integration: add via grant route steering tests

Add integration tests validating that via grants correctly steer routes to designated nodes per client group: - TestGrantViaSubnetSteering: two routers advertise the same subnet, via grants steer each client group to a specific router. Verifies per-client route visibility, curl reachability, and traceroute path. - TestGrantViaExitNodeSteering: two exit nodes, via grants steer each client group to a designated exit node. Verifies exit routes are withdrawn from non-designated nodes and the client rejects setting a non-designated exit node. - TestGrantViaMixedSteering: cross-steering where subnet routes and exit routes go to different servers per client group. Verifies subnet traffic uses the subnet-designated server while exit traffic uses the exit-designated server. Also add autogroupp helper for constructing AutoGroup aliases in grant policy configurations. Updates #2180
2026-04-07 21:47:46 +09:00 · 2026-03-22 20:43:57 +00:00
parent 8358017dcf
commit a739862c65
2 changed files with 1187 additions and 0 deletions
--- a/integration/helpers.go
+++ b/integration/helpers.go
@@ -1007,6 +1007,13 @@ func tagApprover(name string) policyv2.AutoApprover {
 	return new(policyv2.Tag(name))
 }

+// autogroupp returns a pointer to an AutoGroup as an Alias for policy v2 configurations.
+// Used in grant rules to reference autogroups like autogroup:self and autogroup:internet.
+func autogroupp(name string) policyv2.Alias {
+	ag := policyv2.AutoGroup(name)
+	return &ag
+}
+
 // oidcMockUser creates a MockUser for OIDC authentication testing.
 // Generates consistent test user data with configurable email verification status
 // for validating OIDC integration flows in headscale authentication tests.
--- a/integration/route_test.go
+++ b/integration/route_test.go