implement selfupdate and pass expiry (#1647)

2024-01-05 10:41:56 +01:00 · 2024-01-05 10:41:56 +01:00 · 3b103280ef
commit 3b103280ef
parent a592ae56b4
11 changed files with 114 additions and 52 deletions
--- a/integration/general_test.go
+++ b/integration/general_test.go
@ -537,7 +537,7 @@ func TestExpireNode(t *testing.T) {
 		assertNoErr(t, err)

 		// Assert that we have the original count - self
-		assert.Len(t, status.Peers(), len(MustTestVersions)-1)
+		assert.Len(t, status.Peers(), spec["user1"]-1)
 	}

 	headscale, err := scenario.Headscale()
@ -560,7 +560,7 @@ func TestExpireNode(t *testing.T) {

 	t.Logf("Node %s with node_key %s has been expired", node.GetName(), expiredNodeKey.String())

-	time.Sleep(30 * time.Second)
+	time.Sleep(2 * time.Minute)

 	now := time.Now()

@ -572,21 +572,33 @@ func TestExpireNode(t *testing.T) {
 		if client.Hostname() != node.GetName() {
 			t.Logf("available peers of %s: %v", client.Hostname(), status.Peers())

-			// In addition to marking nodes expired, we filter them out during the map response
-			// this check ensures that the node is either not present, or that it is expired
-			// if it is in the map response.
+			// Ensures that the node is present, and that it is expired.
 			if peerStatus, ok := status.Peer[expiredNodeKey]; ok {
 				assertNotNil(t, peerStatus.Expired)
-				assert.Truef(t, peerStatus.KeyExpiry.Before(now), "node %s should have a key expire before %s, was %s", peerStatus.HostName, now.String(), peerStatus.KeyExpiry)
-				assert.Truef(t, peerStatus.Expired, "node %s should be expired, expired is %v", peerStatus.HostName, peerStatus.Expired)
+				assert.NotNil(t, peerStatus.KeyExpiry)
+
+				t.Logf("node %q should have a key expire before %s, was %s", peerStatus.HostName, now.String(), peerStatus.KeyExpiry)
+				if peerStatus.KeyExpiry != nil {
+					assert.Truef(t, peerStatus.KeyExpiry.Before(now), "node %q should have a key expire before %s, was %s", peerStatus.HostName, now.String(), peerStatus.KeyExpiry)
+				}
+
+				assert.Truef(t, peerStatus.Expired, "node %q should be expired, expired is %v", peerStatus.HostName, peerStatus.Expired)
+
+				_, stderr, _ := client.Execute([]string{"tailscale", "ping", node.GetName()})
+				if !strings.Contains(stderr, "node key has expired") {
+					t.Errorf("expected to be unable to ping expired host %q from %q", node.GetName(), client.Hostname())
+				}
+			} else {
+				t.Errorf("failed to find node %q with nodekey (%s) in mapresponse, should be present even if it is expired", node.GetName(), expiredNodeKey)
+			}
+		} else {
+			if status.Self.KeyExpiry != nil {
+				assert.Truef(t, status.Self.KeyExpiry.Before(now), "node %q should have a key expire before %s, was %s", status.Self.HostName, now.String(), status.Self.KeyExpiry)
 			}

-			// TODO(kradalby): We do not propogate expiry correctly, nodes should be aware
-			// of their status, and this should be sent directly to the node when its
-			// expired. This needs a notifier that goes directly to the node (currently we only do peers)
-			// so fix this in a follow up PR.
-			// } else {
-			// 	assert.True(t, status.Self.Expired)
+			// NeedsLogin means that the node has understood that it is no longer
+			// valid.
+			assert.Equal(t, "NeedsLogin", status.BackendState)
 		}
 	}
 }
--- a/integration/run.sh
+++ b/integration/run.sh
@ -13,8 +13,10 @@ run_tests() {

 	for ((i = 1; i <= num_tests; i++)); do
 		docker network prune -f >/dev/null 2>&1
-		docker rm headscale-test-suite || true
-		docker kill "$(docker ps -q)" || true
+		docker rm headscale-test-suite >/dev/null 2>&1 || true
+		docker kill "$(docker ps -q)" >/dev/null 2>&1 || true
+
+		echo "Run $i"

 		start=$(date +%s)
 		docker run \
--- a/integration/scenario.go
+++ b/integration/scenario.go
@ -47,19 +47,19 @@ var (
 	tailscaleVersions2021 = map[string]bool{
 		"head":     true,
 		"unstable": true,
-		"1.56":     true, // CapVer: 82
-		"1.54":     true, // CapVer: 79
-		"1.52":     true, // CapVer: 79
-		"1.50":     true, // CapVer: 74
-		"1.48":     true, // CapVer: 68
-		"1.46":     true, // CapVer: 65
-		"1.44":     true, // CapVer: 63
-		"1.42":     true, // CapVer: 61
-		"1.40":     true, // CapVer: 61
-		"1.38":     true, // CapVer: 58
-		"1.36":     true, // CapVer: 56
-		"1.34":     true, // CapVer: 51
-		"1.32":     true, // Oldest supported version, CapVer: 46
+		"1.56":     true,  // CapVer: 82
+		"1.54":     true,  // CapVer: 79
+		"1.52":     true,  // CapVer: 79
+		"1.50":     true,  // CapVer: 74
+		"1.48":     true,  // CapVer: 68
+		"1.46":     true,  // CapVer: 65
+		"1.44":     true,  // CapVer: 63
+		"1.42":     true,  // CapVer: 61
+		"1.40":     true,  // CapVer: 61
+		"1.38":     true,  // CapVer: 58
+		"1.36":     true,  // Oldest supported version, CapVer: 56
+		"1.34":     false, // CapVer: 51
+		"1.32":     false, // CapVer: 46
 		"1.30":     false,
 	}

--- a/integration/scenario_test.go
+++ b/integration/scenario_test.go
@ -142,7 +142,7 @@ func TestTailscaleNodesJoiningHeadcale(t *testing.T) {
 	})

 	t.Run("create-tailscale", func(t *testing.T) {
-		err := scenario.CreateTailscaleNodesInUser(user, "1.30.2", count)
+		err := scenario.CreateTailscaleNodesInUser(user, "unstable", count)
 		if err != nil {
 			t.Fatalf("failed to add tailscale nodes: %s", err)
 		}