Skip to content

Commit 159e199

Browse files
deansheatherdeansheather
committed
chore: hard NAT <-> easy NAT integration test
1 parent 264fc56 commit 159e199

File tree

4 files changed

+228
-68
lines changed

4 files changed

+228
-68
lines changed

coderd/rbac/roles_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ func TestOwnerExec(t *testing.T) {
7777
})
7878
}
7979

80-
// nolint:tparallel,paralleltest -- subtests share a map, just run sequentially.
80+
// nolint:tparallel,paralleltest // subtests share a map, just run sequentially.
8181
func TestRolePermissions(t *testing.T) {
8282
t.Parallel()
8383

@@ -557,7 +557,7 @@ func TestRolePermissions(t *testing.T) {
557557
// nolint:tparallel,paralleltest
558558
for _, c := range testCases {
559559
c := c
560-
// nolint:tparallel,paralleltest -- These share the same remainingPermissions map
560+
// nolint:tparallel,paralleltest // These share the same remainingPermissions map
561561
t.Run(c.Name, func(t *testing.T) {
562562
remainingSubjs := make(map[string]struct{})
563563
for _, subj := range requiredSubjects {
@@ -600,7 +600,7 @@ func TestRolePermissions(t *testing.T) {
600600
// Only run these if the tests on top passed. Otherwise, the error output is too noisy.
601601
if passed {
602602
for rtype, v := range remainingPermissions {
603-
// nolint:tparallel,paralleltest -- Making a subtest for easier diagnosing failures.
603+
// nolint:tparallel,paralleltest // Making a subtest for easier diagnosing failures.
604604
t.Run(fmt.Sprintf("%s-AllActions", rtype), func(t *testing.T) {
605605
if len(v) > 0 {
606606
assert.Equal(t, map[policy.Action]bool{}, v, "remaining permissions should be empty for type %q", rtype)

enterprise/coderd/roles_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,11 @@ func TestCustomRole(t *testing.T) {
6565
// Verify the role exists in the list
6666
// TODO: Turn this assertion back on when the cli api experience is created.
6767
// allRoles, err := tmplAdmin.ListSiteRoles(ctx)
68-
//require.NoError(t, err)
68+
// require.NoError(t, err)
6969
//
70-
//require.True(t, slices.ContainsFunc(allRoles, func(selected codersdk.AssignableRoles) bool {
70+
// require.True(t, slices.ContainsFunc(allRoles, func(selected codersdk.AssignableRoles) bool {
7171
// return selected.Name == role.Name
72-
//}), "role missing from site role list")
72+
// }), "role missing from site role list")
7373
})
7474

7575
// Revoked licenses cannot modify/create custom roles, but they can

tailnet/test/integration/integration_test.go

+31-15
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ var (
4545
serverListenAddr = flag.String("server-listen-addr", "", "The address to listen on for the server")
4646

4747
// Role: stun
48+
stunNumber = flag.Int("stun-number", 0, "The number of the STUN server")
4849
stunListenAddr = flag.String("stun-listen-addr", "", "The address to listen on for the STUN server")
4950

5051
// Role: client
@@ -88,24 +89,31 @@ var topologies = []integration.TestTopology{
8889
},
8990
{
9091
// Test that DERP over "easy" NAT works. The server, client 1 and client
91-
// 2 are on different networks with a shared router, and the router
92-
// masquerades the traffic.
92+
// 2 are on different networks with their own routers, which are joined
93+
// by a bridge.
9394
Name: "EasyNATDERP",
9495
SetupNetworking: integration.SetupNetworkingEasyNAT,
9596
Server: integration.SimpleServerOptions{},
9697
StartClient: integration.StartClientDERP,
9798
RunTests: integration.TestSuite,
9899
},
99100
{
100-
// Test that direct over "easy" NAT works. This should use local
101-
// endpoints to connect as routing is enabled between client 1 and
102-
// client 2.
101+
// Test that direct over "easy" NAT works with IP/ports grabbed from
102+
// STUN.
103103
Name: "EasyNATDirect",
104104
SetupNetworking: integration.SetupNetworkingEasyNATWithSTUN,
105105
Server: integration.SimpleServerOptions{},
106106
StartClient: integration.StartClientDirect,
107107
RunTests: integration.TestSuite,
108108
},
109+
{
110+
// Test that direct over hard NAT <=> easy NAT works.
111+
Name: "HardNATEasyNATDirect",
112+
SetupNetworking: integration.SetupNetworkingHardNATEasyNATDirect,
113+
Server: integration.SimpleServerOptions{},
114+
StartClient: integration.StartClientDirect,
115+
RunTests: integration.TestSuite,
116+
},
109117
{
110118
// Test that DERP over WebSocket (as well as DERPForceWebSockets works).
111119
// This does not test the actual DERP failure detection code and
@@ -164,9 +172,9 @@ func TestIntegration(t *testing.T) {
164172

165173
closeServer := startServerSubprocess(t, topo.Name, networking)
166174

167-
closeSTUN := func() error { return nil }
168-
if networking.STUN.ListenAddr != "" {
169-
closeSTUN = startSTUNSubprocess(t, topo.Name, networking)
175+
stunClosers := make([]func() error, len(networking.STUNs))
176+
for i, stun := range networking.STUNs {
177+
stunClosers[i] = startSTUNSubprocess(t, topo.Name, i, stun)
170178
}
171179

172180
// Write the DERP maps to a file.
@@ -191,7 +199,9 @@ func TestIntegration(t *testing.T) {
191199

192200
// Close client2 and the server.
193201
require.NoError(t, closeClient2(), "client 2 exited")
194-
require.NoError(t, closeSTUN(), "stun exited")
202+
for i, closeSTUN := range stunClosers {
203+
require.NoErrorf(t, closeSTUN(), "stun %v exited", i)
204+
}
195205
require.NoError(t, closeServer(), "server exited")
196206
})
197207
}
@@ -210,10 +220,15 @@ func handleTestSubprocess(t *testing.T) {
210220
require.Contains(t, []string{"server", "stun", "client"}, *role, "unknown role %q", *role)
211221

212222
testName := topo.Name + "/"
213-
if *role == "server" || *role == "stun" {
214-
testName += *role
215-
} else {
223+
switch *role {
224+
case "server":
225+
testName += "server"
226+
case "stun":
227+
testName += fmt.Sprintf("stun%d", *stunNumber)
228+
case "client":
216229
testName += *clientName
230+
default:
231+
t.Fatalf("unknown role %q", *role)
217232
}
218233

219234
t.Run(testName, func(t *testing.T) {
@@ -328,12 +343,13 @@ func startServerSubprocess(t *testing.T, topologyName string, networking integra
328343
return closeFn
329344
}
330345

331-
func startSTUNSubprocess(t *testing.T, topologyName string, networking integration.TestNetworking) func() error {
332-
_, closeFn := startSubprocess(t, "stun", networking.STUN.Process.NetNS, []string{
346+
func startSTUNSubprocess(t *testing.T, topologyName string, number int, stun integration.TestNetworkingSTUN) func() error {
347+
_, closeFn := startSubprocess(t, "stun", stun.Process.NetNS, []string{
333348
"--subprocess",
334349
"--test-name=" + topologyName,
335350
"--role=stun",
336-
"--stun-listen-addr=" + networking.STUN.ListenAddr,
351+
"--stun-number=" + strconv.Itoa(number),
352+
"--stun-listen-addr=" + stun.ListenAddr,
337353
})
338354
return closeFn
339355
}

0 commit comments

Comments
 (0)