From c87471136b6a7b893bb8090a53d6ee6200419ef5 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 17 Oct 2025 08:28:30 +0200 Subject: [PATCH] integration: eventually fixups (#2799) --- integration/acl_test.go | 80 ++++++++++++++++++++++++--------------- integration/route_test.go | 18 ++++----- 2 files changed, 59 insertions(+), 39 deletions(-) diff --git a/integration/acl_test.go b/integration/acl_test.go index 2fecb10a..fd5d22a0 100644 --- a/integration/acl_test.go +++ b/integration/acl_test.go @@ -369,9 +369,11 @@ func TestACLAllowUser80Dst(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") } } @@ -384,9 +386,11 @@ func TestACLAllowUser80Dst(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Empty(t, result) - require.Error(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.Error(c, err) + assert.Empty(c, result) + }, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1") } } } @@ -430,9 +434,11 @@ func TestACLDenyAllPort80(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", hostname) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Empty(t, result) - require.Error(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.Error(c, err) + assert.Empty(c, result) + }, 20*time.Second, 500*time.Millisecond, "Verifying all traffic is denied") } } } @@ -478,7 +484,7 @@ func TestACLAllowUserDst(t *testing.T) { result, err := client.Curl(url) assert.NoError(c, err) assert.Len(c, result, 13) - }, 10*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") + }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") } } @@ -495,7 +501,7 @@ func TestACLAllowUserDst(t *testing.T) { result, err := client.Curl(url) assert.Error(c, err) assert.Empty(c, result) - }, 10*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1") + }, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1") } } } @@ -536,9 +542,11 @@ func TestACLAllowStarDst(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") } } @@ -551,9 +559,11 @@ func TestACLAllowStarDst(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Empty(t, result) - require.Error(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.Error(c, err) + assert.Empty(c, result) + }, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1") } } } @@ -599,13 +609,17 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") } } // Test that user2 can visit all user1 + // Test that user2 can visit all user1, note that this + // is _not_ symmetric. for _, client := range user2Clients { for _, peer := range user1Clients { fqdn, err := peer.FQDN() @@ -614,9 +628,11 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying user2 can reach user1") } } } @@ -1139,9 +1155,11 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") } } @@ -1271,9 +1289,11 @@ func TestACLAutogroupMember(t *testing.T) { url := fmt.Sprintf("http://%s/etc/hostname", fqdn) t.Logf("url from %s to %s", client.Hostname(), url) - result, err := client.Curl(url) - assert.Len(t, result, 13) - require.NoError(t, err) + assert.EventuallyWithT(t, func(c *assert.CollectT) { + result, err := client.Curl(url) + assert.NoError(c, err) + assert.Len(c, result, 13) + }, 20*time.Second, 500*time.Millisecond, "Verifying autogroup:member connectivity") } } } @@ -1482,7 +1502,7 @@ func TestACLAutogroupTagged(t *testing.T) { result, err := client.Curl(url) assert.NoError(ct, err) assert.Len(ct, result, 13) - }, 15*time.Second, 500*time.Millisecond, "tagged nodes should be able to communicate") + }, 20*time.Second, 500*time.Millisecond, "tagged nodes should be able to communicate") } } diff --git a/integration/route_test.go b/integration/route_test.go index a613c375..e1d30750 100644 --- a/integration/route_test.go +++ b/integration/route_test.go @@ -679,7 +679,7 @@ func TestHASubnetRouterFailover(t *testing.T) { assert.True(c, expectedIP.IsValid(), "subRouter1 should have a valid IPv4 address") assertTracerouteViaIPWithCollect(c, tr, expectedIP) - }, 10*time.Second, 500*time.Millisecond, "Verifying traffic still flows through PRIMARY router 1 with full HA setup active") + }, propagationTime, 200*time.Millisecond, "Verifying traffic still flows through PRIMARY router 1 with full HA setup active") // Validate primary routes table state - all 3 routers approved, router 1 still primary validatePrimaryRoutes(t, headscale, &routes.DebugRoutes{ @@ -2413,7 +2413,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { result, err := client.Curl(url) assert.NoError(c, err) assert.Len(c, result, 13) - }, 5*time.Second, 200*time.Millisecond, "Verifying client can reach webservice through auto-approved route") + }, 20*time.Second, 200*time.Millisecond, "Verifying client can reach webservice through auto-approved route") assert.EventuallyWithT(t, func(c *assert.CollectT) { tr, err := client.Traceroute(webip) @@ -2423,7 +2423,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { return } assertTracerouteViaIPWithCollect(c, tr, ip) - }, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through auto-approved router") + }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through auto-approved router") // Remove the auto approval from the policy, any routes already enabled should be allowed. prefix = *route @@ -2475,7 +2475,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { result, err := client.Curl(url) assert.NoError(c, err) assert.Len(c, result, 13) - }, 5*time.Second, 200*time.Millisecond, "Verifying client can still reach webservice after policy change") + }, 20*time.Second, 200*time.Millisecond, "Verifying client can still reach webservice after policy change") assert.EventuallyWithT(t, func(c *assert.CollectT) { tr, err := client.Traceroute(webip) @@ -2485,7 +2485,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { return } assertTracerouteViaIPWithCollect(c, tr, ip) - }, 5*time.Second, 200*time.Millisecond, "Verifying traceroute still goes through router after policy change") + }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute still goes through router after policy change") // Disable the route, making it unavailable since it is no longer auto-approved _, err = headscale.ApproveRoutes( @@ -2569,7 +2569,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { result, err := client.Curl(url) assert.NoError(c, err) assert.Len(c, result, 13) - }, 5*time.Second, 200*time.Millisecond, "Verifying client can reach webservice after route re-approval") + }, 20*time.Second, 200*time.Millisecond, "Verifying client can reach webservice after route re-approval") assert.EventuallyWithT(t, func(c *assert.CollectT) { tr, err := client.Traceroute(webip) @@ -2579,7 +2579,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) { return } assertTracerouteViaIPWithCollect(c, tr, ip) - }, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router after re-approval") + }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router after re-approval") // Advertise and validate a subnet of an auto approved route, /24 inside the // auto approved /16. @@ -3007,7 +3007,7 @@ func TestSubnetRouteACLFiltering(t *testing.T) { result, err := nodeClient.Curl(weburl) assert.NoError(c, err) assert.Len(c, result, 13) - }, 5*time.Second, 200*time.Millisecond, "Verifying node can reach webservice through allowed route") + }, 20*time.Second, 200*time.Millisecond, "Verifying node can reach webservice through allowed route") assert.EventuallyWithT(t, func(c *assert.CollectT) { tr, err := nodeClient.Traceroute(webip) @@ -3017,5 +3017,5 @@ func TestSubnetRouteACLFiltering(t *testing.T) { return } assertTracerouteViaIPWithCollect(c, tr, ip) - }, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router") + }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router") }