starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-20 07:41:31 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

integration: standardize test infrastructure options

Browse Source 
Make embedded DERP server and TLS the default configuration for all
integration tests, replacing the per-test opt-in model that led to
inconsistent and flaky test behavior.

Infrastructure changes:
- DefaultConfigEnv() includes embedded DERP server settings
- New() auto-generates a proper CA + server TLS certificate pair
- CA cert is installed into container trust stores and returned by
  GetCert() so clients and internal tools (curl) trust the server
- CreateCertificate() now returns (caCert, cert, key) instead of
  discarding the CA certificate
- Add WithPublicDERP() and WithoutTLS() opt-out options
- Remove WithTLS(), WithEmbeddedDERPServerOnly(), and WithDERPAsIP()
  since all their behavior is now the default or unnecessary

Test cleanup:
- Remove all redundant WithTLS/WithEmbeddedDERPServerOnly/WithDERPAsIP
  calls from test files
- Give every test a unique WithTestName by parameterizing aclScenario,
  sshScenario, and derpServerScenario helpers
- Add WithTestName to tests that were missing it
- Document all non-standard options with inline comments explaining
  why each is needed

Updates #3139
This commit is contained in:
Kristoffer Dalby
2026-03-16 09:15:46 +00:00
parent 87b8507ac9
commit e5ebe3205a
18 changed files with 209 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
integration/derp_verify_endpoint_test.go
View File

@@ -32,7 +32,7 @@ func TestDERPVerifyEndpoint(t *testing.T) {
headscalePort := 8080
// Create cert for headscale
certHeadscale, keyHeadscale, err := integrationutil.CreateCertificate(hostname)
caHeadscale, certHeadscale, keyHeadscale, err := integrationutil.CreateCertificate(hostname)
require.NoError(t, err)
spec := ScenarioSpec{
@@ -46,7 +46,7 @@ func TestDERPVerifyEndpoint(t *testing.T) {
defer scenario.ShutdownAssertNoPanics(t)
derper, err := scenario.CreateDERPServer("head",
dsic.WithCACert(certHeadscale),
dsic.WithCACert(caHeadscale),
dsic.WithVerifyClientURL(fmt.Sprintf("https://%s/verify", net.JoinHostPort(hostname, strconv.Itoa(headscalePort)))),
)
require.NoError(t, err)
@@ -72,10 +72,18 @@ func TestDERPVerifyEndpoint(t *testing.T) {
},
}
// WithHostname is used instead of WithTestName because the hostname
// must match the pre-generated TLS certificate created above.
// The test name "derpverify" is embedded in the hostname variable.
//
// WithCACert passes the external DERP server's certificate so
// tailscale clients trust it. WithCustomTLS and WithDERPConfig
// configure headscale to use the external DERP server created
// above instead of the default embedded one.
err = scenario.CreateHeadscaleEnv([]tsic.Option{tsic.WithCACert(derper.GetCert())},
hsic.WithHostname(hostname),
hsic.WithPort(headscalePort),
hsic.WithCustomTLS(certHeadscale, keyHeadscale),
hsic.WithCustomTLS(caHeadscale, certHeadscale, keyHeadscale),
hsic.WithDERPConfig(derpMap))
requireNoErrHeadscaleEnv(t, err)