integration: fix tag tests for tagged nodes with nil user_id

Tagged nodes no longer have user_id set, so ListNodes(user) cannot find them. Update integration tests to use ListNodes() (all nodes) when looking up tagged nodes. Add a findNode helper to locate nodes by predicate from an unfiltered list, used in ACL tests that have multiple nodes per scenario. Updates #3077
2026-03-20 08:34:12 +01:00 · 2026-02-20 13:02:51 +00:00
parent 1e4fc3f179
commit be4fd9ff2d
3 changed files with 93 additions and 89 deletions
--- a/integration/acl_test.go
+++ b/integration/acl_test.go
@@ -2459,10 +2459,14 @@ func TestACLTagPropagation(t *testing.T) {
 				err = scenario.WaitForTailscaleSync()
 				require.NoError(t, err)

-				nodes, err := headscale.ListNodes("user1")
+				// Tagged nodes have no user_id, so list all and find by tag.
+				allNodes, err := headscale.ListNodes()
 				require.NoError(t, err)

-				return user2Node, user1Node, nodes[0].GetId()
+				tagged := findNode(allNodes, func(n *v1.Node) bool { return len(n.GetTags()) > 0 })
+				require.NotNil(t, tagged, "expected a tagged node")
+
+				return user2Node, user1Node, tagged.GetId()
 			},
 			initialAccess: true,                  // user2 can access user1 (has tag:shared)
 			tagChange:     []string{"tag:other"}, // replace with tag:other
@@ -2552,10 +2556,14 @@ func TestACLTagPropagation(t *testing.T) {
 				err = scenario.WaitForTailscaleSync()
 				require.NoError(t, err)

-				nodes, err := headscale.ListNodes("user1")
+				// Tagged nodes have no user_id, so list all and find by tag.
+				allNodes, err := headscale.ListNodes()
 				require.NoError(t, err)

-				return user2Node, user1Node, nodes[0].GetId()
+				tagged := findNode(allNodes, func(n *v1.Node) bool { return len(n.GetTags()) > 0 })
+				require.NotNil(t, tagged, "expected a tagged node")
+
+				return user2Node, user1Node, tagged.GetId()
 			},
 			initialAccess: false,                  // user2 cannot access (tag:team-a not in ACL)
 			tagChange:     []string{"tag:team-b"}, // change to tag:team-b
@@ -2645,10 +2653,14 @@ func TestACLTagPropagation(t *testing.T) {
 				err = scenario.WaitForTailscaleSync()
 				require.NoError(t, err)

-				nodes, err := headscale.ListNodes("user1")
+				// Tagged nodes have no user_id, so list all and find by tag.
+				allNodes, err := headscale.ListNodes()
 				require.NoError(t, err)

-				return user2Node, user1Node, nodes[0].GetId()
+				tagged := findNode(allNodes, func(n *v1.Node) bool { return len(n.GetTags()) > 0 })
+				require.NotNil(t, tagged, "expected a tagged node")
+
+				return user2Node, user1Node, tagged.GetId()
 			},
 			initialAccess: true,                     // user2 can access (has tag:web)
 			tagChange:     []string{"tag:internal"}, // remove tag:web, keep tag:internal
@@ -2783,34 +2795,10 @@ func TestACLTagPropagation(t *testing.T) {

 			// Verify tag was applied
 			assert.EventuallyWithT(t, func(c *assert.CollectT) {
-				// List nodes by iterating through all users since tagged nodes may "move"
-				var node *v1.Node
-
-				for _, user := range tt.spec.Users {
-					nodes, err := headscale.ListNodes(user)
-					if err != nil {
-						continue
-					}
-
-					for _, n := range nodes {
-						if n.GetId() == targetNodeID {
-							node = n
-							break
-						}
-					}
-				}
-				// Also check nodes without user filter
-				if node == nil {
-					// Try listing all nodes
-					allNodes, _ := headscale.ListNodes("")
-					for _, n := range allNodes {
-						if n.GetId() == targetNodeID {
-							node = n
-							break
-						}
-					}
-				}
+				allNodes, err := headscale.ListNodes()
+				assert.NoError(c, err)

+				node := findNode(allNodes, func(n *v1.Node) bool { return n.GetId() == targetNodeID })
 				assert.NotNil(c, node, "Node should still exist")

 				if node != nil {
@@ -2991,10 +2979,14 @@ func TestACLTagPropagationPortSpecific(t *testing.T) {
 	err = scenario.WaitForTailscaleSync()
 	require.NoError(t, err)

-	nodes, err := headscale.ListNodes("user1")
+	// Tagged nodes have no user_id, so list all and find by tag.
+	allNodes, err := headscale.ListNodes()
 	require.NoError(t, err)

-	targetNodeID := nodes[0].GetId()
+	tagged := findNode(allNodes, func(n *v1.Node) bool { return len(n.GetTags()) > 0 })
+	require.NotNil(t, tagged, "expected a tagged node")
+
+	targetNodeID := tagged.GetId()

 	targetFQDN, err := user1Node.FQDN()
 	require.NoError(t, err)