 @@
// ACL-A02
//
// ACL: accept: src=['autogroup:tagged'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

128
hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson vendored
View File

@@ -1,128 +0,0 @@
// ACL-A03
//
// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-A03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

167
hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson vendored
View File

@@ -1,167 +0,0 @@
// ACL-A04
//
// ACL: accept: src=['*'] dst=['autogroup:self:*']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

98
hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson vendored
View File

@@ -1,98 +0,0 @@
// ACL-A05
//
// ACL: accept: src=['*'] dst=['autogroup:internet:*']
//
// Expected: No filter rules
{
"test_id": "ACL-A05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

173
hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson vendored
View File

@@ -1,173 +0,0 @@
// ACL-A06
//
// ACL: accept: src=['*'] dst=['autogroup:member:*']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:member:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

193
hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson vendored
View File

@@ -1,193 +0,0 @@
// ACL-A07
//
// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22']
//
// Expected: Rules on tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-A07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*",
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

223
hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson vendored
View File

@@ -1,223 +0,0 @@
// ACL-A08
//
// ACL: accept: src=['*'] dst=['autogroup:tagged:*']
//
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-A08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:tagged:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

167
hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson vendored
View File

@@ -1,167 +0,0 @@
// ACL-A09
//
// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:*']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A09",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-A10
//
// ACL: accept: src=['kratail2tid@passkey'] dst=['autogroup:self:*']
//
// Expected: Rules on user1
{
"test_id": "ACL-A10",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kratail2tid@passkey"
],
"dst": [
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-A11
//
// ACL: accept: src=['group:admins'] dst=['autogroup:self:*']
//
// Expected: Rules on user1
{
"test_id": "ACL-A11",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:admins"
],
"dst": [
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

167
hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson vendored
View File

@@ -1,167 +0,0 @@
// ACL-A12
//
// ACL: accept: src=['*'] dst=['autogroup:self:22']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A12",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

167
hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson vendored
View File

@@ -1,167 +0,0 @@
// ACL-A13
//
// ACL: accept: src=['*'] dst=['autogroup:self:80-443']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A13",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:80-443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
}
}
}

251
hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson vendored
View File

@@ -1,251 +0,0 @@
// ACL-A14
//
// ACL: accept: src=['*'] dst=['autogroup:self:22,80,443']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A14",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:22,80,443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.110.121.96",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.103.90.82",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
}
}
}

339
hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson vendored
View File

@@ -1,339 +0,0 @@
// ACL-A15
//
// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A15",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

136
hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson vendored
View File

@@ -1,136 +0,0 @@
// ACL-A16
//
// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-A16",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

266
hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson vendored
View File

@@ -1,266 +0,0 @@
// ACL-A17
//
// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22', 'autogroup:member:80']
//
// Expected: Rules on tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-A17",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*",
"tag:server:22",
"autogroup:member:80"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson vendored
View File

@@ -1,227 +0,0 @@
// ACL-AH01
//
// ACL: accept: src=['internal', 'subnet24'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-AH01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"internal",
"subnet24"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

122
hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson vendored
View File

@@ -1,122 +0,0 @@
// ACL-AH02
//
// ACL: accept: src=['internal', '100.108.74.26'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AH02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"internal",
"100.108.74.26"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"100.108.74.26"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

143
hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson vendored
View File

@@ -1,143 +0,0 @@
// ACL-AH03
//
// ACL: accept: src=['*'] dst=['internal:22', 'subnet24:80', 'tag:server:443']
//
// Expected: Rules on subnet-router, tagged-server
{
"test_id": "ACL-AH03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"internal:22",
"subnet24:80",
"tag:server:443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-AH04
//
// ACL: accept: src=['internal', '10.0.0.0/8'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AH04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"internal",
"10.0.0.0/8"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-AH05
//
// ACL: accept: src=['*'] dst=['internal:22']
//
// Expected: Rules on subnet-router
{
"test_id": "ACL-AH05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"internal:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-AH06
//
// ACL: accept: src=['*'] dst=['10.0.0.0/8:22']
//
// Expected: Rules on subnet-router
{
"test_id": "ACL-AH06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"10.0.0.0/8:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

160
hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson vendored
View File

@@ -1,160 +0,0 @@
// ACL-AR01
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:server:80,443']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:80,443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

198
hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson vendored
View File

@@ -1,198 +0,0 @@
// ACL-AR02
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:server:80,443']
// accept: src=['*'] dst=['tag:server:53'] proto=udp
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:80,443"
]
},
{
"action": "accept",
"src": [
"*"
],
"proto": "udp",
"dst": [
"tag:server:53"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 53,
"Last": 53
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 53,
"Last": 53
}
}
],
"IPProto": [
17
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

170
hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson vendored
View File

@@ -1,170 +0,0 @@
// ACL-AR03
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:server:80']
// accept: src=['tag:client'] dst=['tag:server:443']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

186
hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson vendored
View File

@@ -1,186 +0,0 @@
// ACL-AR04
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:prod'] dst=['tag:server:22']
// accept: src=['tag:router'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:router"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

202
hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson vendored
View File

@@ -1,202 +0,0 @@
// ACL-AR05
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:server:80']
// accept: src=['tag:prod'] dst=['tag:server:22']
// accept: src=['tag:prod'] dst=['tag:server:443']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server:443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

156
hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson vendored
View File

@@ -1,156 +0,0 @@
// ACL-AR06
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['*'] dst=['tag:server:80']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:80"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

294
hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson vendored
View File

@@ -1,294 +0,0 @@
// ACL-AT01
//
// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-AT01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:server",
"tag:client",
"tag:prod",
"tag:router",
"tag:exit"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson vendored
View File

@@ -1,227 +0,0 @@
// ACL-AT02
//
// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:client:22', 'tag:prod:22', 'tag:router:22', 'tag:exit:22']
//
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-AT02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:client:22",
"tag:prod:22",
"tag:router:22",
"tag:exit:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

195
hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson vendored
View File

@@ -1,195 +0,0 @@
// ACL-AT03
//
// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['autogroup:member:22']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-AT03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:server",
"tag:client",
"tag:prod",
"tag:router",
"tag:exit"
],
"dst": [
"autogroup:member:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

166
hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson vendored
View File

@@ -1,166 +0,0 @@
// ACL-AT04
//
// ACLs:
// accept: src=['autogroup:tagged'] dst=['tag:server:22']
// accept: src=['autogroup:member'] dst=['tag:server:80']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AT04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:tagged"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server:80"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

155
hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson vendored
View File

@@ -1,155 +0,0 @@
// ACL-AT05
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:server'] dst=['tag:client:22']
//
// Expected: Rules on tagged-client, tagged-server
{
"test_id": "ACL-AT05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:server"
],
"dst": [
"tag:client:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

220
hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson vendored
View File

@@ -1,220 +0,0 @@
// ACL-AT06
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:server'] dst=['tag:prod:5432']
// accept: src=['tag:prod'] dst=['tag:client:80']
// accept: src=['tag:client'] dst=['tag:prod:443']
//
// Expected: Rules on tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-AT06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:client:80"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:prod:443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-AU01
//
// ACL: accept: src=['kristoffer@dalby.cc'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AU01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kristoffer@dalby.cc"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-AU02
//
// ACL: accept: src=['monitorpasskeykradalby@passkey'] dst=['tag:prod:5432']
//
// Expected: Rules on tagged-prod
{
"test_id": "ACL-AU02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"monitorpasskeykradalby@passkey"
],
"dst": [
"tag:prod:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

149
hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson vendored
View File

@@ -1,149 +0,0 @@
// ACL-AU03
//
// ACL: accept: src=['group:developers'] dst=['tag:server:22', 'tag:prod:5432']
//
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-AU03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:developers"
],
"dst": [
"tag:server:22",
"tag:prod:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

148
hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson vendored
View File

@@ -1,148 +0,0 @@
// ACL-AU04
//
// ACL: accept: src=['*'] dst=['group:developers:22']
//
// Expected: Rules on user-kris, user1
{
"test_id": "ACL-AU04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"group:developers:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-AU05
//
// ACL: accept: src=['*'] dst=['group:monitors:*']
//
// Expected: Rules on user-mon
{
"test_id": "ACL-AU05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"group:monitors:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": null
}
}
}

127
hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson vendored
View File

@@ -1,127 +0,0 @@
// ACL-AU06
//
// ACL: accept: src=['group:admins', 'group:developers', 'group:monitors'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-AU06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:admins",
"group:developers",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

193
hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson vendored
View File

@@ -1,193 +0,0 @@
// ACL-C01
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['autogroup:member'] dst=['tag:server:80']
// accept: src=['*'] dst=['tag:prod:5432']
//
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-C01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:prod:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

194
hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson vendored
View File

@@ -1,194 +0,0 @@
// ACL-C02
//
// ACLs:
// accept: src=['tag:client', 'autogroup:member'] dst=['tag:server:22']
// accept: src=['tag:prod'] dst=['tag:server:80']
// accept: src=['group:admins'] dst=['tag:prod:5432']
//
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-C02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client",
"autogroup:member"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:prod"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": [
"group:admins"
],
"dst": [
"tag:prod:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

233
hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson vendored
View File

@@ -1,233 +0,0 @@
// ACL-C03
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80']
// accept: src=['autogroup:member'] dst=['autogroup:self:*']
//
// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
"webserver:80"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

244
hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson vendored
View File

@@ -1,244 +0,0 @@
// ACL-C04
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:server'] dst=['tag:prod:5432']
// accept: src=['autogroup:member'] dst=['autogroup:self:*']
// accept: src=['*'] dst=['autogroup:internet:*']
//
// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

370
hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson vendored
View File

@@ -1,370 +0,0 @@
// ACL-C05
//
// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432', 'tag:client:80', 'tag:router:*', 'tag:exit:*', 'autogroup:member:443', 'autogroup:self:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-C05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
"tag:client:80",
"tag:router:*",
"tag:exit:*",
"autogroup:member:443",
"autogroup:self:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 443,
"Last": 443
}
}
]
},
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

135
hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson vendored
View File

@@ -1,135 +0,0 @@
// ACL-C06
//
// ACL: accept: src=['tag:client', 'tag:prod', 'tag:server', 'autogroup:member', 'group:admins'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-C06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client",
"tag:prod",
"tag:server",
"autogroup:member",
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

194
hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson vendored
View File

@@ -1,194 +0,0 @@
// ACL-C07
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:server:80']
// accept: src=['tag:client'] dst=['tag:server:443']
// accept: src=['tag:client'] dst=['tag:server:8080']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-C07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:443"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:8080"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson vendored
View File

@@ -1,227 +0,0 @@
// ACL-C08
//
// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:22', 'tag:client:22', 'tag:router:22', 'tag:exit:22']
//
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-C08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:prod:22",
"tag:client:22",
"tag:router:22",
"tag:exit:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

309
hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson vendored
View File

@@ -1,309 +0,0 @@
// ACL-C09
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['tag:client'] dst=['tag:prod:22']
// accept: src=['tag:server'] dst=['tag:prod:5432']
// ... (6 rules total)
//
// Expected: Rules on subnet-router, tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C09",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:prod:22"
]
},
{
"action": "accept",
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"group:developers"
],
"dst": [
"tag:router:*"
]
},
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

396
hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson vendored
View File

@@ -1,396 +0,0 @@
// ACL-C10
//
// ACLs:
// accept: src=['autogroup:member'] dst=['autogroup:self:*']
// accept: src=['autogroup:member'] dst=['tag:server:22', 'tag:prod:5432']
// accept: src=['autogroup:tagged'] dst=['autogroup:tagged:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-C10",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"autogroup:member"
],
"dst": [
"tag:server:22",
"tag:prod:5432"
]
},
{
"action": "accept",
"src": [
"autogroup:tagged"
],
"dst": [
"autogroup:tagged:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.85.66.106",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::7c37:426a",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.92.142.61",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::3e37:8e3d",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"100.103.8.15",
"100.108.74.26",
"100.83.200.69",
"100.85.66.106",
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

156
hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson vendored
View File

@@ -1,156 +0,0 @@
// ACL-D01
//
// ACLs:
// accept: src=['tag:client'] dst=['tag:server:22']
// accept: src=['*'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-D01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
},
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

129
hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson vendored
View File

@@ -1,129 +0,0 @@
// ACL-D02
//
// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'webserver:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-D02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"webserver:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

227
hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson vendored
View File

@@ -1,227 +0,0 @@
// ACL-D03
//
// ACL: accept: src=['100.108.74.26', 'tag:server'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"100.108.74.26",
"tag:server"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

219
hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson vendored
View File

@@ -1,219 +0,0 @@
// ACL-D04
//
// ACL: accept: src=['100.108.74.26', 'webserver'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"100.108.74.26",
"webserver"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

131
hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson vendored
View File

@@ -1,131 +0,0 @@
// ACL-D05
//
// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-D05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"100.108.74.26:22",
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

124
hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson vendored
View File

@@ -1,124 +0,0 @@
// ACL-D06
//
// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'webserver:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-D06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"100.108.74.26:22",
"webserver:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

339
hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson vendored
View File

@@ -1,339 +0,0 @@
// ACL-D07
//
// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

192
hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson vendored
View File

@@ -1,192 +0,0 @@
// ACL-D08
//
// ACLs:
// accept: src=['*'] dst=['autogroup:self:*']
// accept: src=['kratail2tid@passkey'] dst=['kratail2tid@passkey:*']
//
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-D08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"kratail2tid@passkey"
],
"dst": [
"kratail2tid@passkey:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::1737:7960",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::9e37:5a52",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 0,
"Last": 65535
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

218
hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson vendored
View File

@@ -1,218 +0,0 @@
// ACL-E01
//
// ACL: accept: src=['100.108.74.26'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"100.108.74.26"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

226
hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson vendored
View File

@@ -1,226 +0,0 @@
// ACL-E02
//
// ACL: accept: src=['tag:server'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:server"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

218
hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson vendored
View File

@@ -1,218 +0,0 @@
// ACL-E03
//
// ACL: accept: src=['webserver'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"webserver"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-E04
//
// ACL: accept: src=['*'] dst=['100.108.74.26:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"100.108.74.26:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-E05
//
// ACL: accept: src=['*'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-E06
//
// ACL: accept: src=['*'] dst=['webserver:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"webserver:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-E07
//
// ACL: accept: src=['kratail2tid@passkey'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kratail2tid@passkey"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

121
hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson vendored
View File

@@ -1,121 +0,0 @@
// ACL-E08
//
// ACL: accept: src=['group:admins'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

122
hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson vendored
View File

@@ -1,122 +0,0 @@
// ACL-E09
//
// ACL: accept: src=['kratail2tid@passkey', 'group:admins'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-E09",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kratail2tid@passkey",
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR01
//
// ACL: accept: src=['tag:nonexistent'] dst=['tag:server:22']
//
// Expected: Error — src=tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR01",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:nonexistent"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_response_body": {
"message": "src=tag not found: \"tag:nonexistent\""
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR02
//
// ACL: accept: src=['autogroup:self'] dst=['tag:server:22']
//
// Expected: Error — "autogroup:self" not valid on the src side of a rule
{
"test_id": "ACL-ERR02",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:self"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_response_body": {
"message": "\"autogroup:self\" not valid on the src side of a rule"
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR03
//
// ACL: accept: src=['*'] dst=['autogroup:self']
//
// Expected: Error — dst="autogroup:self": port range "self": invalid first integer
{
"test_id": "ACL-ERR03",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self"
]
}
]
},
"api_response_body": {
"message": "dst=\"autogroup:self\": port range \"self\": invalid first integer"
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR04
//
// ACL: accept: src=['tag:nonexistent'] dst=['*:*']
//
// Expected: Error — src=tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR04",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:nonexistent"
],
"dst": [
"*:*"
]
}
]
},
"api_response_body": {
"message": "src=tag not found: \"tag:nonexistent\""
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR05
//
// ACL: accept: src=['*'] dst=['tag:nonexistent:22']
//
// Expected: Error — dst="tag:nonexistent": tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR05",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:nonexistent:22"
]
}
]
},
"api_response_body": {
"message": "dst=\"tag:nonexistent\": tag not found: \"tag:nonexistent\""
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR06
//
// ACL: deny: src=['tag:client'] dst=['tag:server:22']
//
// Expected: Error — action="deny" is not supported
{
"test_id": "ACL-ERR06",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "deny",
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_response_body": {
"message": "action=\"deny\" is not supported"
}
}
}

76
hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson vendored
View File

@@ -1,76 +0,0 @@
// ACL-ERR07
//
// ACL: accept: src=['*'] dst=['tag:server:ssh']
//
// Expected: Error — dst="tag:server:ssh": port range "ssh": invalid first integer
{
"test_id": "ACL-ERR07",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:ssh"
]
}
]
},
"api_response_body": {
"message": "dst=\"tag:server:ssh\": port range \"ssh\": invalid first integer"
}
}
}

87
hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson vendored
View File

@@ -1,87 +0,0 @@
// ACL-ERR08
//
// ACLs:
// accept: src=['*'] dst=['autogroup:self:*']
// accept: src=['tag:client'] dst=['autogroup:self:22']
//
// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups
{
"test_id": "ACL-ERR08",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"autogroup:self:22"
]
}
]
},
"api_response_body": {
"message": "autogroup:self can only be used with users, groups, or supported autogroups"
}
}
}

87
hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson vendored
View File

@@ -1,87 +0,0 @@
// ACL-ERR09
//
// ACLs:
// accept: src=['*'] dst=['autogroup:self:*']
// accept: src=['autogroup:tagged'] dst=['autogroup:self:22']
//
// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups
{
"test_id": "ACL-ERR09",
"error": true,
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": [
"autogroup:tagged"
],
"dst": [
"autogroup:self:22"
]
}
]
},
"api_response_body": {
"message": "autogroup:self can only be used with users, groups, or supported autogroups"
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-H01
//
// ACL: accept: src=['*'] dst=['webserver:80']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-H01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"webserver:80"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

218
hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson vendored
View File

@@ -1,218 +0,0 @@
// ACL-H02
//
// ACL: accept: src=['webserver'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-H02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"webserver"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

120
hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson vendored
View File

@@ -1,120 +0,0 @@
// ACL-H03
//
// ACL: accept: src=['internal'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-H03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"internal"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

116
hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson vendored
View File

@@ -1,116 +0,0 @@
// ACL-H04
//
// ACL: accept: src=['*'] dst=['internal:22']
//
// Expected: Rules on subnet-router
{
"test_id": "ACL-H04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"internal:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "10.0.0.0/8",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

135
hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson vendored
View File

@@ -1,135 +0,0 @@
// ACL-H05
//
// ACL: accept: src=['*'] dst=['webserver:22', 'prodbox:5432']
//
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-H05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"webserver:22",
"prodbox:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-H06
//
// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-H06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"webserver",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

114
hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson vendored
View File

@@ -1,114 +0,0 @@
// ACL-H07
//
// ACL: accept: src=['group:admins'] dst=['webserver:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-H07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:admins"
],
"dst": [
"webserver:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

98
hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson vendored
View File

@@ -1,98 +0,0 @@
// ACL-H08
//
// ACL: accept: src=['*'] dst=['subnet24:80']
//
// Expected: No filter rules
{
"test_id": "ACL-H08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"subnet24:80"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

145
hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson vendored
View File

@@ -1,145 +0,0 @@
// ACL-K01
//
// ACL: accept: src=['*', 'autogroup:member', 'autogroup:tagged', 'group:admins', 'tag:client', 'webserver', '100.90.199.68'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-K01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*",
"autogroup:member",
"autogroup:tagged",
"group:admins",
"tag:client",
"webserver",
"100.90.199.68"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::/48",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

208
hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson vendored
View File

@@ -1,208 +0,0 @@
// ACL-K02
//
// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80', 'prodbox:443', 'group:admins:8080', 'kratail2tid@passkey:3000', '100.108.74.26:9000']
//
// Expected: Rules on tagged-prod, tagged-server, user1
{
"test_id": "ACL-K02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
"webserver:80",
"prodbox:443",
"group:admins:8080",
"kratail2tid@passkey:3000",
"100.108.74.26:9000"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 9000,
"Last": 9000
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 3000,
"Last": 3000
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 3000,
"Last": 3000
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
}
}
}

347
hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson vendored
View File

@@ -1,347 +0,0 @@
// ACL-K03
//
// ACL: accept: src=['autogroup:member', 'autogroup:tagged', 'group:admins', 'group:developers', 'kratail2tid@passkey', 'tag:client', 'tag:prod', 'tag:server', 'webserver', 'prodbox'] dst=['*:*']
//
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-K03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"autogroup:tagged",
"group:admins",
"group:developers",
"kratail2tid@passkey",
"tag:client",
"tag:prod",
"tag:server",
"webserver",
"prodbox"
],
"dst": [
"*:*"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.108.74.26",
"100.110.121.96",
"100.83.200.69",
"100.85.66.106",
"100.90.199.68",
"100.92.142.61",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::3e37:8e3d",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::7c37:426a",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::b901:4a87",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "*",
"Ports": {
"First": 0,
"Last": 65535
}
}
]
}
]
}
}
}

251
hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson vendored
View File

@@ -1,251 +0,0 @@
// ACL-K04
//
// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:server:80', 'tag:server:443', 'tag:prod:5432', 'tag:prod:3306', 'tag:client:80', 'tag:client:443', 'webserver:8080', 'prodbox:8080']
//
// Expected: Rules on tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-K04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:server:80",
"tag:server:443",
"tag:prod:5432",
"tag:prod:3306",
"tag:client:80",
"tag:client:443",
"webserver:8080",
"prodbox:8080"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.83.200.69",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.83.200.69",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::c537:c845",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "100.103.8.15",
"Ports": {
"First": 3306,
"Last": 3306
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 3306,
"Last": 3306
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"fd7a:115c:a1e0::/48"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

198
hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson vendored
View File

@@ -1,198 +0,0 @@
// ACL-K05
//
// ACL: accept: src=['autogroup:member', 'group:admins', 'kratail2tid@passkey', 'tag:client', 'tag:prod', '100.83.200.69', '100.103.8.15'] dst=['tag:server:22', 'webserver:80', '100.108.74.26:443', 'group:admins:8080', 'kratail2tid@passkey:9000']
//
// Expected: Rules on tagged-server, user1
{
"test_id": "ACL-K05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"group:admins",
"kratail2tid@passkey",
"tag:client",
"tag:prod",
"100.83.200.69",
"100.103.8.15"
],
"dst": [
"tag:server:22",
"webserver:80",
"100.108.74.26:443",
"group:admins:8080",
"kratail2tid@passkey:9000"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.8.15",
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::5b37:80f",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",
"Ports": {
"First": 9000,
"Last": 9000
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 9000,
"Last": 9000
}
},
{
"IP": "100.90.199.68",
"Ports": {
"First": 8080,
"Last": 8080
}
},
{
"IP": "fd7a:115c:a1e0::2d01:c747",
"Ports": {
"First": 8080,
"Last": 8080
}
}
]
}
]
}
}
}

127
hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson vendored
View File

@@ -1,127 +0,0 @@
// ACL-M01
//
// ACL: accept: src=['kratail2tid@passkey', 'tag:client', 'group:monitors'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M01",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kratail2tid@passkey",
"tag:client",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-M02
//
// ACL: accept: src=['100.90.199.68', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M02",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"100.90.199.68",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-M03
//
// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:prod:5432']
//
// Expected: Rules on tagged-prod
{
"test_id": "ACL-M03",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"webserver",
"tag:client"
],
"dst": [
"tag:prod:5432"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.108.74.26",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
"Ports": {
"First": 5432,
"Last": 5432
}
},
{
"IP": "fd7a:115c:a1e0::5b37:80f",
"Ports": {
"First": 5432,
"Last": 5432
}
}
]
}
]
},
"tagged-server": {
"packet_filter_rules": null
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

124
hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson vendored
View File

@@ -1,124 +0,0 @@
// ACL-M04
//
// ACL: accept: src=['group:admins', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M04",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"group:admins",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

124
hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson vendored
View File

@@ -1,124 +0,0 @@
// ACL-M05
//
// ACL: accept: src=['kratail2tid@passkey', 'group:monitors'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M05",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"kratail2tid@passkey",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

126
hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson vendored
View File

@@ -1,126 +0,0 @@
// ACL-M06
//
// ACL: accept: src=['*', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M06",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"*",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.33.0.0/16",
"100.115.94.0-100.127.255.255",
"100.64.0.0-100.115.91.255",
"100.83.200.69",
"fd7a:115c:a1e0::/48",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

156
hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson vendored
View File

@@ -1,156 +0,0 @@
// ACL-M07
//
// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22,80,443']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M07",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:22,80,443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "100.108.74.26",
"Ports": {
"First": 443,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 80
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 443,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

128
hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson vendored
View File

@@ -1,128 +0,0 @@
// ACL-M08
//
// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:80-443']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M08",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:80-443"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.103.90.82",
"100.110.121.96",
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 80,
"Last": 443
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 80,
"Last": 443
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-M09
//
// ACL: accept: src=['tag:client', 'internal'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M09",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"tag:client",
"internal"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"10.0.0.0/8",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

123
hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson vendored
View File

@@ -1,123 +0,0 @@
// ACL-M10
//
// ACL: accept: src=['100.92.142.61', 'tag:client'] dst=['tag:server:22']
//
// Expected: Rules on tagged-server
{
"test_id": "ACL-M10",
"input": {
"full_policy": {
"groups": {
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
"prodbox": "100.103.8.15",
"internal": "10.0.0.0/8",
"subnet24": "192.168.1.0/24"
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": [
"100.92.142.61",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
}
},
"captures": {
"exit-node": {
"packet_filter_rules": null
},
"subnet-router": {
"packet_filter_rules": null
},
"tagged-client": {
"packet_filter_rules": null
},
"tagged-prod": {
"packet_filter_rules": null
},
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": [
"100.83.200.69",
"100.92.142.61",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
"Ports": {
"First": 22,
"Last": 22
}
},
{
"IP": "fd7a:115c:a1e0::b901:4a87",
"Ports": {
"First": 22,
"Last": 22
}
}
]
}
]
},
"user-kris": {
"packet_filter_rules": null
},
"user-mon": {
"packet_filter_rules": null
},
"user1": {
"packet_filter_rules": null
}
}
}

Some files were not shown because too many files have changed in this diff Show More