make preauthkey tags test stable

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
fix oidc test, add tests for migration
2024-11-29 18:33:05 +00:00 · 2024-10-23 10:47:04 -05:00 · 2024-10-23 10:47:04 -05:00 · 2024-10-23 10:47:04 -05:00 · 2024-10-23 10:47:04 -05:00 · 2024-10-23 10:47:04 -05:00
4 changed files with 8 additions and 32 deletions
--- a/hscontrol/mapper/mapper.go
+++ b/hscontrol/mapper/mapper.go
@ -111,9 +111,7 @@ func generateUserProfiles(

 func generateDNSConfig(
 	cfg *types.Config,
-	baseDomain string,
 	node *types.Node,
-	peers types.Nodes,
 ) *tailcfg.DNSConfig {
 	if cfg.DNSConfig == nil {
 		return nil
@ -532,12 +530,7 @@ func appendPeerChanges(

 	profiles := generateUserProfiles(node, changed)

-	dnsConfig := generateDNSConfig(
-		cfg,
-		cfg.BaseDomain,
-		node,
-		peers,
-	)
+	dnsConfig := generateDNSConfig(cfg, node)

 	tailPeers, err := tailNodes(changed, capVer, pol, cfg)
 	if err != nil {
--- a/hscontrol/mapper/mapper_test.go
+++ b/hscontrol/mapper/mapper_test.go
@ -114,24 +114,12 @@ func TestDNSConfigMapResponse(t *testing.T) {
 			}

 			nodeInShared1 := mach("test_get_shared_nodes_1", "shared1", 1)
-			nodeInShared2 := mach("test_get_shared_nodes_2", "shared2", 2)
-			nodeInShared3 := mach("test_get_shared_nodes_3", "shared3", 3)
-			node2InShared1 := mach("test_get_shared_nodes_4", "shared1", 1)
-
-			peersOfNodeInShared1 := types.Nodes{
-				nodeInShared1,
-				nodeInShared2,
-				nodeInShared3,
-				node2InShared1,
-			}

 			got := generateDNSConfig(
 				&types.Config{
 					DNSConfig: &dnsConfigOrig,
 				},
-				baseDomain,
 				nodeInShared1,
-				peersOfNodeInShared1,
 			)

 			if diff := cmp.Diff(tt.want, got, cmpopts.EquateEmpty()); diff != "" {
--- a/hscontrol/noise.go
+++ b/hscontrol/noise.go
@ -10,7 +10,6 @@ import (
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/h2c"
 	"tailscale.com/control/controlbase"
 	"tailscale.com/control/controlhttp"
 	"tailscale.com/tailcfg"
@ -101,18 +100,12 @@ func (h *Headscale) NoiseUpgradeHandler(
 		Methods(http.MethodPost)
 	router.HandleFunc("/machine/map", noiseServer.NoisePollNetMapHandler)

-	server := http.Server{
-		ReadTimeout: types.HTTPTimeout,
-	}
-
 	noiseServer.httpBaseConfig = &http.Server{
 		Handler:           router,
 		ReadHeaderTimeout: types.HTTPTimeout,
 	}
 	noiseServer.http2Server = &http2.Server{}

-	server.Handler = h2c.NewHandler(router, noiseServer.http2Server)
-
 	noiseServer.http2Server.ServeConn(
 		noiseConn,
 		&http2.ServeConnOpts{
--- a/integration/route_test.go
+++ b/integration/route_test.go
@ -22,6 +22,8 @@ import (
 	"tailscale.com/wgengine/filter"
 )

+var allPorts = filter.PortRange{First: 0, Last: 0xffff}
+
 // This test is both testing the routes command and the propagation of
 // routes.
 func TestEnablingRoutes(t *testing.T) {
@ -1249,11 +1251,11 @@ func TestSubnetRouteACL(t *testing.T) {
 			Dsts: []filter.NetPortRange{
 				{
 					Net:   netip.MustParsePrefix("100.64.0.2/32"),
-					Ports: filter.PortRange{0, 0xffff},
+					Ports: allPorts,
 				},
 				{
 					Net:   netip.MustParsePrefix("fd7a:115c:a1e0::2/128"),
-					Ports: filter.PortRange{0, 0xffff},
+					Ports: allPorts,
 				},
 			},
 			Caps: []filter.CapMatch{},
@ -1281,11 +1283,11 @@ func TestSubnetRouteACL(t *testing.T) {
 			Dsts: []filter.NetPortRange{
 				{
 					Net:   netip.MustParsePrefix("100.64.0.1/32"),
-					Ports: filter.PortRange{0, 0xffff},
+					Ports: allPorts,
 				},
 				{
 					Net:   netip.MustParsePrefix("fd7a:115c:a1e0::1/128"),
-					Ports: filter.PortRange{0, 0xffff},
+					Ports: allPorts,
 				},
 			},
 			Caps: []filter.CapMatch{},
@ -1303,7 +1305,7 @@ func TestSubnetRouteACL(t *testing.T) {
 			Dsts: []filter.NetPortRange{
 				{
 					Net:   netip.MustParsePrefix("10.33.0.0/16"),
-					Ports: filter.PortRange{0, 0xffff},
+					Ports: allPorts,
 				},
 			},
 			Caps: []filter.CapMatch{},
Author	SHA1	Message	Date
Kristoffer Dalby	fbf6f24f6c	make preauthkey tags test stable Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	12fb92ab96	fix oidc test, add tests for migration Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	28b62847fb	restore strip_email_domain for migration Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	0fc245d910	add iss to identifier, only set email if verified Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	f1d14f01fc	add @ to end of username if not present Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	d0b0b1f63f	remove log print Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:04 -05:00
Kristoffer Dalby	695da7b306	update changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:03 -05:00
Kristoffer Dalby	e8d76c1a85	Harden OIDC migration and make optional This commit hardens the migration part of the OIDC from the old username based approach to the new sub based approach and makes it possible for the operator to opt out entirely. Fixes #1990 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:47:03 -05:00
Kristoffer Dalby	e2d5ee0927	cleanup linter warnings (#2206 ) Some checks failed Build / build (push) Has been cancelled Details Build documentation / build (push) Has been cancelled Details Build documentation / deploy (push) Has been cancelled Details Tests / test (push) Has been cancelled Details Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-23 10:45:59 -05:00