use internal derp for most integration tests

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-02-20 00:18:41 +01:00 · 2025-02-19 15:01:39 +01:00 · 2025-02-19 15:01:39 +01:00 · a3d77c65f3
commit a3d77c65f3
parent 2cce3a99eb
5 changed files with 115 additions and 66 deletions
--- a/integration/acl_test.go
+++ b/integration/acl_test.go
@ -275,6 +275,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
 			err = scenario.CreateHeadscaleEnv(spec,
 				[]tsic.Option{},
 				hsic.WithACLPolicy(&testCase.policy),
 				hsic.WithTLS(),
 				hsic.WithEmbeddedDERPServerOnly(),
 			)
 			require.NoError(t, err)
 			defer scenario.ShutdownAssertNoPanics(t)
@ -1046,6 +1048,8 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
 		hsic.WithConfigEnv(map[string]string{
 			"HEADSCALE_POLICY_MODE": "database",
 		}),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	require.NoError(t, err)
--- a/integration/auth_key_test.go
+++ b/integration/auth_key_test.go
@ -163,7 +163,6 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
 	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("keyrelognewuser"),
 		hsic.WithTLS(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
--- a/integration/dns_test.go
+++ b/integration/dns_test.go
@ -26,7 +26,11 @@ func TestResolveMagicDNS(t *testing.T) {
 		"magicdns2": len(MustTestVersions),
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("magicdns"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("magicdns"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -373,7 +377,11 @@ func TestValidateResolvConf(t *testing.T) {
 				"resolvconf2": 3,
 			}
-			err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"), hsic.WithConfigEnv(tt.conf))
+			err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"),
 				hsic.WithConfigEnv(tt.conf),
 				hsic.WithTLS(),
 				hsic.WithEmbeddedDERPServerOnly(),
 			)
 			assertNoErrHeadscaleEnv(t, err)
 			allClients, err := scenario.ListTailscaleClients()
--- a/integration/general_test.go
+++ b/integration/general_test.go
@ -207,7 +207,8 @@ func TestEphemeral2006DeletedTooQuickly(t *testing.T) {
 		hsic.WithTestName("ephemeral2006"),
 		hsic.WithConfigEnv(map[string]string{
 			"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "1m6s",
-		}),
+		}), hsic.WithEmbeddedDERPServerOnly(),
 		hsic.WithTLS(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
@ -317,7 +318,11 @@ func TestPingAllByHostname(t *testing.T) {
 		"user4": len(MustTestVersions),
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("pingallbyname"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("pingallbyname"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -365,7 +370,11 @@ func TestTaildrop(t *testing.T) {
 		"taildrop": len(MustTestVersions),
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("taildrop"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("taildrop"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -534,7 +543,11 @@ func TestUpdateHostnameFromClient(t *testing.T) {
 		user: 3,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("updatehostname"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("updatehostname"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -654,7 +667,11 @@ func TestExpireNode(t *testing.T) {
 		"user1": len(MustTestVersions),
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("expirenode"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("expirenode"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -780,7 +797,11 @@ func TestNodeOnlineStatus(t *testing.T) {
 		"user1": len(MustTestVersions),
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("online"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("online"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
--- a/integration/route_test.go
+++ b/integration/route_test.go
@ -40,7 +40,11 @@ func TestEnablingRoutes(t *testing.T) {
 		user: 3,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("clienableroute"),
 		hsic.WithTLS(),
 		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -262,7 +266,9 @@ func TestHASubnetRouterFailover(t *testing.T) {
 		user: 3,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("clienableroute"),
 	)
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -834,25 +840,29 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) {
 		user: 1,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})},
-		&policy.ACLPolicy{
+		hsic.WithTestName("clienableroute"),
-			ACLs: []policy.ACL{
+		hsic.WithTLS(),
-				{
+		hsic.WithEmbeddedDERPServerOnly(),
-					Action:       "accept",
+		hsic.WithACLPolicy(
-					Sources:      []string{"*"},
+			&policy.ACLPolicy{
-					Destinations: []string{"*:*"},
+				ACLs: []policy.ACL{
 					{
 						Action:       "accept",
 						Sources:      []string{"*"},
 						Destinations: []string{"*:*"},
 					},
 				},
 				TagOwners: map[string][]string{
 					"tag:approve": {user},
 				},
 				AutoApprovers: policy.AutoApprovers{
 					Routes: map[string][]string{
 						expectedRoutes: {"tag:approve"},
 					},
 				},
 			},
-			TagOwners: map[string][]string{
+		))
 				"tag:approve": {user},
 			},
 			AutoApprovers: policy.AutoApprovers{
 				Routes: map[string][]string{
 					expectedRoutes: {"tag:approve"},
 				},
 			},
 		},
 	))
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -976,25 +986,29 @@ func TestAutoApprovedSubRoute2068(t *testing.T) {
 		user: 1,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})},
-		&policy.ACLPolicy{
+		hsic.WithTestName("clienableroute"),
-			ACLs: []policy.ACL{
+		hsic.WithTLS(),
-				{
+		hsic.WithEmbeddedDERPServerOnly(),
-					Action:       "accept",
+		hsic.WithACLPolicy(
-					Sources:      []string{"*"},
+			&policy.ACLPolicy{
-					Destinations: []string{"*:*"},
+				ACLs: []policy.ACL{
 					{
 						Action:       "accept",
 						Sources:      []string{"*"},
 						Destinations: []string{"*:*"},
 					},
 				},
 				TagOwners: map[string][]string{
 					"tag:approve": {user},
 				},
 				AutoApprovers: policy.AutoApprovers{
 					Routes: map[string][]string{
 						"10.42.0.0/16": {"tag:approve"},
 					},
 				},
 			},
-			TagOwners: map[string][]string{
+		))
 				"tag:approve": {user},
 			},
 			AutoApprovers: policy.AutoApprovers{
 				Routes: map[string][]string{
 					"10.42.0.0/16": {"tag:approve"},
 				},
 			},
 		},
 	))
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()
@ -1067,30 +1081,33 @@ func TestSubnetRouteACL(t *testing.T) {
 		user: 2,
 	}
-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"),
-		&policy.ACLPolicy{
+		hsic.WithTLS(),
-			Groups: policy.Groups{
+		hsic.WithEmbeddedDERPServerOnly(),
-				"group:admins": {user},
+		hsic.WithACLPolicy(
-			},
+			&policy.ACLPolicy{
-			ACLs: []policy.ACL{
+				Groups: policy.Groups{
-				{
+					"group:admins": {user},
 					Action:       "accept",
 					Sources:      []string{"group:admins"},
 					Destinations: []string{"group:admins:*"},
 				},
-				{
+				ACLs: []policy.ACL{
-					Action:       "accept",
+					{
-					Sources:      []string{"group:admins"},
+						Action:       "accept",
-					Destinations: []string{"10.33.0.0/16:*"},
+						Sources:      []string{"group:admins"},
 						Destinations: []string{"group:admins:*"},
 					},
 					{
 						Action:       "accept",
 						Sources:      []string{"group:admins"},
 						Destinations: []string{"10.33.0.0/16:*"},
 					},
 					// {
 					// 	Action:       "accept",
 					// 	Sources:      []string{"group:admins"},
 					// 	Destinations: []string{"0.0.0.0/0:*"},
 					// },
 				},
 				// {
 				// 	Action:       "accept",
 				// 	Sources:      []string{"group:admins"},
 				// 	Destinations: []string{"0.0.0.0/0:*"},
 				// },
 			},
-		},
+		))
 	))
 	assertNoErrHeadscaleEnv(t, err)
 	allClients, err := scenario.ListTailscaleClients()