fix no permission test

coadler · coadler · commit cae734d3a1b2 · 2024-04-10T21:59:08.000Z
diff --git a/tailnet/configmaps.go b/tailnet/configmaps.go
@@ -443,8 +443,9 @@ func (c *configMaps) updatePeerLocked(update *proto.CoordinateResponse_PeerUpdat
 			lc.readyForHandshakeTimer.Stop()
 		}
 		if lc.node != nil {
-			dirty = dirty || !lc.node.KeepAlive
-			lc.node.KeepAlive = true
+			old := lc.node.KeepAlive
+			lc.node.KeepAlive = c.nodeKeepalive(lc, status, lc.node)
+			dirty = dirty || (old != lc.node.KeepAlive)
 		}
 		logger.Debug(context.Background(), "peer ready for handshake")
 		// only force a reconfig if the node populated
@@ -457,7 +458,6 @@ func (c *configMaps) updatePeerLocked(update *proto.CoordinateResponse_PeerUpdat
 		logger.Debug(context.Background(), "got peer ready for handshake for unknown peer")
 		lc = &peerLifecycle{
 			peerID:            id,
-			lost:              true,
 			readyForHandshake: true,
 		}
 		c.peers[id] = lc
@@ -633,10 +633,6 @@ func (*configMaps) nodeKeepalive(lc *peerLifecycle, status *ipnstate.Status, nod
 	if lc != nil && lc.isDestination && lc.readyForHandshake {
 		return true
 	}
-	// If keepalives are already enabled on the node, keep them enabled.
-	if lc != nil && lc.node != nil && lc.node.KeepAlive {
-		return true
-	}
 
 	// If none of the above are true, keepalives should not be enabled.
 	return false
diff --git a/tailnet/coordinator.go b/tailnet/coordinator.go
@@ -722,6 +722,13 @@ func (c *core) handleReadyForHandshakeLocked(src *peer, rfhs []*proto.Coordinate
 			// subsequently disconnect before the agent has sent back the RFH.
 			// Since this could potentially happen to a non-malicious agent, we
 			// don't want to kill its connection.
+			select {
+			case src.resps <- &proto.CoordinateResponse{
+				Error: fmt.Sprintf("you do not share a tunnel with %q", dstID.String()),
+			}:
+			default:
+				return ErrWouldBlock
+			}
 			continue
 		}
 
diff --git a/tailnet/coordinator_test.go b/tailnet/coordinator_test.go
@@ -464,33 +464,15 @@ func TestCoordinator(t *testing.T) {
 		clientID := uuid.New()
 		agentID := uuid.New()
 
-		aReq, _ := coordinator.Coordinate(ctx, agentID, agentID.String(), tailnet.AgentCoordinateeAuth{ID: agentID})
+		aReq, aRes := coordinator.Coordinate(ctx, agentID, agentID.String(), tailnet.AgentCoordinateeAuth{ID: agentID})
 		_, _ = coordinator.Coordinate(ctx, clientID, clientID.String(), tailnet.ClientCoordinateeAuth{AgentID: agentID})
 
-		nk, err := key.NewNode().Public().MarshalBinary()
-		require.NoError(t, err)
-		dk, err := key.NewDisco().Public().MarshalText()
-		require.NoError(t, err)
-		aReq <- &proto.CoordinateRequest{UpdateSelf: &proto.CoordinateRequest_UpdateSelf{
-			Node: &proto.Node{
-				Id:    3,
-				Key:   nk,
-				Disco: string(dk),
-			},
-		}}
-
-		require.Eventually(t, func() bool {
-			return coordinator.Node(agentID) != nil
-		}, testutil.WaitShort, testutil.IntervalFast)
-
 		aReq <- &proto.CoordinateRequest{ReadyForHandshake: []*proto.CoordinateRequest_ReadyForHandshake{{
 			Id: clientID[:],
 		}}}
 
-		// The agent node should disappear, indicating it was booted off.
-		require.Eventually(t, func() bool {
-			return coordinator.Node(agentID) == nil
-		}, testutil.WaitShort, testutil.IntervalFast)
+		rfhError := testutil.RequireRecvCtx(ctx, t, aRes)
+		require.NotEmpty(t, rfhError.Error)
 	})
 }
 
diff --git a/tailnet/proto/tailnet.pb.go b/tailnet/proto/tailnet.pb.go
diff --git a/tailnet/proto/tailnet.proto b/tailnet/proto/tailnet.proto
@@ -96,6 +96,7 @@ message CoordinateResponse {
 		string reason = 4;
 	}
 	repeated PeerUpdate peer_updates = 1;
+	string error = 2;
 }
 
 service Tailnet {

Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ message CoordinateResponse {`
`96`	`96`	`string reason = 4;`
`97`	`97`	`}`
`98`	`98`	`repeated PeerUpdate peer_updates = 1;`
	`99`	`+ string error = 2;`
`99`	`100`	`}`
`100`	`101`
`101`	`102`	`service Tailnet {`