feat: add WithGrpcTLS shim

2024-11-26 17:03:06 +00:00 · 2024-05-25 05:35:00 +00:00 · 2024-05-25 05:35:00 +00:00 · 9163edcf50
commit 9163edcf50
parent 50a7315226
3 changed files with 43 additions and 2 deletions
--- a/integration/embedded_derp_test.go
+++ b/integration/embedded_derp_test.go
@ -43,6 +43,7 @@ func TestDERPServerScenario(t *testing.T) {
 		hsic.WithExtraPorts([]string{"3478/udp"}),
 		hsic.WithEmbeddedDERPServerOnly(),
 		hsic.WithTLS(),
 		hsic.WithGrpcTLS(),
 		hsic.WithHostnameAsServerURL(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
--- a/integration/general_test.go
+++ b/integration/general_test.go
@ -41,6 +41,7 @@ func TestPingAllByIP(t *testing.T) {
 		hsic.WithTestName("pingallbyip"),
 		hsic.WithEmbeddedDERPServerOnly(),
 		hsic.WithTLS(),
 		hsic.WithGrpcTLS(),
 		hsic.WithHostnameAsServerURL(),
 		hsic.WithIPAllocationStrategy(types.IPAllocationStrategyRandom),
 	)
@ -836,6 +837,7 @@ func TestPingAllByIPManyUpDown(t *testing.T) {
 		hsic.WithTestName("pingallbyipmany"),
 		hsic.WithEmbeddedDERPServerOnly(),
 		hsic.WithTLS(),
 		hsic.WithGrpcTLS(),
 		hsic.WithHostnameAsServerURL(),
 	)
 	assertNoErrHeadscaleEnv(t, err)
--- a/integration/hsic/hsic.go
+++ b/integration/hsic/hsic.go
@ -40,6 +40,8 @@ const (
 	aclPolicyPath        = "/etc/headscale/acl.hujson"
 	tlsCertPath          = "/etc/headscale/tls.cert"
 	tlsKeyPath           = "/etc/headscale/tls.key"
 	grpcTlsCertPath      = "/etc/headscale/grpc_tls.cert"
 	grpcTlsKeyPath       = "/etc/headscale/grpc_tls.key"
 	headscaleDefaultPort = 8080
 )
@ -69,6 +71,8 @@ type HeadscaleInContainer struct {
 	env              map[string]string
 	tlsCert          []byte
 	tlsKey           []byte
 	grpcTlsCert      []byte
 	grpcTlsKey       []byte
 	filesInContainer []fileInContainer
 	postgres         bool
 }
@ -97,14 +101,27 @@ func WithTLS() Option {
 		}
 		// TODO(kradalby): Move somewhere appropriate
-		hsic.env["HEADSCALE_GRPC_TLS_CERT_PATH"] = tlsCertPath
+		hsic.env["HEADSCALE_TLS_CERT_PATH"] = tlsCertPath
-		hsic.env["HEADSCALE_GRPC_TLS_KEY_PATH"] = tlsKeyPath
+		hsic.env["HEADSCALE_TLS_KEY_PATH"] = tlsKeyPath
 		hsic.tlsCert = cert
 		hsic.tlsKey = key
 	}
 }
 // WithGrpcTLS creates gRPC certificates and enables them.
 func WithGrpcTLS() Option {
 	return func(hsic *HeadscaleInContainer) {
 		cert, key, err := createCertificate(hsic.hostname)
 		if err != nil {
 			log.Fatalf("failed to create grpc certificates for headscale test: %s", err)
 		}
 		hsic.grpcTlsCert = cert
 		hsic.grpcTlsKey = key
 	}
 }
 // WithConfigEnv takes a map of environment variables that
 // can be used to override Headscale configuration.
 func WithConfigEnv(configEnv map[string]string) Option {
@ -253,6 +270,11 @@ func New(
 		hsic.env["HEADSCALE_SERVER_URL"] = serverURL.String()
 	}
 	if hsic.hasGrpcTLS() {
 		hsic.env["HEADSCALE_GRPC_TLS_CERT_PATH"] = grpcTlsCertPath
 		hsic.env["HEADSCALE_GRPC_TLS_KEY_PATH"] = grpcTlsKeyPath
 	}
 	headscaleBuildOptions := &dockertest.BuildOptions{
 		Dockerfile: "Dockerfile.debug",
 		ContextDir: dockerContextPath,
@ -374,6 +396,18 @@ func New(
 		}
 	}
 	if hsic.hasGrpcTLS() {
 		err = hsic.WriteFile(grpcTlsCertPath, hsic.grpcTlsCert)
 		if err != nil {
 			return nil, fmt.Errorf("failed to write TLS certificate to container: %w", err)
 		}
 		err = hsic.WriteFile(grpcTlsKeyPath, hsic.grpcTlsKey)
 		if err != nil {
 			return nil, fmt.Errorf("failed to write TLS key to container: %w", err)
 		}
 	}
 	for _, f := range hsic.filesInContainer {
 		if err := hsic.WriteFile(f.path, f.contents); err != nil {
 			return nil, fmt.Errorf("failed to write %q: %w", f.path, err)
@ -391,6 +425,10 @@ func (t *HeadscaleInContainer) hasTLS() bool {
 	return len(t.tlsCert) != 0 && len(t.tlsKey) != 0
 }
 func (t *HeadscaleInContainer) hasGrpcTLS() bool {
 	return len(t.grpcTlsCert) != 0 && len(t.grpcTlsKey) != 0
 }
 // Shutdown stops and cleans up the Headscale container.
 func (t *HeadscaleInContainer) Shutdown() error {
 	err := t.SaveLog("/tmp/control")