use internal derp for most integration tests

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-02-20 00:18:41 +01:00 · 2025-02-19 15:01:39 +01:00 · 2025-02-19 15:01:39 +01:00 · a3d77c65f3
commit a3d77c65f3
parent 2cce3a99eb
5 changed files with 115 additions and 66 deletions
--- a/integration/acl_test.go
+++ b/integration/acl_test.go
@ -275,6 +275,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
 			err = scenario.CreateHeadscaleEnv(spec,
 				[]tsic.Option{},
 				hsic.WithACLPolicy(&testCase.policy),
+				hsic.WithTLS(),
+				hsic.WithEmbeddedDERPServerOnly(),
 			)
 			require.NoError(t, err)
 			defer scenario.ShutdownAssertNoPanics(t)
@ -1046,6 +1048,8 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
 		hsic.WithConfigEnv(map[string]string{
 			"HEADSCALE_POLICY_MODE": "database",
 		}),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
 	)
 	require.NoError(t, err)

--- a/integration/auth_key_test.go
+++ b/integration/auth_key_test.go
@ -163,7 +163,6 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {

 	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
 		hsic.WithTestName("keyrelognewuser"),
-		hsic.WithTLS(),
 	)
 	assertNoErrHeadscaleEnv(t, err)

--- a/integration/dns_test.go
+++ b/integration/dns_test.go
@ -26,7 +26,11 @@ func TestResolveMagicDNS(t *testing.T) {
 		"magicdns2": len(MustTestVersions),
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("magicdns"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("magicdns"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -373,7 +377,11 @@ func TestValidateResolvConf(t *testing.T) {
 				"resolvconf2": 3,
 			}

-			err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"), hsic.WithConfigEnv(tt.conf))
+			err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("resolvconf"),
+				hsic.WithConfigEnv(tt.conf),
+				hsic.WithTLS(),
+				hsic.WithEmbeddedDERPServerOnly(),
+			)
 			assertNoErrHeadscaleEnv(t, err)

 			allClients, err := scenario.ListTailscaleClients()
--- a/integration/general_test.go
+++ b/integration/general_test.go
@ -207,7 +207,8 @@ func TestEphemeral2006DeletedTooQuickly(t *testing.T) {
 		hsic.WithTestName("ephemeral2006"),
 		hsic.WithConfigEnv(map[string]string{
 			"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "1m6s",
-		}),
+		}), hsic.WithEmbeddedDERPServerOnly(),
+		hsic.WithTLS(),
 	)
 	assertNoErrHeadscaleEnv(t, err)

@ -317,7 +318,11 @@ func TestPingAllByHostname(t *testing.T) {
 		"user4": len(MustTestVersions),
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("pingallbyname"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("pingallbyname"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -365,7 +370,11 @@ func TestTaildrop(t *testing.T) {
 		"taildrop": len(MustTestVersions),
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("taildrop"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("taildrop"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -534,7 +543,11 @@ func TestUpdateHostnameFromClient(t *testing.T) {
 		user: 3,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("updatehostname"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("updatehostname"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -654,7 +667,11 @@ func TestExpireNode(t *testing.T) {
 		"user1": len(MustTestVersions),
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("expirenode"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("expirenode"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -780,7 +797,11 @@ func TestNodeOnlineStatus(t *testing.T) {
 		"user1": len(MustTestVersions),
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("online"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("online"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
--- a/integration/route_test.go
+++ b/integration/route_test.go
@ -40,7 +40,11 @@ func TestEnablingRoutes(t *testing.T) {
 		user: 3,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("clienableroute"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -262,7 +266,9 @@ func TestHASubnetRouterFailover(t *testing.T) {
 		user: 3,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"))
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
+		hsic.WithTestName("clienableroute"),
+	)
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -834,25 +840,29 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) {
 		user: 1,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
-		&policy.ACLPolicy{
-			ACLs: []policy.ACL{
-				{
-					Action:       "accept",
-					Sources:      []string{"*"},
-					Destinations: []string{"*:*"},
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})},
+		hsic.WithTestName("clienableroute"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+		hsic.WithACLPolicy(
+			&policy.ACLPolicy{
+				ACLs: []policy.ACL{
+					{
+						Action:       "accept",
+						Sources:      []string{"*"},
+						Destinations: []string{"*:*"},
+					},
+				},
+				TagOwners: map[string][]string{
+					"tag:approve": {user},
+				},
+				AutoApprovers: policy.AutoApprovers{
+					Routes: map[string][]string{
+						expectedRoutes: {"tag:approve"},
+					},
 				},
 			},
-			TagOwners: map[string][]string{
-				"tag:approve": {user},
-			},
-			AutoApprovers: policy.AutoApprovers{
-				Routes: map[string][]string{
-					expectedRoutes: {"tag:approve"},
-				},
-			},
-		},
-	))
+		))
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -976,25 +986,29 @@ func TestAutoApprovedSubRoute2068(t *testing.T) {
 		user: 1,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
-		&policy.ACLPolicy{
-			ACLs: []policy.ACL{
-				{
-					Action:       "accept",
-					Sources:      []string{"*"},
-					Destinations: []string{"*:*"},
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})},
+		hsic.WithTestName("clienableroute"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+		hsic.WithACLPolicy(
+			&policy.ACLPolicy{
+				ACLs: []policy.ACL{
+					{
+						Action:       "accept",
+						Sources:      []string{"*"},
+						Destinations: []string{"*:*"},
+					},
+				},
+				TagOwners: map[string][]string{
+					"tag:approve": {user},
+				},
+				AutoApprovers: policy.AutoApprovers{
+					Routes: map[string][]string{
+						"10.42.0.0/16": {"tag:approve"},
+					},
 				},
 			},
-			TagOwners: map[string][]string{
-				"tag:approve": {user},
-			},
-			AutoApprovers: policy.AutoApprovers{
-				Routes: map[string][]string{
-					"10.42.0.0/16": {"tag:approve"},
-				},
-			},
-		},
-	))
+		))
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()
@ -1067,30 +1081,33 @@ func TestSubnetRouteACL(t *testing.T) {
 		user: 2,
 	}

-	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
-		&policy.ACLPolicy{
-			Groups: policy.Groups{
-				"group:admins": {user},
-			},
-			ACLs: []policy.ACL{
-				{
-					Action:       "accept",
-					Sources:      []string{"group:admins"},
-					Destinations: []string{"group:admins:*"},
+	err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"),
+		hsic.WithTLS(),
+		hsic.WithEmbeddedDERPServerOnly(),
+		hsic.WithACLPolicy(
+			&policy.ACLPolicy{
+				Groups: policy.Groups{
+					"group:admins": {user},
 				},
-				{
-					Action:       "accept",
-					Sources:      []string{"group:admins"},
-					Destinations: []string{"10.33.0.0/16:*"},
+				ACLs: []policy.ACL{
+					{
+						Action:       "accept",
+						Sources:      []string{"group:admins"},
+						Destinations: []string{"group:admins:*"},
+					},
+					{
+						Action:       "accept",
+						Sources:      []string{"group:admins"},
+						Destinations: []string{"10.33.0.0/16:*"},
+					},
+					// {
+					// 	Action:       "accept",
+					// 	Sources:      []string{"group:admins"},
+					// 	Destinations: []string{"0.0.0.0/0:*"},
+					// },
 				},
-				// {
-				// 	Action:       "accept",
-				// 	Sources:      []string{"group:admins"},
-				// 	Destinations: []string{"0.0.0.0/0:*"},
-				// },
 			},
-		},
-	))
+		))
 	assertNoErrHeadscaleEnv(t, err)

 	allClients, err := scenario.ListTailscaleClients()