From a3d77c65f3c45be923dd37cfe156bab68509009e Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 19 Feb 2025 15:01:39 +0100 Subject: [PATCH] use internal derp for most integration tests Signed-off-by: Kristoffer Dalby --- integration/acl_test.go | 4 ++ integration/auth_key_test.go | 1 - integration/dns_test.go | 12 +++- integration/general_test.go | 33 +++++++-- integration/route_test.go | 131 ++++++++++++++++++++--------------- 5 files changed, 115 insertions(+), 66 deletions(-) diff --git a/integration/acl_test.go b/integration/acl_test.go index fb6fef93..97ea7a89 100644 --- a/integration/acl_test.go +++ b/integration/acl_test.go @@ -275,6 +275,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithACLPolicy(&testCase.policy), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), ) require.NoError(t, err) defer scenario.ShutdownAssertNoPanics(t) @@ -1046,6 +1048,8 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) { hsic.WithConfigEnv(map[string]string{ "HEADSCALE_POLICY_MODE": "database", }), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), ) require.NoError(t, err) diff --git a/integration/auth_key_test.go b/integration/auth_key_test.go index d1c2c5d1..e4f98c79 100644 --- a/integration/auth_key_test.go +++ b/integration/auth_key_test.go @@ -163,7 +163,6 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("keyrelognewuser"), - hsic.WithTLS(), ) assertNoErrHeadscaleEnv(t, err) diff --git a/integration/dns_test.go b/integration/dns_test.go index 1a8b69aa..bfe32bce 100644 --- a/integration/dns_test.go +++ b/integration/dns_test.go @@ -26,7 +26,11 @@ func TestResolveMagicDNS(t *testing.T) { "magicdns2": len(MustTestVersions), } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("magicdns")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("magicdns"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -373,7 +377,11 @@ func TestValidateResolvConf(t *testing.T) { "resolvconf2": 3, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"), hsic.WithConfigEnv(tt.conf)) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"), + hsic.WithConfigEnv(tt.conf), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() diff --git a/integration/general_test.go b/integration/general_test.go index 3bdce469..1de9c591 100644 --- a/integration/general_test.go +++ b/integration/general_test.go @@ -207,7 +207,8 @@ func TestEphemeral2006DeletedTooQuickly(t *testing.T) { hsic.WithTestName("ephemeral2006"), hsic.WithConfigEnv(map[string]string{ "HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "1m6s", - }), + }), hsic.WithEmbeddedDERPServerOnly(), + hsic.WithTLS(), ) assertNoErrHeadscaleEnv(t, err) @@ -317,7 +318,11 @@ func TestPingAllByHostname(t *testing.T) { "user4": len(MustTestVersions), } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("pingallbyname")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("pingallbyname"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -365,7 +370,11 @@ func TestTaildrop(t *testing.T) { "taildrop": len(MustTestVersions), } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("taildrop")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("taildrop"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -534,7 +543,11 @@ func TestUpdateHostnameFromClient(t *testing.T) { user: 3, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("updatehostname")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("updatehostname"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -654,7 +667,11 @@ func TestExpireNode(t *testing.T) { "user1": len(MustTestVersions), } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("expirenode")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("expirenode"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -780,7 +797,11 @@ func TestNodeOnlineStatus(t *testing.T) { "user1": len(MustTestVersions), } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("online")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("online"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() diff --git a/integration/route_test.go b/integration/route_test.go index 644cc992..d99128ff 100644 --- a/integration/route_test.go +++ b/integration/route_test.go @@ -40,7 +40,11 @@ func TestEnablingRoutes(t *testing.T) { user: 3, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("clienableroute"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -262,7 +266,9 @@ func TestHASubnetRouterFailover(t *testing.T) { user: 3, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute")) + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, + hsic.WithTestName("clienableroute"), + ) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -834,25 +840,29 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) { user: 1, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy( - &policy.ACLPolicy{ - ACLs: []policy.ACL{ - { - Action: "accept", - Sources: []string{"*"}, - Destinations: []string{"*:*"}, + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, + hsic.WithTestName("clienableroute"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + hsic.WithACLPolicy( + &policy.ACLPolicy{ + ACLs: []policy.ACL{ + { + Action: "accept", + Sources: []string{"*"}, + Destinations: []string{"*:*"}, + }, + }, + TagOwners: map[string][]string{ + "tag:approve": {user}, + }, + AutoApprovers: policy.AutoApprovers{ + Routes: map[string][]string{ + expectedRoutes: {"tag:approve"}, + }, }, }, - TagOwners: map[string][]string{ - "tag:approve": {user}, - }, - AutoApprovers: policy.AutoApprovers{ - Routes: map[string][]string{ - expectedRoutes: {"tag:approve"}, - }, - }, - }, - )) + )) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -976,25 +986,29 @@ func TestAutoApprovedSubRoute2068(t *testing.T) { user: 1, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy( - &policy.ACLPolicy{ - ACLs: []policy.ACL{ - { - Action: "accept", - Sources: []string{"*"}, - Destinations: []string{"*:*"}, + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, + hsic.WithTestName("clienableroute"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + hsic.WithACLPolicy( + &policy.ACLPolicy{ + ACLs: []policy.ACL{ + { + Action: "accept", + Sources: []string{"*"}, + Destinations: []string{"*:*"}, + }, + }, + TagOwners: map[string][]string{ + "tag:approve": {user}, + }, + AutoApprovers: policy.AutoApprovers{ + Routes: map[string][]string{ + "10.42.0.0/16": {"tag:approve"}, + }, }, }, - TagOwners: map[string][]string{ - "tag:approve": {user}, - }, - AutoApprovers: policy.AutoApprovers{ - Routes: map[string][]string{ - "10.42.0.0/16": {"tag:approve"}, - }, - }, - }, - )) + )) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients() @@ -1067,30 +1081,33 @@ func TestSubnetRouteACL(t *testing.T) { user: 2, } - err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy( - &policy.ACLPolicy{ - Groups: policy.Groups{ - "group:admins": {user}, - }, - ACLs: []policy.ACL{ - { - Action: "accept", - Sources: []string{"group:admins"}, - Destinations: []string{"group:admins:*"}, + err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), + hsic.WithTLS(), + hsic.WithEmbeddedDERPServerOnly(), + hsic.WithACLPolicy( + &policy.ACLPolicy{ + Groups: policy.Groups{ + "group:admins": {user}, }, - { - Action: "accept", - Sources: []string{"group:admins"}, - Destinations: []string{"10.33.0.0/16:*"}, + ACLs: []policy.ACL{ + { + Action: "accept", + Sources: []string{"group:admins"}, + Destinations: []string{"group:admins:*"}, + }, + { + Action: "accept", + Sources: []string{"group:admins"}, + Destinations: []string{"10.33.0.0/16:*"}, + }, + // { + // Action: "accept", + // Sources: []string{"group:admins"}, + // Destinations: []string{"0.0.0.0/0:*"}, + // }, }, - // { - // Action: "accept", - // Sources: []string{"group:admins"}, - // Destinations: []string{"0.0.0.0/0:*"}, - // }, }, - }, - )) + )) assertNoErrHeadscaleEnv(t, err) allClients, err := scenario.ListTailscaleClients()