Kristoffer Dalby
feb15365b5
Split code into modules
...
This is a massive commit that restructures the code into modules:
db/
All functions related to modifying the Database
types/
All type definitions and methods that can be exclusivly used on
these types without dependencies
policy/
All Policy related code, now without dependencies on the Database.
policy/matcher/
Dedicated code to match machines in a list of FilterRules
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-26 12:24:50 +02:00
Kristoffer Dalby
14e29a7bee
create DB struct
...
This is step one in detaching the Database layer from Headscale (h). The
ultimate goal is to have all function that does database operations in
its own package, and keep the business logic and writing separate.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-26 12:24:50 +02:00
Kristoffer Dalby
61a2915f17
port reminder of integrationv1 test to v2
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 20:47:51 +02:00
Kristoffer Dalby
52ad138c32
update dependency path for integration
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 20:47:51 +02:00
Kristoffer Dalby
735b185e7f
use IPSet in acls instead of string slice
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
ccedf276ab
add a filter case with really large destination set #1372
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
b23a9153df
trim dockerfiles, script to rebuild test images ( #1403 )
2023-05-02 10:51:30 +01:00
Kristoffer Dalby
56dd734300
Add go profiling flag, and enable on integration tests ( #1382 )
2023-04-27 16:57:11 +02:00
Juan Font
96f9680afd
Reuse Ping function for DERP ping
2023-04-24 12:17:24 +02:00
Juan Font
b465592c07
Do not use host networking in embedded DERP tests
...
fixed linting
2023-04-24 12:17:24 +02:00
Juan Font
eacd687dbf
Added DERP integration tests
...
Linting fixes
Set listen addr to :8443
2023-04-24 12:17:24 +02:00
Juan Font
549f5a164d
Expand surface of hsic for better TLS support
2023-04-24 12:17:24 +02:00
Juan Font
bb07aec82c
Expand tsic to offer PingViaDerp
2023-04-24 12:17:24 +02:00
Kristoffer Dalby
5e74ca9414
Fix IPv6 in ACLs ( #1339 )
2023-04-16 12:26:35 +02:00
Juan Font
9836b097a4
Make sure all clients of a user are ready ( #1335 )
2023-04-12 09:25:51 +02:00
Juan Font
6eea96eabc
Added 1.38.4 in the new tests
2023-04-07 19:45:46 +02:00
Kristoffer Dalby
ceeef40cdf
Add tests to verify "Hosts" aliases in ACL ( #1304 )
2023-04-03 10:08:48 +02:00
Kristoffer Dalby
c7b459b615
Fix issue where ACL * would filter out returning connections ( #1279 )
2023-03-27 19:19:32 +02:00
Kristoffer Dalby
e38efd3cfa
Add ACL test for limiting a single port. ( #1258 )
2023-03-20 08:52:52 +01:00
Kristoffer Dalby
a5562850a7
MapResponse optimalisations, peer list integration tests ( #1254 )
...
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
Juan Font
54f5c249f1
Fix various linting issues + golang-lint upgrade ( #1245 )
2023-03-03 18:22:47 +01:00
Kristoffer Dalby
e65ce17f7b
Add documentation to integration test framework
...
so tsic, hsic and scenario
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 16:25:58 +01:00
Kristoffer Dalby
b190ec8edc
Add section about running locally
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 16:25:58 +01:00
Kristoffer Dalby
c39085911f
Add node expiry test
...
This commits adds a test to verify that nodes get updated if a node in
their network expires.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby
97a909866d
Use pingAll helper for all integration pinging
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby
673638afe7
Use ripgrep to find list of tests
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-01 10:58:37 +01:00
Kristoffer Dalby
da48cf64b3
Set OpenID Connect Expiry
...
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).
In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.
This fixes #1176 .
Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-31 18:55:16 +01:00
Kristoffer Dalby
727d95b477
Improve generated integration tests
...
- Save logs from control(headscale) on every run to tmp
- Upgrade nix-actions
- Cancel builds if new commit is pushed
- Fix a sorting bug in user command test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 14:43:03 +01:00
Christian Heusel
9f6e546522
modify the test to reflect the changes on the webinterface
...
related to 2d44a1c99c17
Signed-off-by: Christian Heusel <christian@heusel.eu>
2023-01-26 08:33:44 +01:00
Juan Font
9714900db9
Target Tailscale 1.36.0
2023-01-26 07:50:03 +01:00
Kristoffer Dalby
90287a6735
gofumpt
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby
e3a2593344
Rename [Nn]amespace -> [Uu]ser in go code
...
Use gopls, ag and perl to rename all occurances of Namespace
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Motiejus Jakštys
bafb6791d3
oidc: allow reading the client secret from a file
...
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.
[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
Kristoffer Dalby
93aca81c1c
Read integration test config from Env
...
This commit sets the Headscale config from env instead of file for
integration tests, the main point is to make sure that when we add per
test config, it properly replaces the config key and not append it or
something similar.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 23:06:43 +01:00
Kristoffer Dalby
b3a0c4a63b
Add integration readme
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Juan Font
55a3885614
Added integration tests for ephemeral nodes
...
Fetch the machines from headscale
2023-01-05 14:59:02 +01:00
Even Holthe
23a595c26f
oidc: add test for expiring nodes after token expiration
2023-01-04 09:23:52 +01:00
Even Holthe
6de26b1d7c
Remove Tailscale v1.18.2 from test matrix
2023-01-02 16:06:12 +01:00
Juan Font
3e9ee816f9
Add integration tests for logout with authkey
2022-12-22 20:02:18 +01:00
Juan Font
2494e27a73
Make WaitForTailscaleLogout a Scenario method
2022-12-22 20:02:18 +01:00
Juan Font
b7d7fc57c4
Add logout method to tsic
2022-12-22 00:09:21 +01:00
Juan Font
b54c0e3d22
Add integration tests that check logout and relogin
2022-12-21 20:52:08 +01:00
Juan Font Alonso
2bf576ea8a
Disable Tailscale 1.16 in integration tests
2022-12-09 19:11:24 +01:00
Juan Font
52862b8a22
Port integration tests routes CLI to v2
...
Fix options signature
2022-12-06 08:17:14 +01:00
Kristoffer Dalby
7b8cf5ef1a
Add 1.34.0 to integration tests
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby
6f4c6c1876
Ignore tparallel where it doesnt make sense
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-01 14:45:11 +01:00
Kristoffer Dalby
c02e105065
Mark the flag properly experimental
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
22da5bfc1d
Enable SSH for tests
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
91ed6e2197
Allow WithEnv to be passed multiple times
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
d71aef3b98
Mark all tests with Parallel
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
8a79c2e7ed
Do not retry on permission denied in ssh
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
f34e7c341b
Strip newline from hostname
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
e28d308796
Add negative tests
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Even Holthe
f610be632e
SSH: add test between namespaces
2022-11-26 11:53:31 +01:00
Even Holthe
fd6d25b5c1
SSH: Lint and typos
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
3695284286
Make simple initial test case
...
This commit makes the initial SSH test a bit simpler:
- Use the same pattern/functions for all clients as other tests
- Only test within _one_ namespace/user to confirm the base case
- Use retry function, same as taildrop, there is some funky going on
there...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
cfaa36e51a
Add method to expose container id
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Even Holthe
519f22f9bf
SSH integration test setup
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
e7f322b9b6
Mark all tests to run in parallel
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-22 13:18:58 +01:00
Juan Font
1b0e80bb10
Add OIDC integration tests
...
* Port OIDC integration tests to v2
* Move Tailscale old versions to TS2019 list
* Remove Alpine Linux container
* Updated changelog
* Releases: use flavor to set the tag suffix
* Added more debug messages in OIDC registration
* Added more logging
* Do not strip nodekey prefix on handle expired
* Updated changelog
* Add WithHostnameAsServerURL option func
* Reduce the number of namespaces and use hsic.WithHostnameAsServerURL
* Linting fix
* Fix linting issues
* Wait for ready outside the up goroutine
* Minor change in log message
* Add prefix to env var
* Remove unused env var
Co-authored-by: Juan Font <juan.font@esa.int>
Co-authored-by: Steven Honson <steven@honson.id.au>
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-11-21 21:51:54 +01:00
Kristoffer Dalby
4ccc528d96
Remove some very verbose error outputs
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-21 14:37:50 +01:00
Juan Font
d461097247
Remove mTLS stuff from code
2022-11-19 19:50:34 +01:00
Juan Font
f90a3c196c
Move TS WaitForReady outside up goroutine
2022-11-19 17:16:08 +01:00
Juan Font
9269dd01f5
Move Tailscale old versions to TS2019 list
2022-11-14 23:06:30 +01:00
Kristoffer Dalby
46df219ed3
Add testname identifier to hs container
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
835288d864
Remove unused variable
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
93d56362af
Lock and unify headscale start/get method
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
4799859be0
Fix renamed method
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
8e44596171
less verbose command output
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
d479234058
Split ts versions into 2019/2021 for dedicated tests later
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
3fc5866de0
Remove duplicate function
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
f3c40086ac
Make TLS setup work automatically
...
This commit injects the per-test-generated tls certs into the tailscale
container and makes sure all can ping all. It does not test any of the
DERP isolation yet.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
09ed21edd8
Remove duplicate function
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
456479eaa1
Rename and move wait for headscale
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
cb87852825
Add nolint to gosec stuff that doesnt matter because test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
69440058bb
Clean up cert function
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby
9bc6ac0f35
Make TLS setup work automatically
...
This commit injects the per-test-generated tls certs into the tailscale
container and makes sure all can ping all. It does not test any of the
DERP isolation yet.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Juan Font Alonso
89ff5c83d2
Add web flow auth integration tests
2022-11-14 08:47:02 +01:00
Juan Font Alonso
0a47d694be
Return the real port of the container
2022-11-14 08:47:02 +01:00
Juan Font Alonso
a9251d6652
Fixed linter issues
2022-11-13 22:33:41 +01:00
Juan Font Alonso
f9c44f11d6
Added method to run tailscale up without authkey
2022-11-13 22:33:41 +01:00
Juan Font Alonso
1f8bd24a0d
Return stderr in tsic.Execute
2022-11-13 22:33:41 +01:00
Juan Font Alonso
7bf2eb3d71
Update Tailscale interface with new Execute signature
2022-11-13 22:33:41 +01:00
Juan Font Alonso
9989657c0f
Wait for tailscale client to be ready after tailscale up
2022-11-13 18:30:00 +01:00
Juan Font Alonso
cb2790984f
Added WaitForReady() to Tailscale interface
...
When using running `tailscale up` in the AuthKey flow process, the tailscale client immediately enters PollMap after registration - avoiding a race condition.
When using the web auth (up -> go to the Control website -> CLI `register`) the client is polling checking if it has been authorized. If we immediately ask for the client IP, as done in CreateHeadscaleEnv() we might have the client in NotReady status.
This method provides a way to wait for the client to be ready.
Signed-off-by: Juan Font Alonso <juanfontalonso@gmail.com>
2022-11-13 18:30:00 +01:00
Kristoffer Dalby
d8c856e602
Add basic accept all acl to all test as example
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
aad4c90fe6
Add options to hsic, ACL and env overrides
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
4f9fe93146
golangci-lint --fix
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
96fe6aa3a1
Remove unused func, comment out configobject way
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
947e961a3a
Write headcsale config file from code, not depend on directory
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
43731cad2e
Add helper function to add files to hs container
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
ac15b21720
Remove tab from YAML
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
dfc03a6124
Ditch stupid distroless image for debug/test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby
7e6ab19270
Port preauthkey subcommand tests
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby
5013187aaf
Add some sort stability
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby
239ef16ad1
Add preauthkey command test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby
cb61a490e0
Add namespace command test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby
2c0488da0b
Add Execute helper for controlserver
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby
fe4e05b0bc
only print stdout on err
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-25 09:24:05 +02:00
Kristoffer Dalby
7015d72911
port resolve magicdns test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 14:59:14 +02:00