Skip to content

Commit

Permalink
chop chop
Browse files Browse the repository at this point in the history 
Signed-off-by: Kristoffer Dalby <[email protected]>
  • Loading branch information
@kradalby
kradalby committed Feb 13, 2025
1 parent 175f5be commit d658a67
Show file tree
Hide file tree
Showing 7 changed files with 190 additions and 198 deletions.
5 changes: 1 addition & 4 deletions hscontrol/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,16 +87,13 @@ func (h *Headscale) handleExistingNode(
// If the request expiry is in the past, we consider it a logout.
if requestExpiry.Before(time.Now()) {
if node.IsEphemeral() {
changedNodes, err := h.db.DeleteNode(node, h.nodeNotifier.LikelyConnectedMap())
err := h.db.DeleteNode(node)
if err != nil {
return nil, fmt.Errorf("deleting ephemeral node: %w", err)
}

ctx := types.NotifyCtx(context.Background(), "logout-ephemeral", "na")
h.nodeNotifier.NotifyAll(ctx, types.UpdatePeerRemoved(node.ID))
if changedNodes != nil {
h.nodeNotifier.NotifyAll(ctx, types.UpdatePeerChanged(changedNodes...))
}
}

expired = true
Expand Down
29 changes: 29 additions & 0 deletions hscontrol/db/db_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -454,3 +454,32 @@ func TestMigrationsPostgres(t *testing.T) {
})
}
}

func dbForTest(t *testing.T, testName string) *HSDatabase {
t.Helper()

tmpDir, err := os.MkdirTemp("", testName)
if err != nil {
t.Fatalf("creating tempdir: %s", err)
}

dbPath := tmpDir + "/headscale_test.db"

db, err = NewHeadscaleDatabase(
types.DatabaseConfig{
Type: "sqlite3",
Sqlite: types.SqliteConfig{
Path: dbPath,
},
},
"",
emptyCache(),
)
if err != nil {
t.Fatalf("setting up database: %s", err)
}

t.Logf("database set up at: %s", dbPath)

return db
}
275 changes: 137 additions & 138 deletions hscontrol/db/node_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ import (
"github.com/stretchr/testify/require"
"gopkg.in/check.v1"
"gorm.io/gorm"
"tailscale.com/net/tsaddr"
"tailscale.com/tailcfg"
"tailscale.com/types/key"
"tailscale.com/types/ptr"
)
Expand Down Expand Up @@ -457,142 +455,143 @@ func TestHeadscale_generateGivenName(t *testing.T) {
}
}

func TestAutoApproveRoutes(t *testing.T) {
tests := []struct {
name string
acl string
routes []netip.Prefix
want []netip.Prefix
}{
{
name: "2068-approve-issue-sub",
acl: `
{
"groups": {
"group:k8s": ["test"]
},
"acls": [
{"action": "accept", "users": ["*"], "ports": ["*:*"]},
],
"autoApprovers": {
"routes": {
"10.42.0.0/16": ["test"],
}
}
}`,
routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
want: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
},
{
name: "2068-approve-issue-sub",
acl: `
{
"tagOwners": {
"tag:exit": ["test"],
},
"groups": {
"group:test": ["test"]
},
"acls": [
{"action": "accept", "users": ["*"], "ports": ["*:*"]},
],
"autoApprovers": {
"exitNode": ["tag:exit"],
"routes": {
"10.10.0.0/16": ["group:test"],
"10.11.0.0/16": ["test"],
}
}
}`,
routes: []netip.Prefix{
tsaddr.AllIPv4(),
tsaddr.AllIPv6(),
netip.MustParsePrefix("10.10.0.0/16"),
netip.MustParsePrefix("10.11.0.0/24"),
},
want: []netip.Prefix{
tsaddr.AllIPv4(),
netip.MustParsePrefix("10.10.0.0/16"),
netip.MustParsePrefix("10.11.0.0/24"),
tsaddr.AllIPv6(),
},
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
adb, err := newSQLiteTestDB()
require.NoError(t, err)
pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))

require.NoError(t, err)
require.NotNil(t, pol)

user, err := adb.CreateUser(types.User{Name: "test"})
require.NoError(t, err)

pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
require.NoError(t, err)

nodeKey := key.NewNode()
machineKey := key.NewMachine()

v4 := netip.MustParseAddr("100.64.0.1")
node := types.Node{
ID: 0,
MachineKey: machineKey.Public(),
NodeKey: nodeKey.Public(),
Hostname: "test",
UserID: user.ID,
RegisterMethod: util.RegisterMethodAuthKey,
AuthKeyID: ptr.To(pak.ID),
Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{"tag:exit"},
RoutableIPs: tt.routes,
},
IPv4: &v4,
}

trx := adb.DB.Save(&node)
require.NoError(t, trx.Error)

sendUpdate, err := adb.SaveNodeRoutes(&node)
require.NoError(t, err)
assert.False(t, sendUpdate)

node0ByID, err := adb.GetNodeByID(0)
require.NoError(t, err)

users, err := adb.ListUsers()
assert.NoError(t, err)

nodes, err := adb.ListNodes()
assert.NoError(t, err)

pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
assert.NoError(t, err)

// TODO(kradalby): Check state update
err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
require.NoError(t, err)

enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
require.NoError(t, err)
assert.Len(t, enabledRoutes, len(tt.want))

tsaddr.SortPrefixes(enabledRoutes)

if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
}
})
}
}
// TODO(kradalby): replace this test
// func TestAutoApproveRoutes(t *testing.T) {
// tests := []struct {
// name string
// acl string
// routes []netip.Prefix
// want []netip.Prefix
// }{
// {
// name: "2068-approve-issue-sub",
// acl: `
// {
// "groups": {
// "group:k8s": ["test"]
// },

// "acls": [
// {"action": "accept", "users": ["*"], "ports": ["*:*"]},
// ],

// "autoApprovers": {
// "routes": {
// "10.42.0.0/16": ["test"],
// }
// }
// }`,
// routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
// want: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
// },
// {
// name: "2068-approve-issue-sub",
// acl: `
// {
// "tagOwners": {
// "tag:exit": ["test"],
// },

// "groups": {
// "group:test": ["test"]
// },

// "acls": [
// {"action": "accept", "users": ["*"], "ports": ["*:*"]},
// ],

// "autoApprovers": {
// "exitNode": ["tag:exit"],
// "routes": {
// "10.10.0.0/16": ["group:test"],
// "10.11.0.0/16": ["test"],
// }
// }
// }`,
// routes: []netip.Prefix{
// tsaddr.AllIPv4(),
// tsaddr.AllIPv6(),
// netip.MustParsePrefix("10.10.0.0/16"),
// netip.MustParsePrefix("10.11.0.0/24"),
// },
// want: []netip.Prefix{
// tsaddr.AllIPv4(),
// netip.MustParsePrefix("10.10.0.0/16"),
// netip.MustParsePrefix("10.11.0.0/24"),
// tsaddr.AllIPv6(),
// },
// },
// }

// for _, tt := range tests {
// t.Run(tt.name, func(t *testing.T) {
// adb, err := newSQLiteTestDB()
// require.NoError(t, err)
// pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))

// require.NoError(t, err)
// require.NotNil(t, pol)

// user, err := adb.CreateUser(types.User{Name: "test"})
// require.NoError(t, err)

// pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
// require.NoError(t, err)

// nodeKey := key.NewNode()
// machineKey := key.NewMachine()

// v4 := netip.MustParseAddr("100.64.0.1")
// node := types.Node{
// ID: 0,
// MachineKey: machineKey.Public(),
// NodeKey: nodeKey.Public(),
// Hostname: "test",
// UserID: user.ID,
// RegisterMethod: util.RegisterMethodAuthKey,
// AuthKeyID: ptr.To(pak.ID),
// Hostinfo: &tailcfg.Hostinfo{
// RequestTags: []string{"tag:exit"},
// RoutableIPs: tt.routes,
// },
// IPv4: &v4,
// }

// trx := adb.DB.Save(&node)
// require.NoError(t, trx.Error)

// sendUpdate, err := adb.SaveNodeRoutes(&node)
// require.NoError(t, err)
// assert.False(t, sendUpdate)

// node0ByID, err := adb.GetNodeByID(0)
// require.NoError(t, err)

// users, err := adb.ListUsers()
// assert.NoError(t, err)

// nodes, err := adb.ListNodes()
// assert.NoError(t, err)

// pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
// assert.NoError(t, err)

// // TODO(kradalby): Check state update
// err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
// require.NoError(t, err)

// enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
// require.NoError(t, err)
// assert.Len(t, enabledRoutes, len(tt.want))

// tsaddr.SortPrefixes(enabledRoutes)

// if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
// t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
// }
// })
// }
// }

func TestEphemeralGarbageCollectorOrder(t *testing.T) {
want := []types.NodeID{1, 3}
Expand Down
29 changes: 7 additions & 22 deletions hscontrol/mapper/mapper_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,28 +182,15 @@ func Test_fullMapResponse(t *testing.T) {
AuthKey: &types.PreAuthKey{},
LastSeen: &lastSeen,
Expiry: &expire,
Hostinfo: &tailcfg.Hostinfo{},
Routes: []types.Route{
{
Prefix: tsaddr.AllIPv4(),
Advertised: true,
Enabled: true,
IsPrimary: false,
},
{
Prefix: netip.MustParsePrefix("192.168.0.0/24"),
Advertised: true,
Enabled: true,
IsPrimary: true,
},
{
Prefix: netip.MustParsePrefix("172.0.0.0/10"),
Advertised: true,
Enabled: false,
IsPrimary: true,
Hostinfo: &tailcfg.Hostinfo{
RoutableIPs: []netip.Prefix{
tsaddr.AllIPv4(),
netip.MustParsePrefix("192.168.0.0/24"),
netip.MustParsePrefix("172.0.0.0/10"),
},
},
CreatedAt: created,
ApprovedRoutes: []netip.Prefix{tsaddr.AllIPv4(), netip.MustParsePrefix("192.168.0.0/24")},
CreatedAt: created,
}

tailMini := &tailcfg.Node{
Expand Down Expand Up @@ -263,7 +250,6 @@ func Test_fullMapResponse(t *testing.T) {
LastSeen: &lastSeen,
Expiry: &expire,
Hostinfo: &tailcfg.Hostinfo{},
Routes: []types.Route{},
CreatedAt: created,
}

Expand Down Expand Up @@ -319,7 +305,6 @@ func Test_fullMapResponse(t *testing.T) {
LastSeen: &lastSeen,
Expiry: &expire,
Hostinfo: &tailcfg.Hostinfo{},
Routes: []types.Route{},
CreatedAt: created,
}

Expand Down
Loading

0 comments on commit d658a67

Please sign in to comment.