public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-01 21:47:45 +09:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

integration: eventually fixups (#2799)
Some checks failed
Build / build-nix (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Details
Check Generated Files / check-generated (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
Close inactive issues / close-issues (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Kristoffer Dalby
2025-10-17 08:28:30 +02:00
committed by GitHub
parent e7a28a14af
commit c87471136b
2 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
integration/acl_test.go
View File

@@ -369,9 +369,11 @@ func TestACLAllowUser80Dst(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2")
} }
} }
@@ -384,9 +386,11 @@ func TestACLAllowUser80Dst(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Empty(t, result) result, err := client.Curl(url)
require.Error(t, err) assert.Error(c, err)
assert.Empty(c, result)
}, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1")
} }
} }
} }
@@ -430,9 +434,11 @@ func TestACLDenyAllPort80(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", hostname) url := fmt.Sprintf("http://%s/etc/hostname", hostname)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Empty(t, result) result, err := client.Curl(url)
require.Error(t, err) assert.Error(c, err)
assert.Empty(c, result)
}, 20*time.Second, 500*time.Millisecond, "Verifying all traffic is denied")
} }
} }
} }
@@ -478,7 +484,7 @@ func TestACLAllowUserDst(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.NoError(c, err) assert.NoError(c, err)
assert.Len(c, result, 13) assert.Len(c, result, 13)
}, 10*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2") }, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2")
} }
} }
@@ -495,7 +501,7 @@ func TestACLAllowUserDst(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.Error(c, err) assert.Error(c, err)
assert.Empty(c, result) assert.Empty(c, result)
}, 10*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1") }, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1")
} }
} }
} }
@@ -536,9 +542,11 @@ func TestACLAllowStarDst(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2")
} }
} }
@@ -551,9 +559,11 @@ func TestACLAllowStarDst(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Empty(t, result) result, err := client.Curl(url)
require.Error(t, err) assert.Error(c, err)
assert.Empty(c, result)
}, 20*time.Second, 500*time.Millisecond, "Verifying user2 cannot reach user1")
} }
} }
} }
@@ -599,13 +609,17 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2")
} }
} }
// Test that user2 can visit all user1 // Test that user2 can visit all user1
// Test that user2 can visit all user1, note that this
// is _not_ symmetric.
for _, client := range user2Clients { for _, client := range user2Clients {
for _, peer := range user1Clients { for _, peer := range user1Clients {
fqdn, err := peer.FQDN() fqdn, err := peer.FQDN()
@@ -614,9 +628,11 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying user2 can reach user1")
} }
} }
} }
@@ -1139,9 +1155,11 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying user1 can reach user2")
} }
} }
@@ -1271,9 +1289,11 @@ func TestACLAutogroupMember(t *testing.T) {
url := fmt.Sprintf("http://%s/etc/hostname", fqdn) url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url) t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url) assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.Len(t, result, 13) result, err := client.Curl(url)
require.NoError(t, err) assert.NoError(c, err)
assert.Len(c, result, 13)
}, 20*time.Second, 500*time.Millisecond, "Verifying autogroup:member connectivity")
} }
} }
} }
@@ -1482,7 +1502,7 @@ func TestACLAutogroupTagged(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.NoError(ct, err) assert.NoError(ct, err)
assert.Len(ct, result, 13) assert.Len(ct, result, 13)
}, 15*time.Second, 500*time.Millisecond, "tagged nodes should be able to communicate") }, 20*time.Second, 500*time.Millisecond, "tagged nodes should be able to communicate")
} }
} }

18
integration/route_test.go
View File

@@ -679,7 +679,7 @@ func TestHASubnetRouterFailover(t *testing.T) {
assert.True(c, expectedIP.IsValid(), "subRouter1 should have a valid IPv4 address") assert.True(c, expectedIP.IsValid(), "subRouter1 should have a valid IPv4 address")
assertTracerouteViaIPWithCollect(c, tr, expectedIP) assertTracerouteViaIPWithCollect(c, tr, expectedIP)
}, 10*time.Second, 500*time.Millisecond, "Verifying traffic still flows through PRIMARY router 1 with full HA setup active") }, propagationTime, 200*time.Millisecond, "Verifying traffic still flows through PRIMARY router 1 with full HA setup active")
// Validate primary routes table state - all 3 routers approved, router 1 still primary // Validate primary routes table state - all 3 routers approved, router 1 still primary
validatePrimaryRoutes(t, headscale, &routes.DebugRoutes{ validatePrimaryRoutes(t, headscale, &routes.DebugRoutes{
@@ -2413,7 +2413,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.NoError(c, err) assert.NoError(c, err)
assert.Len(c, result, 13) assert.Len(c, result, 13)
}, 5*time.Second, 200*time.Millisecond, "Verifying client can reach webservice through auto-approved route") }, 20*time.Second, 200*time.Millisecond, "Verifying client can reach webservice through auto-approved route")
assert.EventuallyWithT(t, func(c *assert.CollectT) { assert.EventuallyWithT(t, func(c *assert.CollectT) {
tr, err := client.Traceroute(webip) tr, err := client.Traceroute(webip)
@@ -2423,7 +2423,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
return return
} }
assertTracerouteViaIPWithCollect(c, tr, ip) assertTracerouteViaIPWithCollect(c, tr, ip)
}, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through auto-approved router") }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through auto-approved router")
// Remove the auto approval from the policy, any routes already enabled should be allowed. // Remove the auto approval from the policy, any routes already enabled should be allowed.
prefix = *route prefix = *route
@@ -2475,7 +2475,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.NoError(c, err) assert.NoError(c, err)
assert.Len(c, result, 13) assert.Len(c, result, 13)
}, 5*time.Second, 200*time.Millisecond, "Verifying client can still reach webservice after policy change") }, 20*time.Second, 200*time.Millisecond, "Verifying client can still reach webservice after policy change")
assert.EventuallyWithT(t, func(c *assert.CollectT) { assert.EventuallyWithT(t, func(c *assert.CollectT) {
tr, err := client.Traceroute(webip) tr, err := client.Traceroute(webip)
@@ -2485,7 +2485,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
return return
} }
assertTracerouteViaIPWithCollect(c, tr, ip) assertTracerouteViaIPWithCollect(c, tr, ip)
}, 5*time.Second, 200*time.Millisecond, "Verifying traceroute still goes through router after policy change") }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute still goes through router after policy change")
// Disable the route, making it unavailable since it is no longer auto-approved // Disable the route, making it unavailable since it is no longer auto-approved
_, err = headscale.ApproveRoutes( _, err = headscale.ApproveRoutes(
@@ -2569,7 +2569,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
result, err := client.Curl(url) result, err := client.Curl(url)
assert.NoError(c, err) assert.NoError(c, err)
assert.Len(c, result, 13) assert.Len(c, result, 13)
}, 5*time.Second, 200*time.Millisecond, "Verifying client can reach webservice after route re-approval") }, 20*time.Second, 200*time.Millisecond, "Verifying client can reach webservice after route re-approval")
assert.EventuallyWithT(t, func(c *assert.CollectT) { assert.EventuallyWithT(t, func(c *assert.CollectT) {
tr, err := client.Traceroute(webip) tr, err := client.Traceroute(webip)
@@ -2579,7 +2579,7 @@ func TestAutoApproveMultiNetwork(t *testing.T) {
return return
} }
assertTracerouteViaIPWithCollect(c, tr, ip) assertTracerouteViaIPWithCollect(c, tr, ip)
}, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router after re-approval") }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router after re-approval")
// Advertise and validate a subnet of an auto approved route, /24 inside the // Advertise and validate a subnet of an auto approved route, /24 inside the
// auto approved /16. // auto approved /16.
@@ -3007,7 +3007,7 @@ func TestSubnetRouteACLFiltering(t *testing.T) {
result, err := nodeClient.Curl(weburl) result, err := nodeClient.Curl(weburl)
assert.NoError(c, err) assert.NoError(c, err)
assert.Len(c, result, 13) assert.Len(c, result, 13)
}, 5*time.Second, 200*time.Millisecond, "Verifying node can reach webservice through allowed route") }, 20*time.Second, 200*time.Millisecond, "Verifying node can reach webservice through allowed route")
assert.EventuallyWithT(t, func(c *assert.CollectT) { assert.EventuallyWithT(t, func(c *assert.CollectT) {
tr, err := nodeClient.Traceroute(webip) tr, err := nodeClient.Traceroute(webip)
@@ -3017,5 +3017,5 @@ func TestSubnetRouteACLFiltering(t *testing.T) {
return return
} }
assertTracerouteViaIPWithCollect(c, tr, ip) assertTracerouteViaIPWithCollect(c, tr, ip)
}, 5*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router") }, 20*time.Second, 200*time.Millisecond, "Verifying traceroute goes through router")
} }