package cluster import ( "encoding/json" "testing" ) func TestMeshLatestObservationKeySeparatesRouteHealthByRoute(t *testing.T) { key := meshLatestObservationKey(json.RawMessage(`{ "observation_type":"synthetic_route_health", "route_id":"route-1" }`)) if key != "synthetic_route_health:route-1" { t.Fatalf("key = %q", key) } } func TestMeshLatestObservationKeySeparatesConnectionManagerMode(t *testing.T) { key := meshLatestObservationKey(json.RawMessage(`{ "observation_type":"peer_connection_manager", "transport_mode":"relay_control", "relay_node_id":"node-r" }`)) if key != "peer_connection_manager:relay_control:node-r" { t.Fatalf("key = %q", key) } } func TestMeshLatestObservationKeyDefaults(t *testing.T) { key := meshLatestObservationKey(json.RawMessage(`{}`)) if key != "default" { t.Fatalf("key = %q", key) } } func TestEnrichVPNClientFabricRoutePrefersPlacementEntryAndActiveExit(t *testing.T) { item := VPNClientConnection{ AllowedNodeIDs: []string{"node-a", "node-b", "node-b"}, EntryNodeIDs: []string{"entry-1", "entry-2"}, ExitNodeID: "exit-policy", ActiveLease: &NodeVPNAssignmentLease{ OwnerNodeID: "exit-active", }, ClientConfig: json.RawMessage(`{"routes":["0.0.0.0/0"]}`), } var cfg map[string]any if err := json.Unmarshal(enrichVPNClientFabricRoute(item, "entry-2", ""), &cfg); err != nil { t.Fatalf("unmarshal enriched config: %v", err) } route, ok := cfg["vpn_fabric_route"].(map[string]any) if !ok { t.Fatalf("missing vpn_fabric_route in %#v", cfg) } if route["preferred_data_plane"] != "fabric_mesh" || route["fallback_data_plane"] != "backend_relay" { t.Fatalf("unexpected data-plane route contract: %#v", route) } if route["selected_entry_node_id"] != "entry-2" || route["selected_exit_node_id"] != "exit-active" { t.Fatalf("unexpected selected route endpoints: %#v", route) } if route["route_candidate_count"].(float64) != 8 { t.Fatalf("route candidate count = %#v", route["route_candidate_count"]) } candidates := route["route_candidates"].([]any) firstCandidate := candidates[0].(map[string]any) if firstCandidate["role"] != "preferred" || firstCandidate["entry_node_id"] != "entry-2" || firstCandidate["exit_node_id"] != "exit-active" { t.Fatalf("preferred route candidate = %#v", firstCandidate) } entryPool := route["entry_pool_node_ids"].([]any) exitPool := route["exit_pool_node_ids"].([]any) if len(entryPool) != 2 || entryPool[0] != "entry-1" || entryPool[1] != "entry-2" { t.Fatalf("entry pool = %#v", entryPool) } if len(exitPool) != 4 || exitPool[0] != "exit-policy" || exitPool[1] != "exit-active" || exitPool[2] != "node-a" || exitPool[3] != "node-b" { t.Fatalf("exit pool = %#v", exitPool) } contract, ok := cfg["vpn_dataplane_contract"].(map[string]any) if !ok { t.Fatalf("missing vpn_dataplane_contract in %#v", cfg) } if contract["tunnel_type"] != "universal_ip_packet" || contract["application_protocol_agnostic"] != true { t.Fatalf("unexpected dataplane contract: %#v", contract) } failover := contract["failover"].(map[string]any) if failover["enabled"] != true || failover["alternate_route_count"].(float64) != 7 { t.Fatalf("unexpected failover contract: %#v", failover) } } func TestEnrichVPNClientFabricRoutePrefersExplicitExit(t *testing.T) { item := VPNClientConnection{ AllowedNodeIDs: []string{"node-a", "node-b", "node-c"}, EntryNodeIDs: []string{"entry-1", "entry-2"}, ExitNodeID: "exit-policy-a", ActiveLease: &NodeVPNAssignmentLease{ OwnerNodeID: "", }, ClientConfig: json.RawMessage(`{"routes":["0.0.0.0/0"]}`), } var cfg map[string]any if err := json.Unmarshal(enrichVPNClientFabricRoute(item, "entry-1", "node-c"), &cfg); err != nil { t.Fatalf("unmarshal enriched config: %v", err) } route, ok := cfg["vpn_fabric_route"].(map[string]any) if !ok { t.Fatalf("missing vpn_fabric_route in %#v", cfg) } if route["selected_entry_node_id"] != "entry-1" { t.Fatalf("unexpected selected entry: %#v", route["selected_entry_node_id"]) } if route["selected_exit_node_id"] != "node-c" { t.Fatalf("unexpected selected exit: %#v", route["selected_exit_node_id"]) } } func TestEnrichVPNClientEntryEndpointCandidatesAddsReportedEntryAPI(t *testing.T) { item := VPNClientConnection{ EntryNodeIDs: []string{"entry-1"}, ClientConfig: json.RawMessage(`{ "vpn_fabric_route": { "status": "planned", "selected_entry_node_id": "entry-1", "selected_exit_node_id": "exit-1" } }`), } heartbeatMetadata := json.RawMessage(`{ "mesh_endpoint_report": { "transport": "direct_http", "connectivity_mode": "direct", "nat_type": "none", "region": "test", "peer_endpoint": "http://entry.example.test:19131", "endpoint_candidates": [{ "endpoint_id": "public-http", "node_id": "entry-1", "transport": "direct_http", "address": "http://entry.example.test:19131", "reachability": "public", "priority": 0 }] } }`) endpoints := map[string][]map[string]any{ "entry-1": vpnEntryEndpointCandidatesFromHeartbeat("entry-1", json.RawMessage(`{"vpn_local_gateway_shortcut":true}`), heartbeatMetadata), } var cfg map[string]any if err := json.Unmarshal(enrichVPNClientEntryEndpointCandidates(item, endpoints), &cfg); err != nil { t.Fatalf("unmarshal enriched config: %v", err) } if cfg["vpn_entry_endpoint_candidate_count"].(float64) != 1 { t.Fatalf("candidate count = %#v", cfg["vpn_entry_endpoint_candidate_count"]) } candidates := cfg["vpn_entry_endpoint_candidates"].([]any) candidate := candidates[0].(map[string]any) if candidate["node_id"] != "entry-1" || candidate["api_base_url"] != "http://entry.example.test:19131/api/v1" { t.Fatalf("unexpected endpoint candidate: %#v", candidate) } if candidate["local_gateway_shortcut"] != true { t.Fatalf("local gateway shortcut missing: %#v", candidate) } if candidate["selected_entry"] != true || candidate["source"] != "node_latest_heartbeat.mesh_endpoint_report.endpoint_candidates" { t.Fatalf("unexpected endpoint metadata: %#v", candidate) } }