25 Commits

Author	SHA1	Message	Date
Kristoffer Dalby	fddc7117e4	stability and race conditions in auth and node store (#2781) ... This PR addresses some consistency issues that was introduced or discovered with the nodestore. nodestore: Now returns the node that is being put or updated when it is finished. This closes a race condition where when we read it back, we do not necessarily get the node with the given change and it ensures we get all the other updates from that batch write. auth: Authentication paths have been unified and simplified. It removes a lot of bad branches and ensures we only do the minimal work. A comprehensive auth test set has been created so we do not have to run integration tests to validate auth and it has allowed us to generate test cases for all the branches we currently know of. integration: added a lot more tooling and checks to validate that nodes reach the expected state when they come up and down. Standardised between the different auth models. A lot of this is to support or detect issues in the changes to nodestore (races) and auth (inconsistencies after login and reaching correct state) This PR was assisted, particularly tests, by claude code.	2025-10-16 12:17:43 +02:00
Kristoffer Dalby	c6d7b512bd	integration: replace time.Sleep with assert.EventuallyWithT (#2680)	2025-07-10 23:38:55 +02:00
Kristoffer Dalby	8f9fbf16f1	types/authkey: include user object in response (#2542) ... * types/authkey: include user object, not string Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * make preauthkeys use id Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: wire up user id for auth keys Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 11:45:08 +02:00
Kristoffer Dalby	f1206328dc	fix webauth + autoapprove routes (#2528) ... * types/node: add helper funcs for node tags Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * types/node: add DebugString method for node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: add String func to AutoApprover interface Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: simplify, use slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: debug, use nodes.DebugString Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: fix potential nil pointer in NodeCanApproveRoute Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: fix diff in login commands Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: fix webauth running with wrong scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: move common oidc opts to func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: require node count, more verbose Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * auth: remove uneffective route approve Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: fmt Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: add id func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: remove call that might be nil Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: test autoapprovers against web/authkey x group/tag/user Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: unique network id per scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Revert "integration: move common oidc opts to func" This reverts commit 7e9d165d4a900c304f1083b665f1a24a26e06e55. * remove cmd Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: clean docker images between runs in ci Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: run autoapprove test against differnt policy modes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: append, not overrwrite extra login args Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: remove polv2 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 07:54:04 +02:00
Kristoffer Dalby	603f3ad490	Multi network integration tests (#2464)	2025-03-21 11:49:32 +01:00
Kristoffer Dalby	ed78ecda12	add shutdown that asserts if headscale had panics (#2126) ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-09-17 11:44:55 +02:00
nblock	c3ef90a7f7	Update documentation for Apple (#2117) ... * Rename docs/ios-client.md to docs/apple-client.md. Add instructions for macOS; those are copied from the /apple endpoint and slightly modified. Fix doc links in the README. * Move infoboxes for /apple and /windows under the "Goal" section to the top. Those should be seen by users first as they contain *their* specific headscale URL. * Swap order of macOS and iOS to move "Profiles" further down. * Remove apple configuration profiles * Remove Tailscale versions hints * Mention /apple and /windows in the README along with their docs See: #2096	2024-09-11 18:43:59 +02:00
Kristoffer Dalby	ba614a5e6c	metrics, tuning in tests, db cleanups, fix concurrency issue (#1895)	2024-04-21 18:28:17 +02:00
Kristoffer Dalby	3b103280ef	implement selfupdate and pass expiry (#1647)	2024-01-05 10:41:56 +01:00
Kristoffer Dalby	b4a4d0f760	Handle errors in integration test setups ... Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2023-09-05 08:47:43 +02:00
Kristoffer Dalby	e3a2593344	Rename [Nn]amespace -> [Uu]ser in go code ... Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2023-01-18 15:40:04 +01:00
Juan Font	55a3885614	Added integration tests for ephemeral nodes ... Fetch the machines from headscale	2023-01-05 14:59:02 +01:00
Kristoffer Dalby	6f4c6c1876	Ignore tparallel where it doesnt make sense ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-12-01 14:45:11 +01:00
Even Holthe	fd6d25b5c1	SSH: Lint and typos	2022-11-26 11:53:31 +01:00
Kristoffer Dalby	e7f322b9b6	Mark all tests to run in parallel ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-11-22 13:18:58 +01:00
Kristoffer Dalby	93d56362af	Lock and unify headscale start/get method ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-11-14 16:50:28 +01:00
Kristoffer Dalby	456479eaa1	Rename and move wait for headscale ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-11-14 16:50:28 +01:00
Kristoffer Dalby	c9823ce347	Use TailscaleClient interface instead of tsic ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-21 13:17:54 +02:00
Kristoffer Dalby	36ad0003a9	golangci-lint --fix ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	0db608a7b7	Add tailscale versions, waiters and helpers for scenario ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	aef77a113c	use variable for namespace ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	13aa845c69	Add comment about scenario test ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	b0a4ee4dfe	test login with one node ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	eda4321486	Skip integration tests on short or lack of docker ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00
Kristoffer Dalby	a9c3b14f79	Define a "scenario", which is a controlserver with nodes ... Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2022-10-18 15:37:11 +02:00