Merge branch 'main' into integration-acl-init

juanfont · Jan 6, 2023 · 4f897df · 4f897df
2 parents 09edfc3 + 93aca81
commit 4f897df
Show file tree

Hide file tree

Showing 25 changed files with 78 additions and 36 deletions.
diff --git a/.github/workflows/test-integration-v2-TestAuthKeyLogoutAndRelogin.yaml b/.github/workflows/test-integration-v2-TestAuthKeyLogoutAndRelogin.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestAuthKeyLogoutAndRelogin
+                  -run "^TestAuthKeyLogoutAndRelogin$"
diff --git a/.github/workflows/test-integration-v2-TestAuthWebFlowAuthenticationPingAll.yaml b/.github/workflows/test-integration-v2-TestAuthWebFlowAuthenticationPingAll.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestAuthWebFlowAuthenticationPingAll
+                  -run "^TestAuthWebFlowAuthenticationPingAll$"
diff --git a/.github/workflows/test-integration-v2-TestAuthWebFlowLogoutAndRelogin.yaml b/.github/workflows/test-integration-v2-TestAuthWebFlowLogoutAndRelogin.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestAuthWebFlowLogoutAndRelogin
+                  -run "^TestAuthWebFlowLogoutAndRelogin$"
diff --git a/.github/workflows/test-integration-v2-TestCreateTailscale.yaml b/.github/workflows/test-integration-v2-TestCreateTailscale.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestCreateTailscale
+                  -run "^TestCreateTailscale$"
diff --git a/.github/workflows/test-integration-v2-TestEnablingRoutes.yaml b/.github/workflows/test-integration-v2-TestEnablingRoutes.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestEnablingRoutes
+                  -run "^TestEnablingRoutes$"
diff --git a/.github/workflows/test-integration-v2-TestHeadscale.yaml b/.github/workflows/test-integration-v2-TestHeadscale.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestHeadscale
+                  -run "^TestHeadscale$"
diff --git a/.github/workflows/test-integration-v2-TestNamespaceCommand.yaml b/.github/workflows/test-integration-v2-TestNamespaceCommand.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestNamespaceCommand
+                  -run "^TestNamespaceCommand$"
diff --git a/.github/workflows/test-integration-v2-TestOIDCAuthenticationPingAll.yaml b/.github/workflows/test-integration-v2-TestOIDCAuthenticationPingAll.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestOIDCAuthenticationPingAll
+                  -run "^TestOIDCAuthenticationPingAll$"
diff --git a/.github/workflows/test-integration-v2-TestOIDCExpireNodes.yaml b/.github/workflows/test-integration-v2-TestOIDCExpireNodes.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestOIDCExpireNodes
+                  -run "^TestOIDCExpireNodes$"
diff --git a/.github/workflows/test-integration-v2-TestPingAllByHostname.yaml b/.github/workflows/test-integration-v2-TestPingAllByHostname.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestPingAllByHostname
+                  -run "^TestPingAllByHostname$"
diff --git a/.github/workflows/test-integration-v2-TestPingAllByIP.yaml b/.github/workflows/test-integration-v2-TestPingAllByIP.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestPingAllByIP
+                  -run "^TestPingAllByIP$"
diff --git a/.github/workflows/test-integration-v2-TestPreAuthKeyCommand.yaml b/.github/workflows/test-integration-v2-TestPreAuthKeyCommand.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestPreAuthKeyCommand
+                  -run "^TestPreAuthKeyCommand$"
diff --git a/.github/workflows/test-integration-v2-TestPreAuthKeyCommandReusableEphemeral.yaml b/.github/workflows/test-integration-v2-TestPreAuthKeyCommandReusableEphemeral.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestPreAuthKeyCommandReusableEphemeral
+                  -run "^TestPreAuthKeyCommandReusableEphemeral$"
diff --git a/.github/workflows/test-integration-v2-TestPreAuthKeyCommandWithoutExpiry.yaml b/.github/workflows/test-integration-v2-TestPreAuthKeyCommandWithoutExpiry.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestPreAuthKeyCommandWithoutExpiry
+                  -run "^TestPreAuthKeyCommandWithoutExpiry$"
diff --git a/.github/workflows/test-integration-v2-TestResolveMagicDNS.yaml b/.github/workflows/test-integration-v2-TestResolveMagicDNS.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestResolveMagicDNS
+                  -run "^TestResolveMagicDNS$"
diff --git a/.github/workflows/test-integration-v2-TestSSHIsBlockedInACL.yaml b/.github/workflows/test-integration-v2-TestSSHIsBlockedInACL.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestSSHIsBlockedInACL
+                  -run "^TestSSHIsBlockedInACL$"
diff --git a/.github/workflows/test-integration-v2-TestSSHMultipleNamespacesAllToAll.yaml b/.github/workflows/test-integration-v2-TestSSHMultipleNamespacesAllToAll.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestSSHMultipleNamespacesAllToAll
+                  -run "^TestSSHMultipleNamespacesAllToAll$"
diff --git a/.github/workflows/test-integration-v2-TestSSHNoSSHConfigured.yaml b/.github/workflows/test-integration-v2-TestSSHNoSSHConfigured.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestSSHNoSSHConfigured
+                  -run "^TestSSHNoSSHConfigured$"
diff --git a/.github/workflows/test-integration-v2-TestSSHOneNamespaceAllToAll.yaml b/.github/workflows/test-integration-v2-TestSSHOneNamespaceAllToAll.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestSSHOneNamespaceAllToAll
+                  -run "^TestSSHOneNamespaceAllToAll$"
diff --git a/.github/workflows/test-integration-v2-TestSSNamespaceOnlyIsolation.yaml b/.github/workflows/test-integration-v2-TestSSNamespaceOnlyIsolation.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestSSNamespaceOnlyIsolation
+                  -run "^TestSSNamespaceOnlyIsolation$"
diff --git a/.github/workflows/test-integration-v2-TestTaildrop.yaml b/.github/workflows/test-integration-v2-TestTaildrop.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestTaildrop
+                  -run "^TestTaildrop$"
diff --git a/.github/workflows/test-integration-v2-TestTailscaleNodesJoiningHeadcale.yaml b/.github/workflows/test-integration-v2-TestTailscaleNodesJoiningHeadcale.yaml
@@ -44,4 +44,4 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run TestTailscaleNodesJoiningHeadcale
+                  -run "^TestTailscaleNodesJoiningHeadcale$"
diff --git a/cmd/gh-action-integration-generator/main.go b/cmd/gh-action-integration-generator/main.go
@@ -58,7 +58,7 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run {{.Name}}
+                  -run "^{{.Name}}$"
 `))
 )
 

diff --git a/integration/hsic/config.go b/integration/hsic/config.go
@@ -60,6 +60,8 @@ package hsic
 // }
 
 // TODO: Reuse the actual configuration object above.
+// Deprecated: use env function instead as it is easier to
+// override.
 func DefaultConfigYAML() string {
 	yaml := `
 log:
@@ -95,3 +97,35 @@ derp:
 
 	return yaml
 }
+
+func MinimumConfigYAML() string {
+	return `
+private_key_path: /tmp/private.key
+noise:
+  private_key_path: /tmp/noise_private.key
+`
+}
+
+func DefaultConfigEnv() map[string]string {
+	return map[string]string{
+		"HEADSCALE_LOG_LEVEL":                         "trace",
+		"HEADSCALE_ACL_POLICY_PATH":                   "",
+		"HEADSCALE_DB_TYPE":                           "sqlite3",
+		"HEADSCALE_DB_PATH":                           "/tmp/integration_test_db.sqlite3",
+		"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",
+		"HEADSCALE_NODE_UPDATE_CHECK_INTERVAL":        "10s",
+		"HEADSCALE_IP_PREFIXES":                       "fd7a:115c:a1e0::/48 100.64.0.0/10",
+		"HEADSCALE_DNS_CONFIG_BASE_DOMAIN":            "headscale.net",
+		"HEADSCALE_DNS_CONFIG_MAGIC_DNS":              "true",
+		"HEADSCALE_DNS_CONFIG_DOMAINS":                "",
+		"HEADSCALE_DNS_CONFIG_NAMESERVERS":            "127.0.0.11 1.1.1.1",
+		"HEADSCALE_PRIVATE_KEY_PATH":                  "/tmp/private.key",
+		"HEADSCALE_NOISE_PRIVATE_KEY_PATH":            "/tmp/noise_private.key",
+		"HEADSCALE_LISTEN_ADDR":                       "0.0.0.0:8080",
+		"HEADSCALE_METRICS_LISTEN_ADDR":               "127.0.0.1:9090",
+		"HEADSCALE_SERVER_URL":                        "http://headscale:8080",
+		"HEADSCALE_DERP_URLS":                         "https://controlplane.tailscale.com/derpmap/default",
+		"HEADSCALE_DERP_AUTO_UPDATE_ENABLED":          "false",
+		"HEADSCALE_DERP_UPDATE_FREQUENCY":             "1m",
+	}
+}
diff --git a/integration/hsic/hsic.go b/integration/hsic/hsic.go
@@ -17,6 +17,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/davecgh/go-spew/spew"
 	"github.com/juanfont/headscale"
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
 	"github.com/juanfont/headscale/integration/dockertestutil"
@@ -45,7 +46,7 @@ type HeadscaleInContainer struct {
 	// optional config
 	port      int
 	aclPolicy *headscale.ACLPolicy
-	env       []string
+	env       map[string]string
 	tlsCert   []byte
 	tlsKey    []byte
 }
@@ -55,7 +56,7 @@ type Option = func(c *HeadscaleInContainer)
 func WithACLPolicy(acl *headscale.ACLPolicy) Option {
 	return func(hsic *HeadscaleInContainer) {
 		// TODO(kradalby): Move somewhere appropriate
-		hsic.env = append(hsic.env, fmt.Sprintf("HEADSCALE_ACL_POLICY_PATH=%s", aclPolicyPath))
+		hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath
 
 		hsic.aclPolicy = acl
 	}
@@ -69,8 +70,8 @@ func WithTLS() Option {
 		}
 
 		// TODO(kradalby): Move somewhere appropriate
-		hsic.env = append(hsic.env, fmt.Sprintf("HEADSCALE_TLS_CERT_PATH=%s", tlsCertPath))
-		hsic.env = append(hsic.env, fmt.Sprintf("HEADSCALE_TLS_KEY_PATH=%s", tlsKeyPath))
+		hsic.env["HEADSCALE_TLS_CERT_PATH"] = tlsCertPath
+		hsic.env["HEADSCALE_TLS_KEY_PATH"] = tlsKeyPath
 
 		hsic.tlsCert = cert
 		hsic.tlsKey = key
@@ -80,7 +81,7 @@ func WithTLS() Option {
 func WithConfigEnv(configEnv map[string]string) Option {
 	return func(hsic *HeadscaleInContainer) {
 		for key, value := range configEnv {
-			hsic.env = append(hsic.env, fmt.Sprintf("%s=%s", key, value))
+			hsic.env[key] = value
 		}
 	}
 }
@@ -102,12 +103,10 @@ func WithTestName(testName string) Option {
 
 func WithHostnameAsServerURL() Option {
 	return func(hsic *HeadscaleInContainer) {
-		hsic.env = append(
-			hsic.env,
-			fmt.Sprintf("HEADSCALE_SERVER_URL=http://%s:%d",
-				hsic.GetHostname(),
-				hsic.port,
-			))
+		hsic.env["HEADSCALE_SERVER_URL"] = fmt.Sprintf("http://%s",
+			net.JoinHostPort(hsic.GetHostname(),
+				fmt.Sprintf("%d", hsic.port)),
+		)
 	}
 }
 
@@ -129,6 +128,8 @@ func New(
 
 		pool:    pool,
 		network: network,
+
+		env: DefaultConfigEnv(),
 	}
 
 	for _, opt := range opts {
@@ -144,6 +145,13 @@ func New(
 		ContextDir: dockerContextPath,
 	}
 
+	env := []string{}
+	for key, value := range hsic.env {
+		env = append(env, fmt.Sprintf("%s=%s", key, value))
+	}
+
+	log.Printf("ENV: \n%s", spew.Sdump(hsic.env))
+
 	runOptions := &dockertest.RunOptions{
 		Name:         hsic.hostname,
 		ExposedPorts: []string{portProto},
@@ -152,7 +160,7 @@ func New(
 		// TODO(kradalby): Get rid of this hack, we currently need to give us some
 		// to inject the headscale configuration further down.
 		Entrypoint: []string{"/bin/bash", "-c", "/bin/sleep 3 ; headscale serve"},
-		Env:        hsic.env,
+		Env:        env,
 	}
 
 	// dockertest isnt very good at handling containers that has already
@@ -177,7 +185,7 @@ func New(
 
 	hsic.container = container
 
-	err = hsic.WriteFile("/etc/headscale/config.yaml", []byte(DefaultConfigYAML()))
+	err = hsic.WriteFile("/etc/headscale/config.yaml", []byte(MinimumConfigYAML()))
 	if err != nil {
 		return nil, fmt.Errorf("failed to write headscale config to container: %w", err)
 	}