add 1.80 to capver and update deps (#2394)

2025-02-05 07:17:51 +01:00 · 2025-02-05 07:17:51 +01:00 · 8b92c017ec
commit 8b92c017ec
parent 9a7890d56b
13 changed files with 136 additions and 121 deletions
--- a/integration/dns_test.go
+++ b/integration/dns_test.go
@ -269,7 +269,7 @@ func TestValidateResolvConf(t *testing.T) {
 				"HEADSCALE_DNS_NAMESERVERS_GLOBAL": "",
 			},
 			wantConfCompareFunc: func(t *testing.T, got string) {
-				assert.NotContains(t, got, "100.100.100.100")
+				assert.Contains(t, got, "Generated by Docker Engine")
 			},
 		},
 		{
--- a/integration/dockertestutil/network.go
+++ b/integration/dockertestutil/network.go
@ -3,6 +3,7 @@ package dockertestutil
 import (
 	"errors"
 	"net"
+	"fmt"

 	"github.com/ory/dockertest/v3"
 	"github.com/ory/dockertest/v3/docker"
@ -12,7 +13,10 @@ var ErrContainerNotFound = errors.New("container not found")

 func GetFirstOrCreateNetwork(pool *dockertest.Pool, name string) (*dockertest.Network, error) {
 	networks, err := pool.NetworksByName(name)
-	if err != nil || len(networks) == 0 {
+	if err != nil {
+		return nil, fmt.Errorf("looking up network names: %w", err)
+	}
+	if len(networks) == 0 {
 		if _, err := pool.CreateNetwork(name); err == nil {
 			// Create does not give us an updated version of the resource, so we need to
 			// get it again.
@ -22,6 +26,8 @@ func GetFirstOrCreateNetwork(pool *dockertest.Pool, name string) (*dockertest.Ne
 			}

 			return &networks[0], nil
+		} else {
+			return nil, fmt.Errorf("creating network: %w", err)
 		}
 	}

--- a/integration/ssh_test.go
+++ b/integration/ssh_test.go
@ -13,6 +13,12 @@ import (
 	"github.com/stretchr/testify/assert"
 )

+func isSSHNoAccessStdError(stderr string) bool {
+	return strings.Contains(stderr, "Permission denied (tailscale)") ||
+		// Since https://github.com/tailscale/tailscale/pull/14853
+		strings.Contains(stderr, "failed to evaluate SSH policy")
+}
+
 var retry = func(times int, sleepInterval time.Duration,
 	doWork func() (string, string, error),
 ) (string, string, error) {
@ -32,7 +38,7 @@ var retry = func(times int, sleepInterval time.Duration,

 		// If we get a permission denied error, we can fail immediately
 		// since that is something we wont recover from by retrying.
-		if err != nil && strings.Contains(stderr, "Permission denied (tailscale)") {
+		if err != nil && isSSHNoAccessStdError(stderr) {
 			return result, stderr, err
 		}

@ -410,11 +416,11 @@ func assertSSHHostname(t *testing.T, client TailscaleClient, peer TailscaleClien
 func assertSSHPermissionDenied(t *testing.T, client TailscaleClient, peer TailscaleClient) {
 	t.Helper()

-	result, stderr, _ := doSSH(t, client, peer)
+	result, stderr, err := doSSH(t, client, peer)

 	assert.Empty(t, result)

-	assertContains(t, stderr, "Permission denied (tailscale)")
+	assertSSHNoAccessStdError(t, err, stderr)
 }

 func assertSSHTimeout(t *testing.T, client TailscaleClient, peer TailscaleClient) {
@ -429,3 +435,11 @@ func assertSSHTimeout(t *testing.T, client TailscaleClient, peer TailscaleClient
 		t.Fatalf("connection did not time out")
 	}
 }
+
+func assertSSHNoAccessStdError(t *testing.T, err error, stderr string) {
+	t.Helper()
+	assert.Error(t, err)
+	if !isSSHNoAccessStdError(stderr) {
+		t.Errorf("expected stderr output suggesting access denied, got: %s", stderr)
+	}
+}
--- a/integration/utils.go
+++ b/integration/utils.go
@ -200,18 +200,15 @@ func assertValidNetmap(t *testing.T, client TailscaleClient) {
 	assert.NotEmptyf(t, netmap.SelfNode.AllowedIPs(), "%q does not have any allowed IPs", client.Hostname())
 	assert.NotEmptyf(t, netmap.SelfNode.Addresses(), "%q does not have any addresses", client.Hostname())

-	if netmap.SelfNode.Online() != nil {
-		assert.Truef(t, *netmap.SelfNode.Online(), "%q is not online", client.Hostname())
-	} else {
-		t.Errorf("Online should not be nil for %s", client.Hostname())
-	}
+	assert.Truef(t, netmap.SelfNode.Online().Get(), "%q is not online", client.Hostname())

 	assert.Falsef(t, netmap.SelfNode.Key().IsZero(), "%q does not have a valid NodeKey", client.Hostname())
 	assert.Falsef(t, netmap.SelfNode.Machine().IsZero(), "%q does not have a valid MachineKey", client.Hostname())
 	assert.Falsef(t, netmap.SelfNode.DiscoKey().IsZero(), "%q does not have a valid DiscoKey", client.Hostname())

 	for _, peer := range netmap.Peers {
-		assert.NotEqualf(t, "127.3.3.40:0", peer.DERP(), "peer (%s) has no home DERP in %q's netmap, got: %s", peer.ComputedName(), client.Hostname(), peer.DERP())
+		assert.NotEqualf(t, "127.3.3.40:0", peer.LegacyDERPString(), "peer (%s) has no home DERP in %q's netmap, got: %s", peer.ComputedName(), client.Hostname(), peer.LegacyDERPString())
+		assert.NotEqualf(t, 0, peer.HomeDERP(), "peer (%s) has no home DERP in %q's netmap, got: %d", peer.ComputedName(), client.Hostname(), peer.HomeDERP())

 		assert.Truef(t, peer.Hostinfo().Valid(), "peer (%s) of %q does not have Hostinfo", peer.ComputedName(), client.Hostname())
 		if hi := peer.Hostinfo(); hi.Valid() {
@ -228,7 +225,7 @@ func assertValidNetmap(t *testing.T, client TailscaleClient) {
 		assert.NotEmptyf(t, peer.AllowedIPs(), "peer (%s) of %q does not have any allowed IPs", peer.ComputedName(), client.Hostname())
 		assert.NotEmptyf(t, peer.Addresses(), "peer (%s) of %q does not have any addresses", peer.ComputedName(), client.Hostname())

-		assert.Truef(t, *peer.Online(), "peer (%s) of %q is not online", peer.ComputedName(), client.Hostname())
+		assert.Truef(t, peer.Online().Get(), "peer (%s) of %q is not online", peer.ComputedName(), client.Hostname())

 		assert.Falsef(t, peer.Key().IsZero(), "peer (%s) of %q does not have a valid NodeKey", peer.ComputedName(), client.Hostname())
 		assert.Falsef(t, peer.Machine().IsZero(), "peer (%s) of %q does not have a valid MachineKey", peer.ComputedName(), client.Hostname())