headscale/integration/auth_web_flow_test.go

package integration

import (
	"net/netip"
	"slices"
	"testing"
	"time"

	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
	"github.com/juanfont/headscale/integration/hsic"
	"github.com/samber/lo"
	"github.com/stretchr/testify/assert"
)

func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
	IntegrationSkip(t)

	spec := ScenarioSpec{
		NodesPerUser: len(MustTestVersions),
		Users:        []string{"user1", "user2"},
	}

	scenario, err := NewScenario(spec)
	if err != nil {
		t.Fatalf("failed to create scenario: %s", err)
	}
	defer scenario.ShutdownAssertNoPanics(t)

	err = scenario.CreateHeadscaleEnvWithLoginURL(
		nil,
		hsic.WithTestName("webauthping"),
		hsic.WithEmbeddedDERPServerOnly(),
		hsic.WithTLS(),
	)
	assertNoErrHeadscaleEnv(t, err)

	allClients, err := scenario.ListTailscaleClients()
	assertNoErrListClients(t, err)

	allIps, err := scenario.ListTailscaleClientsIPs()
	assertNoErrListClientIPs(t, err)

	err = scenario.WaitForTailscaleSync()
	assertNoErrSync(t, err)

	// assertClientsState(t, allClients)

	allAddrs := lo.Map(allIps, func(x netip.Addr, index int) string {
		return x.String()
	})

	success := pingAllHelper(t, allClients, allAddrs)
	t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))
}

func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {
	IntegrationSkip(t)

	spec := ScenarioSpec{
		NodesPerUser: len(MustTestVersions),
		Users:        []string{"user1", "user2"},
	}

	scenario, err := NewScenario(spec)
	assertNoErr(t, err)
	defer scenario.ShutdownAssertNoPanics(t)

	err = scenario.CreateHeadscaleEnvWithLoginURL(
		nil,
		hsic.WithTestName("weblogout"),
		hsic.WithTLS(),
	)
	assertNoErrHeadscaleEnv(t, err)

	allClients, err := scenario.ListTailscaleClients()
	assertNoErrListClients(t, err)

	allIps, err := scenario.ListTailscaleClientsIPs()
	assertNoErrListClientIPs(t, err)

	err = scenario.WaitForTailscaleSync()
	assertNoErrSync(t, err)

	// assertClientsState(t, allClients)

	allAddrs := lo.Map(allIps, func(x netip.Addr, index int) string {
		return x.String()
	})

	success := pingAllHelper(t, allClients, allAddrs)
	t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))

	headscale, err := scenario.Headscale()
	assertNoErrGetHeadscale(t, err)

	var listNodes []*v1.Node
	assert.EventuallyWithT(t, func(ct *assert.CollectT) {
		var err error
		listNodes, err = headscale.ListNodes()
		assert.NoError(ct, err)
		assert.Len(ct, listNodes, len(allClients), "Node count should match client count after login")
	}, 20*time.Second, 1*time.Second)
	nodeCountBeforeLogout := len(listNodes)
	t.Logf("node count before logout: %d", nodeCountBeforeLogout)

	clientIPs := make(map[TailscaleClient][]netip.Addr)
	for _, client := range allClients {
		ips, err := client.IPs()
		if err != nil {
			t.Fatalf("failed to get IPs for client %s: %s", client.Hostname(), err)
		}
		clientIPs[client] = ips
	}

	for _, client := range allClients {
		err := client.Logout()
		if err != nil {
			t.Fatalf("failed to logout client %s: %s", client.Hostname(), err)
		}
	}

	err = scenario.WaitForTailscaleLogout()
	assertNoErrLogout(t, err)

	t.Logf("all clients logged out")

	for _, userName := range spec.Users {
		err = scenario.RunTailscaleUpWithURL(userName, headscale.GetEndpoint())
		if err != nil {
			t.Fatalf("failed to run tailscale up (%q): %s", headscale.GetEndpoint(), err)
		}
	}

	t.Logf("all clients logged in again")

	allIps, err = scenario.ListTailscaleClientsIPs()
	assertNoErrListClientIPs(t, err)

	allAddrs = lo.Map(allIps, func(x netip.Addr, index int) string {
		return x.String()
	})

	success = pingAllHelper(t, allClients, allAddrs)
	t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))

	assert.EventuallyWithT(t, func(ct *assert.CollectT) {
		var err error
		listNodes, err = headscale.ListNodes()
		assert.NoError(ct, err)
		assert.Len(ct, listNodes, nodeCountBeforeLogout, "Node count should match before logout count after re-login")
	}, 20*time.Second, 1*time.Second)
	t.Logf("node count first login: %d, after relogin: %d", nodeCountBeforeLogout, len(listNodes))

	for _, client := range allClients {
		ips, err := client.IPs()
		if err != nil {
			t.Fatalf("failed to get IPs for client %s: %s", client.Hostname(), err)
		}

		// lets check if the IPs are the same
		if len(ips) != len(clientIPs[client]) {
			t.Fatalf("IPs changed for client %s", client.Hostname())
		}

		for _, ip := range ips {
			found := slices.Contains(clientIPs[client], ip)

			if !found {
				t.Fatalf(
					"IPs changed for client %s. Used to be %v now %v",
					client.Hostname(),
					clientIPs[client],
					ips,
				)
			}
		}
	}

	t.Logf("all clients IPs are the same")
}
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`package integration`

			`import (`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`"net/netip"`
Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`"slices"`
integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00			`"testing"`
integration: Use Eventually around external calls (#2685) 2025-07-13 17:37:11 +02:00			`"time"`
Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00
integration: Use Eventually around external calls (#2685) 2025-07-13 17:37:11 +02:00			`v1 "github.com/juanfont/headscale/gen/go/headscale/v1"`
Add testname identifier to hs container Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2022-11-14 15:01:31 +01:00			`"github.com/juanfont/headscale/integration/hsic"`
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`"github.com/samber/lo"`
Rewrite authentication flow (#2374) 2025-02-01 09:16:51 +00:00			`"github.com/stretchr/testify/assert"`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`)`

			`func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {`
			`IntegrationSkip(t)`

Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`spec := ScenarioSpec{`
			`NodesPerUser: len(MustTestVersions),`
			`Users: []string{"user1", "user2"},`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`}`

Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`scenario, err := NewScenario(spec)`
			`if err != nil {`
			`t.Fatalf("failed to create scenario: %s", err)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`}`
add shutdown that asserts if headscale had panics (#2126) Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2024-09-17 10:44:55 +01:00			`defer scenario.ShutdownAssertNoPanics(t)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
fix webauth + autoapprove routes (#2528) * types/node: add helper funcs for node tags Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * types/node: add DebugString method for node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: add String func to AutoApprover interface Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: simplify, use slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: debug, use nodes.DebugString Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: fix potential nil pointer in NodeCanApproveRoute Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: fix diff in login commands Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: fix webauth running with wrong scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: move common oidc opts to func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: require node count, more verbose Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * auth: remove uneffective route approve Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: fmt Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: add id func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: remove call that might be nil Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: test autoapprovers against web/authkey x group/tag/user Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: unique network id per scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Revert "integration: move common oidc opts to func" This reverts commit 7e9d165d4a900c304f1083b665f1a24a26e06e55. * remove cmd Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: clean docker images between runs in ci Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: run autoapprove test against differnt policy modes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: append, not overrwrite extra login args Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: remove polv2 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2025-04-30 08:54:04 +03:00			`err = scenario.CreateHeadscaleEnvWithLoginURL(`
Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`nil,`
Fixed loginUrl with "WithTLS()" used. Added "WithTLS()" to scenario integration tests (#2187) 2024-10-15 15:38:43 +03:00			`hsic.WithTestName("webauthping"),`
			`hsic.WithEmbeddedDERPServerOnly(),`
			`hsic.WithTLS(),`
			`)`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrHeadscaleEnv(t, err)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
			`allClients, err := scenario.ListTailscaleClients()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrListClients(t, err)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
			`allIps, err := scenario.ListTailscaleClientsIPs()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrListClientIPs(t, err)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
			`err = scenario.WaitForTailscaleSync()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrSync(t, err)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2024-02-23 10:59:24 +01:00			`// assertClientsState(t, allClients)`
Add assert func for verifying status, netmap and netcheck (#1723) 2024-02-09 07:26:41 +01:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`allAddrs := lo.Map(allIps, func(x netip.Addr, index int) string {`
			`return x.String()`
			`})`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`success := pingAllHelper(t, allClients, allAddrs)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))`
			`}`

			`func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {`
			`IntegrationSkip(t)`

Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`spec := ScenarioSpec{`
			`NodesPerUser: len(MustTestVersions),`
			`Users: []string{"user1", "user2"},`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`

Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`scenario, err := NewScenario(spec)`
			`assertNoErr(t, err)`
			`defer scenario.ShutdownAssertNoPanics(t)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
fix webauth + autoapprove routes (#2528) * types/node: add helper funcs for node tags Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * types/node: add DebugString method for node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: add String func to AutoApprover interface Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: simplify, use slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: debug, use nodes.DebugString Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: fix potential nil pointer in NodeCanApproveRoute Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: fix diff in login commands Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: fix webauth running with wrong scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: move common oidc opts to func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: require node count, more verbose Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * auth: remove uneffective route approve Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: fmt Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: add id func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: remove call that might be nil Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: test autoapprovers against web/authkey x group/tag/user Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: unique network id per scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Revert "integration: move common oidc opts to func" This reverts commit 7e9d165d4a900c304f1083b665f1a24a26e06e55. * remove cmd Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: clean docker images between runs in ci Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: run autoapprove test against differnt policy modes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: append, not overrwrite extra login args Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: remove polv2 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2025-04-30 08:54:04 +03:00			`err = scenario.CreateHeadscaleEnvWithLoginURL(`
Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`nil,`
use dedicated registration ID for auth flow (#2337) 2025-01-26 22:20:11 +01:00			`hsic.WithTestName("weblogout"),`
			`hsic.WithTLS(),`
			`)`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrHeadscaleEnv(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
			`allClients, err := scenario.ListTailscaleClients()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrListClients(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
			`allIps, err := scenario.ListTailscaleClientsIPs()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrListClientIPs(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
			`err = scenario.WaitForTailscaleSync()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrSync(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2024-02-23 10:59:24 +01:00			`// assertClientsState(t, allClients)`
Add assert func for verifying status, netmap and netcheck (#1723) 2024-02-09 07:26:41 +01:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`allAddrs := lo.Map(allIps, func(x netip.Addr, index int) string {`
			`return x.String()`
			`})`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`success := pingAllHelper(t, allClients, allAddrs)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))`

Rewrite authentication flow (#2374) 2025-02-01 09:16:51 +00:00			`headscale, err := scenario.Headscale()`
			`assertNoErrGetHeadscale(t, err)`

integration: Use Eventually around external calls (#2685) 2025-07-13 17:37:11 +02:00			`var listNodes []*v1.Node`
			`assert.EventuallyWithT(t, func(ct *assert.CollectT) {`
			`var err error`
			`listNodes, err = headscale.ListNodes()`
			`assert.NoError(ct, err)`
			`assert.Len(ct, listNodes, len(allClients), "Node count should match client count after login")`
			`}, 20time.Second, 1time.Second)`
Rewrite authentication flow (#2374) 2025-02-01 09:16:51 +00:00			`nodeCountBeforeLogout := len(listNodes)`
			`t.Logf("node count before logout: %d", nodeCountBeforeLogout)`

Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`clientIPs := make(map[TailscaleClient][]netip.Addr)`
			`for _, client := range allClients {`
			`ips, err := client.IPs()`
			`if err != nil {`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`t.Fatalf("failed to get IPs for client %s: %s", client.Hostname(), err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`
			`clientIPs[client] = ips`
			`}`

			`for _, client := range allClients {`
Add logout method to tsic 2022-12-21 22:29:52 +00:00			`err := client.Logout()`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`if err != nil {`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`t.Fatalf("failed to logout client %s: %s", client.Hostname(), err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`
			`}`

Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`err = scenario.WaitForTailscaleLogout()`
			`assertNoErrLogout(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
			`t.Logf("all clients logged out")`

Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`for _, userName := range spec.Users {`
			`err = scenario.RunTailscaleUpWithURL(userName, headscale.GetEndpoint())`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`if err != nil {`
use dedicated registration ID for auth flow (#2337) 2025-01-26 22:20:11 +01:00			`t.Fatalf("failed to run tailscale up (%q): %s", headscale.GetEndpoint(), err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`
			`}`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`t.Logf("all clients logged in again")`

			`allIps, err = scenario.ListTailscaleClientsIPs()`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`assertNoErrListClientIPs(t, err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`allAddrs = lo.Map(allIps, func(x netip.Addr, index int) string {`
			`return x.String()`
			`})`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`success = pingAllHelper(t, allClients, allAddrs)`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`t.Logf("%d successful pings out of %d", success, len(allClients)*len(allIps))`

integration: Use Eventually around external calls (#2685) 2025-07-13 17:37:11 +02:00			`assert.EventuallyWithT(t, func(ct *assert.CollectT) {`
			`var err error`
			`listNodes, err = headscale.ListNodes()`
			`assert.NoError(ct, err)`
			`assert.Len(ct, listNodes, nodeCountBeforeLogout, "Node count should match before logout count after re-login")`
			`}, 20time.Second, 1time.Second)`
Rewrite authentication flow (#2374) 2025-02-01 09:16:51 +00:00			`t.Logf("node count first login: %d, after relogin: %d", nodeCountBeforeLogout, len(listNodes))`

Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`for _, client := range allClients {`
			`ips, err := client.IPs()`
			`if err != nil {`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`t.Fatalf("failed to get IPs for client %s: %s", client.Hostname(), err)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`

			`// lets check if the IPs are the same`
			`if len(ips) != len(clientIPs[client]) {`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`t.Fatalf("IPs changed for client %s", client.Hostname())`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`

			`for _, ip := range ips {`
Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00			`found := slices.Contains(clientIPs[client], ip)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00
			`if !found {`
Handle errors in integration test setups Thanks @kev-the-dev Closes #1460 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-08-29 08:33:33 +02:00			`t.Fatalf(`
Use pingAll helper for all integration pinging Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2023-02-02 10:14:33 +01:00			`"IPs changed for client %s. Used to be %v now %v",`
			`client.Hostname(),`
			`clientIPs[client],`
			`ips,`
			`)`
Add integration tests that check logout and relogin 2022-12-19 18:15:31 +00:00			`}`
			`}`
			`}`

			`t.Logf("all clients IPs are the same")`
Add web flow auth integration tests 2022-11-13 22:47:24 +01:00			`}`