mirror of
https://github.com/juanfont/headscale.git
synced 2025-08-14 13:51:01 +02:00
integration: add some godoc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
a98d9bd05f
commit
7702861a7e
@ -16,6 +16,16 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// TestAuthKeyLogoutAndReloginSameUser tests the scenario where a set of nodes
|
||||
// are logged out and then logged back in as the same user. This test ensures
|
||||
// that the nodes can successfully re-authenticate and that their IP addresses
|
||||
// remain the same after re-login.
|
||||
//
|
||||
// The test sets up a scenario with two users, each with a set of nodes. It
|
||||
// then logs out all nodes, and then logs them back in using a new pre-
|
||||
// authenticated key for the same user. The test verifies that the node count
|
||||
// remains the same and that the nodes can still ping each other after re-
|
||||
// login.
|
||||
func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -174,10 +184,15 @@ func assertLastSeenSet(t *testing.T, node *v1.Node) {
|
||||
assert.NotNil(t, node.GetLastSeen())
|
||||
}
|
||||
|
||||
// This test will first log in two sets of nodes to two sets of users, then
|
||||
// it will log out all users from user2 and log them in as user1.
|
||||
// This should leave us with all nodes connected to user1, while user2
|
||||
// still has nodes, but they are not connected.
|
||||
// TestAuthKeyLogoutAndReloginNewUser tests the scenario where a set of nodes
|
||||
// are logged out from one user and then logged back in as a different user.
|
||||
// This test ensures that the nodes are correctly associated with the new user
|
||||
// and that the old user's nodes are no longer connected.
|
||||
//
|
||||
// The test sets up a scenario with two users, each with a set of nodes. It
|
||||
// then logs out all nodes and logs them all back in as user1. The test
|
||||
// verifies that all nodes are now associated with user1, and that user2 has
|
||||
// no connected nodes.
|
||||
func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -268,6 +283,14 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestAuthKeyLogoutAndReloginSameUserExpiredKey tests that a node cannot log
|
||||
// back in with an expired pre-authenticated key.
|
||||
//
|
||||
// The test sets up a scenario with two users and their nodes. It then logs
|
||||
// out all nodes, creates a new pre-authenticated key for each user, and then
|
||||
// expires the key. The test then attempts to log the nodes back in with the
|
||||
// expired key and verifies that the authentication fails with the expected
|
||||
// error message.
|
||||
func TestAuthKeyLogoutAndReloginSameUserExpiredKey(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
|
@ -17,6 +17,14 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
// TestOIDCAuthenticationPingAll tests the OIDC authentication flow and verifies
|
||||
// that all nodes can ping each other after successful authentication.
|
||||
//
|
||||
// This test sets up a scenario with two users and their corresponding nodes.
|
||||
// It configures Headscale with an OIDC provider and then simulates the OIDC
|
||||
// login flow for each node. After the nodes are authenticated, it checks that
|
||||
// they can all ping each other, ensuring that the OIDC authentication is
|
||||
// working correctly and that the nodes are properly connected to the network.
|
||||
func TestOIDCAuthenticationPingAll(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -113,7 +121,14 @@ func TestOIDCAuthenticationPingAll(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// This test is really flaky.
|
||||
// TestOIDCExpireNodesBasedOnTokenExpiry tests that nodes are automatically
|
||||
// expired when their OIDC token expires.
|
||||
//
|
||||
// This test sets up a scenario with a short OIDC token expiry time. It then
|
||||
// authenticates the nodes and verifies that they can communicate. After waiting
|
||||
// for the token to expire, it checks that the nodes are logged out and can no
|
||||
// longer communicate, ensuring that the token expiry mechanism is working as
|
||||
// expected.
|
||||
func TestOIDCExpireNodesBasedOnTokenExpiry(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -179,6 +194,15 @@ func TestOIDCExpireNodesBasedOnTokenExpiry(t *testing.T) {
|
||||
}, shortAccessTTL+10*time.Second, 5*time.Second)
|
||||
}
|
||||
|
||||
// TestOIDC024UserCreation tests the user creation process when using OIDC
|
||||
// authentication, covering different scenarios of user migration and email
|
||||
// verification.
|
||||
//
|
||||
// This is a table-driven test that sets up various scenarios with different
|
||||
// OIDC configurations, such as whether the email is verified and whether the
|
||||
// domain is stripped from the username. It then verifies that the users are
|
||||
// created correctly in Headscale with the expected properties, ensuring that
|
||||
// the user creation and migration logic is working as intended.
|
||||
func TestOIDC024UserCreation(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -346,6 +370,13 @@ func TestOIDC024UserCreation(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestOIDCAuthenticationWithPKCE tests the OIDC authentication flow with PKCE
|
||||
// (Proof Key for Code Exchange) enabled.
|
||||
//
|
||||
// This test sets up a scenario with a single user and node. It configures
|
||||
// Headscale to use OIDC with PKCE enabled. It then simulates the OIDC login
|
||||
// flow and verifies that the node can successfully authenticate and connect to
|
||||
// the network. This ensures that the PKCE implementation is working correctly.
|
||||
func TestOIDCAuthenticationWithPKCE(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -397,6 +428,15 @@ func TestOIDCAuthenticationWithPKCE(t *testing.T) {
|
||||
t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))
|
||||
}
|
||||
|
||||
// TestOIDCReloginSameNodeNewUser tests the scenario where a node is logged out
|
||||
// from one user and then logged back in as a different user.
|
||||
//
|
||||
// This test sets up a scenario with a single node and two OIDC users. It first
|
||||
// logs in the node as user1, then logs it out and logs it back in as user2.
|
||||
// Finally, it logs the node out again and logs it back in as user1. The test
|
||||
// verifies that the node is correctly associated with the new user after each
|
||||
// re-login, and that the node's machine key remains the same while the node
|
||||
// key changes.
|
||||
func TestOIDCReloginSameNodeNewUser(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
|
@ -12,6 +12,14 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
// TestAuthWebFlowAuthenticationPingAll tests the web authentication flow and
|
||||
// verifies that all nodes can ping each other after successful authentication.
|
||||
//
|
||||
// This test sets up a scenario with two users and their corresponding nodes.
|
||||
// It configures Headscale with a login URL and then simulates the web login
|
||||
// flow for each node. After the nodes are authenticated, it checks that they
|
||||
// can all ping each other, ensuring that the web authentication is working
|
||||
// correctly and that the nodes are properly connected to the network.
|
||||
func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -53,6 +61,15 @@ func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
|
||||
t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))
|
||||
}
|
||||
|
||||
// TestAuthWebFlowLogoutAndRelogin tests the scenario where a set of nodes are
|
||||
// logged out and then logged back in using the web authentication flow.
|
||||
//
|
||||
// This test sets up a scenario with two users and their nodes. It first logs
|
||||
// them in using the web flow and verifies that they can communicate. It then
|
||||
// logs out all nodes and logs them back in again using the same web flow. The
|
||||
// test verifies that the nodes can successfully re-authenticate, that their IP
|
||||
// addresses remain the same, and that they can still ping each other after
|
||||
// re-login.
|
||||
func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
|
@ -18,6 +18,14 @@ import (
|
||||
"tailscale.com/types/key"
|
||||
)
|
||||
|
||||
// TestDERPVerifyEndpoint tests that the DERP server can successfully verify the
|
||||
// client's identity with the Headscale server.
|
||||
//
|
||||
// This test sets up a scenario with a Headscale server and a DERP server. The
|
||||
// DERP server is configured to verify clients with the Headscale server. The
|
||||
// test then creates a set of Tailscale clients and verifies that they can
|
||||
// successfully connect to the DERP server. It also tests that a client with a
|
||||
// fake key cannot connect, ensuring that the verification is working correctly.
|
||||
func TestDERPVerifyEndpoint(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
|
@ -13,6 +13,14 @@ import (
|
||||
"tailscale.com/tailcfg"
|
||||
)
|
||||
|
||||
// TestResolveMagicDNS tests that MagicDNS is working correctly by resolving the
|
||||
// FQDNs of all nodes in the network.
|
||||
//
|
||||
// This test sets up a scenario with two users and their corresponding nodes.
|
||||
// It then iterates through all clients and attempts to resolve the FQDN of
|
||||
// every other client. It verifies that the resolved IP addresses match the
|
||||
// actual IP addresses of the peer, ensuring that MagicDNS is correctly
|
||||
// configured and functioning.
|
||||
func TestResolveMagicDNS(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
@ -69,6 +77,15 @@ func TestResolveMagicDNS(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestResolveMagicDNSExtraRecordsPath tests the functionality of providing
|
||||
// extra DNS records to Headscale through a file.
|
||||
//
|
||||
// This test sets up a scenario with a Headscale instance configured to read
|
||||
// extra DNS records from a JSON file. It then verifies that the clients can
|
||||
// resolve the records defined in the file. The test also covers dynamic
|
||||
// updates to the file, including moving, copying, and deleting the file, to
|
||||
// ensure that Headscale correctly reloads the records and updates the DNS
|
||||
// configuration for the clients.
|
||||
func TestResolveMagicDNSExtraRecordsPath(t *testing.T) {
|
||||
IntegrationSkip(t)
|
||||
|
||||
|
@ -16,6 +16,14 @@ type ClientsSpec struct {
|
||||
WebsocketDERP int
|
||||
}
|
||||
|
||||
// TestDERPServerScenario tests the functionality of the embedded DERP server with
|
||||
// plain connections.
|
||||
//
|
||||
// This test sets up a scenario with multiple users and their nodes, and an
|
||||
// embedded DERP server. It verifies that all clients can connect to the DERP
|
||||
// server and communicate with each other. It also checks that the clients are
|
||||
// not using WebSocket connections for DERP, as this is not expected in this
|
||||
// scenario.
|
||||
func TestDERPServerScenario(t *testing.T) {
|
||||
spec := ScenarioSpec{
|
||||
NodesPerUser: 1,
|
||||
@ -66,6 +74,14 @@ func TestDERPServerScenario(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
// TestDERPServerWebsocketScenario tests the functionality of the embedded DERP
|
||||
// server with WebSocket connections.
|
||||
//
|
||||
// This test sets up a scenario with multiple users and their nodes, and an
|
||||
// embedded DERP server configured to use WebSockets. It verifies that all
|
||||
// clients can connect to the DERP server and communicate with each other. It
|
||||
// also checks that the clients are indeed using WebSocket connections for DERP,
|
||||
// as expected in this scenario.
|
||||
func TestDERPServerWebsocketScenario(t *testing.T) {
|
||||
spec := ScenarioSpec{
|
||||
NodesPerUser: 1,
|
||||
|
Loading…
Reference in New Issue
Block a user