220 lines
8.2 KiB
Go
220 lines
8.2 KiB
Go
package cluster
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
)
|
|
|
|
func TestMeshLatestObservationKeySeparatesRouteHealthByRoute(t *testing.T) {
|
|
key := meshLatestObservationKey(json.RawMessage(`{
|
|
"observation_type":"synthetic_route_health",
|
|
"route_id":"route-1"
|
|
}`))
|
|
if key != "synthetic_route_health:route-1" {
|
|
t.Fatalf("key = %q", key)
|
|
}
|
|
}
|
|
|
|
func TestMeshLatestObservationKeySeparatesConnectionManagerMode(t *testing.T) {
|
|
key := meshLatestObservationKey(json.RawMessage(`{
|
|
"observation_type":"peer_connection_manager",
|
|
"transport_mode":"relay_control",
|
|
"relay_node_id":"node-r"
|
|
}`))
|
|
if key != "peer_connection_manager:relay_control:node-r" {
|
|
t.Fatalf("key = %q", key)
|
|
}
|
|
}
|
|
|
|
func TestMeshLatestObservationKeyDefaults(t *testing.T) {
|
|
key := meshLatestObservationKey(json.RawMessage(`{}`))
|
|
if key != "default" {
|
|
t.Fatalf("key = %q", key)
|
|
}
|
|
}
|
|
|
|
func TestEnrichVPNClientFabricRoutePrefersPlacementEntryAndPolicyExit(t *testing.T) {
|
|
item := VPNClientConnection{
|
|
AllowedNodeIDs: []string{"node-a", "node-b", "node-b"},
|
|
EntryNodeIDs: []string{"entry-1", "entry-2"},
|
|
ExitNodeID: "exit-policy",
|
|
ActiveLease: &NodeVPNAssignmentLease{
|
|
OwnerNodeID: "exit-active",
|
|
},
|
|
ClientConfig: json.RawMessage(`{"routes":["0.0.0.0/0"]}`),
|
|
}
|
|
|
|
var cfg map[string]any
|
|
if err := json.Unmarshal(enrichVPNClientFabricRoute(item, "entry-2", ""), &cfg); err != nil {
|
|
t.Fatalf("unmarshal enriched config: %v", err)
|
|
}
|
|
route, ok := cfg["vpn_fabric_route"].(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("missing vpn_fabric_route in %#v", cfg)
|
|
}
|
|
if route["preferred_data_plane"] != "fabric_service_channel" || route["fallback_data_plane"] != "none" || route["backend_relay_fallback"] != false {
|
|
t.Fatalf("unexpected data-plane route contract: %#v", route)
|
|
}
|
|
if route["selected_entry_node_id"] != "entry-2" || route["selected_exit_node_id"] != "exit-policy" {
|
|
t.Fatalf("unexpected selected route endpoints: %#v", route)
|
|
}
|
|
if route["route_candidate_count"].(float64) != 8 {
|
|
t.Fatalf("route candidate count = %#v", route["route_candidate_count"])
|
|
}
|
|
candidates := route["route_candidates"].([]any)
|
|
firstCandidate := candidates[0].(map[string]any)
|
|
if firstCandidate["role"] != "preferred" || firstCandidate["entry_node_id"] != "entry-2" || firstCandidate["exit_node_id"] != "exit-policy" {
|
|
t.Fatalf("preferred route candidate = %#v", firstCandidate)
|
|
}
|
|
entryPool := route["entry_pool_node_ids"].([]any)
|
|
exitPool := route["exit_pool_node_ids"].([]any)
|
|
if len(entryPool) != 2 || entryPool[0] != "entry-1" || entryPool[1] != "entry-2" {
|
|
t.Fatalf("entry pool = %#v", entryPool)
|
|
}
|
|
if len(exitPool) != 4 || exitPool[0] != "exit-policy" || exitPool[1] != "exit-active" || exitPool[2] != "node-a" || exitPool[3] != "node-b" {
|
|
t.Fatalf("exit pool = %#v", exitPool)
|
|
}
|
|
contract, ok := cfg["vpn_dataplane_contract"].(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("missing vpn_dataplane_contract in %#v", cfg)
|
|
}
|
|
if contract["tunnel_type"] != "universal_ip_packet" || contract["application_protocol_agnostic"] != true {
|
|
t.Fatalf("unexpected dataplane contract: %#v", contract)
|
|
}
|
|
failover := contract["failover"].(map[string]any)
|
|
if failover["enabled"] != true || failover["alternate_route_count"].(float64) != 7 {
|
|
t.Fatalf("unexpected failover contract: %#v", failover)
|
|
}
|
|
}
|
|
|
|
func TestEnrichVPNClientFabricRoutePrefersExplicitExit(t *testing.T) {
|
|
item := VPNClientConnection{
|
|
AllowedNodeIDs: []string{"node-a", "node-b", "node-c"},
|
|
EntryNodeIDs: []string{"entry-1", "entry-2"},
|
|
ExitNodeID: "exit-policy-a",
|
|
ActiveLease: &NodeVPNAssignmentLease{
|
|
OwnerNodeID: "",
|
|
},
|
|
ClientConfig: json.RawMessage(`{"routes":["0.0.0.0/0"]}`),
|
|
}
|
|
|
|
var cfg map[string]any
|
|
if err := json.Unmarshal(enrichVPNClientFabricRoute(item, "entry-1", "node-c"), &cfg); err != nil {
|
|
t.Fatalf("unmarshal enriched config: %v", err)
|
|
}
|
|
route, ok := cfg["vpn_fabric_route"].(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("missing vpn_fabric_route in %#v", cfg)
|
|
}
|
|
if route["selected_entry_node_id"] != "entry-1" {
|
|
t.Fatalf("unexpected selected entry: %#v", route["selected_entry_node_id"])
|
|
}
|
|
if route["selected_exit_node_id"] != "node-c" {
|
|
t.Fatalf("unexpected selected exit: %#v", route["selected_exit_node_id"])
|
|
}
|
|
}
|
|
|
|
func TestEnrichVPNClientFabricRouteUsesActiveLeaseWhenNoPolicyExit(t *testing.T) {
|
|
item := VPNClientConnection{
|
|
AllowedNodeIDs: []string{"node-a", "node-b"},
|
|
EntryNodeIDs: []string{"entry-1"},
|
|
ActiveLease: &NodeVPNAssignmentLease{
|
|
OwnerNodeID: "node-b",
|
|
},
|
|
ClientConfig: json.RawMessage(`{"routes":["0.0.0.0/0"]}`),
|
|
}
|
|
|
|
var cfg map[string]any
|
|
if err := json.Unmarshal(enrichVPNClientFabricRoute(item, "entry-1", ""), &cfg); err != nil {
|
|
t.Fatalf("unmarshal enriched config: %v", err)
|
|
}
|
|
route, ok := cfg["vpn_fabric_route"].(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("missing vpn_fabric_route in %#v", cfg)
|
|
}
|
|
if route["selected_exit_node_id"] != "node-b" {
|
|
t.Fatalf("unexpected selected exit: %#v", route["selected_exit_node_id"])
|
|
}
|
|
}
|
|
|
|
func TestEnrichVPNClientEntryEndpointCandidatesAddsReportedQUICEndpoint(t *testing.T) {
|
|
item := VPNClientConnection{
|
|
EntryNodeIDs: []string{"entry-1"},
|
|
ClientConfig: json.RawMessage(`{
|
|
"vpn_fabric_route": {
|
|
"status": "planned",
|
|
"selected_entry_node_id": "entry-1",
|
|
"selected_exit_node_id": "exit-1"
|
|
}
|
|
}`),
|
|
}
|
|
heartbeatMetadata := json.RawMessage(`{
|
|
"mesh_endpoint_report": {
|
|
"transport": "direct_quic",
|
|
"connectivity_mode": "direct",
|
|
"nat_type": "none",
|
|
"region": "test",
|
|
"peer_endpoint": "quic://entry.example.test:19131",
|
|
"endpoint_candidates": [{
|
|
"endpoint_id": "public-quic",
|
|
"node_id": "entry-1",
|
|
"transport": "direct_quic",
|
|
"address": "quic://entry.example.test:19131",
|
|
"reachability": "public",
|
|
"priority": 0
|
|
}]
|
|
}
|
|
}`)
|
|
endpoints := map[string][]map[string]any{
|
|
"entry-1": vpnEntryEndpointCandidatesFromHeartbeat("entry-1", json.RawMessage(`{"vpn_local_gateway_shortcut":true}`), heartbeatMetadata),
|
|
}
|
|
|
|
var cfg map[string]any
|
|
if err := json.Unmarshal(enrichVPNClientEntryEndpointCandidates(item, endpoints), &cfg); err != nil {
|
|
t.Fatalf("unmarshal enriched config: %v", err)
|
|
}
|
|
if cfg["vpn_entry_endpoint_candidate_count"].(float64) != 1 {
|
|
t.Fatalf("candidate count = %#v", cfg["vpn_entry_endpoint_candidate_count"])
|
|
}
|
|
candidates := cfg["vpn_entry_endpoint_candidates"].([]any)
|
|
candidate := candidates[0].(map[string]any)
|
|
if candidate["node_id"] != "entry-1" || candidate["address"] != "quic://entry.example.test:19131" {
|
|
t.Fatalf("unexpected endpoint candidate: %#v", candidate)
|
|
}
|
|
if _, ok := candidate["api_base_url"]; ok {
|
|
t.Fatalf("QUIC dataplane candidate must not expose an API base URL: %#v", candidate)
|
|
}
|
|
if _, ok := candidate["local_gateway_shortcut"]; ok {
|
|
t.Fatalf("local gateway shortcut must not be advertised in farm-owned VPN mode: %#v", candidate)
|
|
}
|
|
if candidate["selected_entry"] != true || candidate["source"] != "node_latest_heartbeat.mesh_endpoint_report.endpoint_candidates" {
|
|
t.Fatalf("unexpected endpoint metadata: %#v", candidate)
|
|
}
|
|
}
|
|
|
|
func TestVPNEntryEndpointCandidatesKeepsQUICEndpointsAndRejectsLegacyHTTP(t *testing.T) {
|
|
heartbeatMetadata := json.RawMessage(`{
|
|
"mesh_endpoint_report": {
|
|
"transport": "direct_quic",
|
|
"connectivity_mode": "direct",
|
|
"peer_endpoint": "quic://192.168.200.85:18080",
|
|
"endpoint_candidates": [
|
|
{"endpoint_id":"admin-web","node_id":"entry-1","transport":"direct_quic","address":"quic://192.168.200.85:18080","reachability":"private","priority":0},
|
|
{"endpoint_id":"http-old","node_id":"entry-1","transport":"direct_http","address":"http://192.168.200.85:19131","reachability":"private","priority":1},
|
|
{"endpoint_id":"mesh-quic","node_id":"entry-1","transport":"direct_quic","address":"quic://192.168.200.85:19131","reachability":"private","priority":2}
|
|
]
|
|
}
|
|
}`)
|
|
candidates := vpnEntryEndpointCandidatesFromHeartbeat("entry-1", nil, heartbeatMetadata)
|
|
if len(candidates) != 2 {
|
|
t.Fatalf("candidate count = %d, want two QUIC dataplane endpoints: %#v", len(candidates), candidates)
|
|
}
|
|
got := map[string]string{}
|
|
for _, candidate := range candidates {
|
|
got[candidate["endpoint_id"].(string)] = candidate["address"].(string)
|
|
}
|
|
if got["admin-web"] != "quic://192.168.200.85:18080" || got["mesh-quic"] != "quic://192.168.200.85:19131" {
|
|
t.Fatalf("unexpected candidates: %#v", candidates)
|
|
}
|
|
}
|