integration: standardize test infrastructure options

Make embedded DERP server and TLS the default configuration for all integration tests, replacing the per-test opt-in model that led to inconsistent and flaky test behavior. Infrastructure changes: - DefaultConfigEnv() includes embedded DERP server settings - New() auto-generates a proper CA + server TLS certificate pair - CA cert is installed into container trust stores and returned by GetCert() so clients and internal tools (curl) trust the server - CreateCertificate() now returns (caCert, cert, key) instead of discarding the CA certificate - Add WithPublicDERP() and WithoutTLS() opt-out options - Remove WithTLS(), WithEmbeddedDERPServerOnly(), and WithDERPAsIP() since all their behavior is now the default or unnecessary Test cleanup: - Remove all redundant WithTLS/WithEmbeddedDERPServerOnly/WithDERPAsIP calls from test files - Give every test a unique WithTestName by parameterizing aclScenario, sshScenario, and derpServerScenario helpers - Add WithTestName to tests that were missing it - Document all non-standard options with inline comments explaining why each is needed Updates #3139
2026-03-29 05:32:01 +02:00 · 2026-03-16 09:15:46 +00:00
parent 87b8507ac9
commit e5ebe3205a
18 changed files with 209 additions and 236 deletions
--- a/integration/auth_key_test.go
+++ b/integration/auth_key_test.go
@@ -35,14 +35,7 @@ func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
 			defer scenario.ShutdownAssertNoPanics(t)

 			opts := []hsic.Option{
-				hsic.WithTestName("pingallbyip"),
-				hsic.WithEmbeddedDERPServerOnly(),
-				hsic.WithDERPAsIP(),
-			}
-			if https {
-				opts = append(opts, []hsic.Option{
-					hsic.WithTLS(),
-				}...)
+				hsic.WithTestName("authkey-relogsame"),
 			}

 			err = scenario.CreateHeadscaleEnv([]tsic.Option{}, opts...)
@@ -241,8 +234,6 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {

 	err = scenario.CreateHeadscaleEnv([]tsic.Option{},
 		hsic.WithTestName("keyrelognewuser"),
-		hsic.WithTLS(),
-		hsic.WithDERPAsIP(),
 	)
 	requireNoErrHeadscaleEnv(t, err)

@@ -375,13 +366,7 @@ func TestAuthKeyLogoutAndReloginSameUserExpiredKey(t *testing.T) {
 			defer scenario.ShutdownAssertNoPanics(t)

 			opts := []hsic.Option{
-				hsic.WithTestName("pingallbyip"),
-				hsic.WithDERPAsIP(),
-			}
-			if https {
-				opts = append(opts, []hsic.Option{
-					hsic.WithTLS(),
-				}...)
+				hsic.WithTestName("authkey-rlogexpired"),
 			}

 			err = scenario.CreateHeadscaleEnv([]tsic.Option{}, opts...)
@@ -503,7 +488,7 @@ func TestAuthKeyDeleteKey(t *testing.T) {
 	require.NoError(t, err)
 	defer scenario.ShutdownAssertNoPanics(t)

-	err = scenario.CreateHeadscaleEnv([]tsic.Option{}, hsic.WithTestName("delkey"), hsic.WithTLS(), hsic.WithDERPAsIP())
+	err = scenario.CreateHeadscaleEnv([]tsic.Option{}, hsic.WithTestName("delkey"))
 	requireNoErrHeadscaleEnv(t, err)

 	headscale, err := scenario.Headscale()
@@ -621,7 +606,6 @@ func TestAuthKeyLogoutAndReloginRoutesPreserved(t *testing.T) {
 			tsic.WithExtraLoginArgs([]string{"--advertise-routes=" + advertiseRoute}),
 		},
 		hsic.WithTestName("routelogout"),
-		hsic.WithTLS(),
 		hsic.WithACLPolicy(
 			&policyv2.Policy{
 				ACLs: []policyv2.ACL{