Merge pull request #183 from juanfont/split-dns

Add support for Split DNS (Restricted Nameservers)
Apply suggestions from code review
2025-08-15 05:08:02 +00:00 · 2021-10-20 10:53:52 +02:00 · 2021-10-20 09:35:56 +02:00 · 2021-10-20 00:19:34 +02:00 · 2021-10-19 20:51:43 +02:00 · 2021-10-19 18:45:37 +02:00
4 changed files with 81 additions and 367 deletions
--- a/app.go
+++ b/app.go
@@ -113,7 +113,10 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
 		if err != nil {
 			return nil, err
 		}
-		h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
+		// we might have routes already from Split DNS
+		if h.cfg.DNSConfig.Routes == nil { 
+			h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
+		}
 		for _, d := range magicDNSDomains {
 			h.cfg.DNSConfig.Routes[d.WithoutTrailingDot()] = nil
 		}
--- a/cmd/headscale/cli/utils.go
+++ b/cmd/headscale/cli/utils.go
@@ -104,6 +104,33 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 			dnsConfig.Nameservers = nameservers
 			dnsConfig.Resolvers = resolvers
 		}
+
+		if viper.IsSet("dns_config.restricted_nameservers") {
+			if len(dnsConfig.Nameservers) > 0 {
+				dnsConfig.Routes = make(map[string][]dnstype.Resolver)
+				restrictedDNS := viper.GetStringMapStringSlice("dns_config.restricted_nameservers")
+				for domain, restrictedNameservers := range restrictedDNS {
+					restrictedResolvers := make([]dnstype.Resolver, len(restrictedNameservers))
+					for index, nameserverStr := range restrictedNameservers {
+						nameserver, err := netaddr.ParseIP(nameserverStr)
+						if err != nil {
+							log.Error().
+								Str("func", "getDNSConfig").
+								Err(err).
+								Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
+						}
+						restrictedResolvers[index] = dnstype.Resolver{
+							Addr: nameserver.String(),
+						}
+					}
+					dnsConfig.Routes[domain] = restrictedResolvers
+				}
+			} else {
+				log.Warn().
+					Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
+			}
+		}
+
 		if viper.IsSet("dns_config.domains") {
 			dnsConfig.Domains = viper.GetStringSlice("dns_config.domains")
 		}
--- a/docs/DNS.md
+++ b/docs/DNS.md
@@ -11,23 +11,29 @@ Long story short, you can define the DNS servers you want to use in your tailnet

 ## Configuration reference

-The setup is done via the `config.json` file, under the `dns_config` key. 
+The setup is done via the `config.yaml` file, under the `dns_config` key. 

-```json
-{
-    "server_url": "http://127.0.0.1:8001",
-    "listen_addr": "0.0.0.0:8001",
-    "private_key_path": "private.key",
-    //...
-    "dns_config": {
-        "nameservers": ["1.1.1.1", "8.8.8.8"],
-        "domains": [],
-        "magic_dns": true,
-        "base_domain": "example.com"
-    }
-}
+```yaml
+server_url: http://127.0.0.1:8001
+listen_addr: 0.0.0.0:8001
+private_key_path: private.key
+dns_config:
+  nameservers:
+  - 1.1.1.1
+  - 8.8.8.8
+  restricted_nameservers:
+    foo.bar.com:
+    - 1.1.1.1
+    darp.headscale.net:
+    - 1.1.1.1
+    - 8.8.8.8
+  domains: []
+  magic_dns: true
+  base_domain: example.com
 ```
+
 - `nameservers`:  The list of DNS servers to use.
 - `domains`: Search domains to inject.
 - `magic_dns`: Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). Only works if there is at least a nameserver defined.
- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
+- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
+- `restricted_nameservers`: Split DNS (see https://tailscale.com/kb/1054/dns/), list of search domains and the DNS to query for each one.
--- a/sharing_test.go
+++ b/sharing_test.go
@@ -35,54 +35,8 @@ func CreateNodeNamespace(c *check.C, namespace, node, key, IP string) (*Namespac
 }

 func (s *Suite) TestBasicSharedNodesInNamespace(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             0,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             1,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")
+	_, m2 := CreateNodeNamespace(c, "shared2", "test_get_shared_nodes_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2")

 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
@@ -98,54 +52,7 @@ func (s *Suite) TestBasicSharedNodesInNamespace(c *check.C) {
 }

 func (s *Suite) TestSameNamespace(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             0,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             1,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")

 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
@@ -182,54 +89,8 @@ func (s *Suite) TestUnshare(c *check.C) {
 }

 func (s *Suite) TestAlreadyShared(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             0,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             1,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")
+	_, m2 := CreateNodeNamespace(c, "shared2", "test_get_shared_nodes_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2")

 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
@@ -242,54 +103,8 @@ func (s *Suite) TestAlreadyShared(c *check.C) {
 }

 func (s *Suite) TestDoNotIncludeRoutesOnShared(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             0,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             1,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")
+	_, m2 := CreateNodeNamespace(c, "shared2", "test_get_shared_nodes_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2")

 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
@@ -305,86 +120,18 @@ func (s *Suite) TestDoNotIncludeRoutesOnShared(c *check.C) {
 }

 func (s *Suite) TestComplexSharingAcrossNamespaces(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	n3, err := h.CreateNamespace("shared3")
-	c.Assert(err, check.IsNil)
-
-	pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak3, err := h.CreatePreAuthKey(n3.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")
+	_, m2 := CreateNodeNamespace(c, "shared2", "test_get_shared_nodes_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2")
+	_, m3 := CreateNodeNamespace(c, "shared3", "test_get_shared_nodes_3", "6e704bee83eb93db6fc2c417d7882964cd3f8cc87082cbb645982e34020c76c8", "100.64.0.3")

 	pak4, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
 	c.Assert(err, check.IsNil)

-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             1,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             2,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
-
-	m3 := &Machine{
-		ID:             3,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_3",
-		NamespaceID:    n3.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.3",
-		AuthKeyID:      uint(pak3.ID),
-	}
-	h.db.Save(m3)
-
-	_, err = h.GetMachine(n3.Name, m3.Name)
-	c.Assert(err, check.IsNil)
-
 	m4 := &Machine{
 		ID:             4,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
+		MachineKey:     "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
+		NodeKey:        "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
+		DiscoKey:       "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
 		Name:           "test_get_shared_nodes_4",
 		NamespaceID:    n1.ID,
 		Registered:     true,
@@ -400,7 +147,7 @@ func (s *Suite) TestComplexSharingAcrossNamespaces(c *check.C) {
 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(p1s), check.Equals, 1) // node1 can see node4
-	c.Assert(p1s[0].Name, check.Equals, "test_get_shared_nodes_4")
+	c.Assert(p1s[0].Name, check.Equals, m4.Name)

 	err = h.AddSharedMachineToNamespace(m2, n1)
 	c.Assert(err, check.IsNil)
@@ -408,13 +155,13 @@ func (s *Suite) TestComplexSharingAcrossNamespaces(c *check.C) {
 	p1sAfter, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(p1sAfter), check.Equals, 2) // node1 can see node2 (shared) and node4 (same namespace)
-	c.Assert(p1sAfter[0].Name, check.Equals, "test_get_shared_nodes_2")
-	c.Assert(p1sAfter[1].Name, check.Equals, "test_get_shared_nodes_4")
+	c.Assert(p1sAfter[0].Name, check.Equals, m2.Name)
+	c.Assert(p1sAfter[1].Name, check.Equals, m4.Name)

 	node1shared, err := h.getShared(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(node1shared), check.Equals, 1) // node1 can see node2 as shared
-	c.Assert(node1shared[0].Name, check.Equals, "test_get_shared_nodes_2")
+	c.Assert(node1shared[0].Name, check.Equals, m2.Name)

 	pAlone, err := h.getPeers(m3)
 	c.Assert(err, check.IsNil)
@@ -423,91 +170,22 @@ func (s *Suite) TestComplexSharingAcrossNamespaces(c *check.C) {
 	pSharedTo, err := h.getPeers(m2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(pSharedTo), check.Equals, 2) // node2 should see node1 (sharedTo) and node4 (sharedTo), as is shared in namespace1
-	c.Assert(pSharedTo[0].Name, check.Equals, "test_get_shared_nodes_1")
-	c.Assert(pSharedTo[1].Name, check.Equals, "test_get_shared_nodes_4")
+	c.Assert(pSharedTo[0].Name, check.Equals, m1.Name)
+	c.Assert(pSharedTo[1].Name, check.Equals, m4.Name)
 }

 func (s *Suite) TestDeleteSharedMachine(c *check.C) {
-	n1, err := h.CreateNamespace("shared1")
-	c.Assert(err, check.IsNil)
-
-	n2, err := h.CreateNamespace("shared2")
-	c.Assert(err, check.IsNil)
-
-	n3, err := h.CreateNamespace("shared3")
-	c.Assert(err, check.IsNil)
-
-	pak1n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak2n2, err := h.CreatePreAuthKey(n2.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
-
-	pak3n3, err := h.CreatePreAuthKey(n3.Name, false, false, nil)
-	c.Assert(err, check.IsNil)
+	n1, m1 := CreateNodeNamespace(c, "shared1", "test_get_shared_nodes_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1")
+	_, m2 := CreateNodeNamespace(c, "shared2", "test_get_shared_nodes_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2")
+	_, m3 := CreateNodeNamespace(c, "shared3", "test_get_shared_nodes_3", "6e704bee83eb93db6fc2c417d7882964cd3f8cc87082cbb645982e34020c76c8", "100.64.0.3")

 	pak4n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil)
 	c.Assert(err, check.IsNil)
-
-	_, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	m1 := &Machine{
-		ID:             1,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Name:           "test_get_shared_nodes_1",
-		NamespaceID:    n1.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.1",
-		AuthKeyID:      uint(pak1n1.ID),
-	}
-	h.db.Save(m1)
-
-	_, err = h.GetMachine(n1.Name, m1.Name)
-	c.Assert(err, check.IsNil)
-
-	m2 := &Machine{
-		ID:             2,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_2",
-		NamespaceID:    n2.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.2",
-		AuthKeyID:      uint(pak2n2.ID),
-	}
-	h.db.Save(m2)
-
-	_, err = h.GetMachine(n2.Name, m2.Name)
-	c.Assert(err, check.IsNil)
-
-	m3 := &Machine{
-		ID:             3,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Name:           "test_get_shared_nodes_3",
-		NamespaceID:    n3.ID,
-		Registered:     true,
-		RegisterMethod: "authKey",
-		IPAddress:      "100.64.0.3",
-		AuthKeyID:      uint(pak3n3.ID),
-	}
-	h.db.Save(m3)
-
-	_, err = h.GetMachine(n3.Name, m3.Name)
-	c.Assert(err, check.IsNil)
-
 	m4 := &Machine{
 		ID:             4,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
+		MachineKey:     "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
+		NodeKey:        "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
+		DiscoKey:       "4c3e07c3ecd40e9c945bb6797557c451850691c0409740578325e17009dd298f",
 		Name:           "test_get_shared_nodes_4",
 		NamespaceID:    n1.ID,
 		Registered:     true,
@@ -523,7 +201,7 @@ func (s *Suite) TestDeleteSharedMachine(c *check.C) {
 	p1s, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(p1s), check.Equals, 1) // nodes 1 and 4
-	c.Assert(p1s[0].Name, check.Equals, "test_get_shared_nodes_4")
+	c.Assert(p1s[0].Name, check.Equals, m4.Name)

 	err = h.AddSharedMachineToNamespace(m2, n1)
 	c.Assert(err, check.IsNil)
@@ -531,13 +209,13 @@ func (s *Suite) TestDeleteSharedMachine(c *check.C) {
 	p1sAfter, err := h.getPeers(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(p1sAfter), check.Equals, 2) // nodes 1, 2, 4
-	c.Assert(p1sAfter[0].Name, check.Equals, "test_get_shared_nodes_2")
-	c.Assert(p1sAfter[1].Name, check.Equals, "test_get_shared_nodes_4")
+	c.Assert(p1sAfter[0].Name, check.Equals, m2.Name)
+	c.Assert(p1sAfter[1].Name, check.Equals, m4.Name)

 	node1shared, err := h.getShared(m1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(node1shared), check.Equals, 1) // nodes 1, 2, 4
-	c.Assert(node1shared[0].Name, check.Equals, "test_get_shared_nodes_2")
+	c.Assert(node1shared[0].Name, check.Equals, m2.Name)

 	pAlone, err := h.getPeers(m3)
 	c.Assert(err, check.IsNil)
Author	SHA1	Message	Date
Juan Font	03d97c3872	Merge pull request #183 from juanfont/split-dns Add support for Split DNS (Restricted Nameservers)	2021-10-20 10:53:52 +02:00
Juan Font	41c5a0ddf5	Apply suggestions from code review Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>	2021-10-20 09:35:56 +02:00
Juan Font	19165a40d2	Merge branch 'main' into split-dns	2021-10-20 00:19:34 +02:00
Juan Font Alonso	18b00b5d8d	Add support for Split DNS (implements #179 )	2021-10-19 20:51:43 +02:00
Juan Font	d2a162e3ee	Merge pull request #178 from cure/refactor-sharing-tests Apply some DRY to the sharing tests.	2021-10-19 18:45:37 +02:00
Ward Vandewege	d35f5fe498	Apply some DRY to the sharing tests.	2021-10-18 17:52:38 -04:00