1
0
mirror of https://github.com/juanfont/headscale.git synced 2025-08-14 13:51:01 +02:00

integration: add some godoc

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2025-07-26 08:34:03 +02:00
parent a98d9bd05f
commit 7702861a7e
No known key found for this signature in database
6 changed files with 126 additions and 5 deletions

View File

@ -16,6 +16,16 @@ import (
"github.com/stretchr/testify/require"
)
// TestAuthKeyLogoutAndReloginSameUser tests the scenario where a set of nodes
// are logged out and then logged back in as the same user. This test ensures
// that the nodes can successfully re-authenticate and that their IP addresses
// remain the same after re-login.
//
// The test sets up a scenario with two users, each with a set of nodes. It
// then logs out all nodes, and then logs them back in using a new pre-
// authenticated key for the same user. The test verifies that the node count
// remains the same and that the nodes can still ping each other after re-
// login.
func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
IntegrationSkip(t)
@ -174,10 +184,15 @@ func assertLastSeenSet(t *testing.T, node *v1.Node) {
assert.NotNil(t, node.GetLastSeen())
}
// This test will first log in two sets of nodes to two sets of users, then
// it will log out all users from user2 and log them in as user1.
// This should leave us with all nodes connected to user1, while user2
// still has nodes, but they are not connected.
// TestAuthKeyLogoutAndReloginNewUser tests the scenario where a set of nodes
// are logged out from one user and then logged back in as a different user.
// This test ensures that the nodes are correctly associated with the new user
// and that the old user's nodes are no longer connected.
//
// The test sets up a scenario with two users, each with a set of nodes. It
// then logs out all nodes and logs them all back in as user1. The test
// verifies that all nodes are now associated with user1, and that user2 has
// no connected nodes.
func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
IntegrationSkip(t)
@ -268,6 +283,14 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
}
}
// TestAuthKeyLogoutAndReloginSameUserExpiredKey tests that a node cannot log
// back in with an expired pre-authenticated key.
//
// The test sets up a scenario with two users and their nodes. It then logs
// out all nodes, creates a new pre-authenticated key for each user, and then
// expires the key. The test then attempts to log the nodes back in with the
// expired key and verifies that the authentication fails with the expected
// error message.
func TestAuthKeyLogoutAndReloginSameUserExpiredKey(t *testing.T) {
IntegrationSkip(t)

View File

@ -17,6 +17,14 @@ import (
"github.com/stretchr/testify/assert"
)
// TestOIDCAuthenticationPingAll tests the OIDC authentication flow and verifies
// that all nodes can ping each other after successful authentication.
//
// This test sets up a scenario with two users and their corresponding nodes.
// It configures Headscale with an OIDC provider and then simulates the OIDC
// login flow for each node. After the nodes are authenticated, it checks that
// they can all ping each other, ensuring that the OIDC authentication is
// working correctly and that the nodes are properly connected to the network.
func TestOIDCAuthenticationPingAll(t *testing.T) {
IntegrationSkip(t)
@ -113,7 +121,14 @@ func TestOIDCAuthenticationPingAll(t *testing.T) {
}
}
// This test is really flaky.
// TestOIDCExpireNodesBasedOnTokenExpiry tests that nodes are automatically
// expired when their OIDC token expires.
//
// This test sets up a scenario with a short OIDC token expiry time. It then
// authenticates the nodes and verifies that they can communicate. After waiting
// for the token to expire, it checks that the nodes are logged out and can no
// longer communicate, ensuring that the token expiry mechanism is working as
// expected.
func TestOIDCExpireNodesBasedOnTokenExpiry(t *testing.T) {
IntegrationSkip(t)
@ -179,6 +194,15 @@ func TestOIDCExpireNodesBasedOnTokenExpiry(t *testing.T) {
}, shortAccessTTL+10*time.Second, 5*time.Second)
}
// TestOIDC024UserCreation tests the user creation process when using OIDC
// authentication, covering different scenarios of user migration and email
// verification.
//
// This is a table-driven test that sets up various scenarios with different
// OIDC configurations, such as whether the email is verified and whether the
// domain is stripped from the username. It then verifies that the users are
// created correctly in Headscale with the expected properties, ensuring that
// the user creation and migration logic is working as intended.
func TestOIDC024UserCreation(t *testing.T) {
IntegrationSkip(t)
@ -346,6 +370,13 @@ func TestOIDC024UserCreation(t *testing.T) {
}
}
// TestOIDCAuthenticationWithPKCE tests the OIDC authentication flow with PKCE
// (Proof Key for Code Exchange) enabled.
//
// This test sets up a scenario with a single user and node. It configures
// Headscale to use OIDC with PKCE enabled. It then simulates the OIDC login
// flow and verifies that the node can successfully authenticate and connect to
// the network. This ensures that the PKCE implementation is working correctly.
func TestOIDCAuthenticationWithPKCE(t *testing.T) {
IntegrationSkip(t)
@ -397,6 +428,15 @@ func TestOIDCAuthenticationWithPKCE(t *testing.T) {
t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))
}
// TestOIDCReloginSameNodeNewUser tests the scenario where a node is logged out
// from one user and then logged back in as a different user.
//
// This test sets up a scenario with a single node and two OIDC users. It first
// logs in the node as user1, then logs it out and logs it back in as user2.
// Finally, it logs the node out again and logs it back in as user1. The test
// verifies that the node is correctly associated with the new user after each
// re-login, and that the node's machine key remains the same while the node
// key changes.
func TestOIDCReloginSameNodeNewUser(t *testing.T) {
IntegrationSkip(t)

View File

@ -12,6 +12,14 @@ import (
"github.com/stretchr/testify/assert"
)
// TestAuthWebFlowAuthenticationPingAll tests the web authentication flow and
// verifies that all nodes can ping each other after successful authentication.
//
// This test sets up a scenario with two users and their corresponding nodes.
// It configures Headscale with a login URL and then simulates the web login
// flow for each node. After the nodes are authenticated, it checks that they
// can all ping each other, ensuring that the web authentication is working
// correctly and that the nodes are properly connected to the network.
func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
IntegrationSkip(t)
@ -53,6 +61,15 @@ func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))
}
// TestAuthWebFlowLogoutAndRelogin tests the scenario where a set of nodes are
// logged out and then logged back in using the web authentication flow.
//
// This test sets up a scenario with two users and their nodes. It first logs
// them in using the web flow and verifies that they can communicate. It then
// logs out all nodes and logs them back in again using the same web flow. The
// test verifies that the nodes can successfully re-authenticate, that their IP
// addresses remain the same, and that they can still ping each other after
// re-login.
func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {
IntegrationSkip(t)

View File

@ -18,6 +18,14 @@ import (
"tailscale.com/types/key"
)
// TestDERPVerifyEndpoint tests that the DERP server can successfully verify the
// client's identity with the Headscale server.
//
// This test sets up a scenario with a Headscale server and a DERP server. The
// DERP server is configured to verify clients with the Headscale server. The
// test then creates a set of Tailscale clients and verifies that they can
// successfully connect to the DERP server. It also tests that a client with a
// fake key cannot connect, ensuring that the verification is working correctly.
func TestDERPVerifyEndpoint(t *testing.T) {
IntegrationSkip(t)

View File

@ -13,6 +13,14 @@ import (
"tailscale.com/tailcfg"
)
// TestResolveMagicDNS tests that MagicDNS is working correctly by resolving the
// FQDNs of all nodes in the network.
//
// This test sets up a scenario with two users and their corresponding nodes.
// It then iterates through all clients and attempts to resolve the FQDN of
// every other client. It verifies that the resolved IP addresses match the
// actual IP addresses of the peer, ensuring that MagicDNS is correctly
// configured and functioning.
func TestResolveMagicDNS(t *testing.T) {
IntegrationSkip(t)
@ -69,6 +77,15 @@ func TestResolveMagicDNS(t *testing.T) {
}
}
// TestResolveMagicDNSExtraRecordsPath tests the functionality of providing
// extra DNS records to Headscale through a file.
//
// This test sets up a scenario with a Headscale instance configured to read
// extra DNS records from a JSON file. It then verifies that the clients can
// resolve the records defined in the file. The test also covers dynamic
// updates to the file, including moving, copying, and deleting the file, to
// ensure that Headscale correctly reloads the records and updates the DNS
// configuration for the clients.
func TestResolveMagicDNSExtraRecordsPath(t *testing.T) {
IntegrationSkip(t)

View File

@ -16,6 +16,14 @@ type ClientsSpec struct {
WebsocketDERP int
}
// TestDERPServerScenario tests the functionality of the embedded DERP server with
// plain connections.
//
// This test sets up a scenario with multiple users and their nodes, and an
// embedded DERP server. It verifies that all clients can connect to the DERP
// server and communicate with each other. It also checks that the clients are
// not using WebSocket connections for DERP, as this is not expected in this
// scenario.
func TestDERPServerScenario(t *testing.T) {
spec := ScenarioSpec{
NodesPerUser: 1,
@ -66,6 +74,14 @@ func TestDERPServerScenario(t *testing.T) {
})
}
// TestDERPServerWebsocketScenario tests the functionality of the embedded DERP
// server with WebSocket connections.
//
// This test sets up a scenario with multiple users and their nodes, and an
// embedded DERP server configured to use WebSockets. It verifies that all
// clients can connect to the DERP server and communicate with each other. It
// also checks that the clients are indeed using WebSocket connections for DERP,
// as expected in this scenario.
func TestDERPServerWebsocketScenario(t *testing.T) {
spec := ScenarioSpec{
NodesPerUser: 1,