From 93082b809267b8f543452a336f9d8e69c35348fb Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 23 Sep 2022 10:39:42 +0200 Subject: [PATCH 01/21] Protect against user injection for registration CLI page This commit addresses a potential issue where we allowed unsanitised content to be passed through a go template without validation. We now try to unmarshall the incoming node key and fails to render the template if it is not a valid node key. Signed-off-by: Kristoffer Dalby --- api.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/api.go b/api.go index f5de5038..23aa7c5a 100644 --- a/api.go +++ b/api.go @@ -9,6 +9,7 @@ import ( "github.com/gorilla/mux" "github.com/rs/zerolog/log" + "tailscale.com/types/key" ) const ( @@ -93,7 +94,18 @@ func (h *Headscale) RegisterWebAPI( ) { vars := mux.Vars(req) nodeKeyStr, ok := vars["nkey"] - if !ok || nodeKeyStr == "" { + + // We need to make sure we dont open for XSS style injections, if the parameter that + // is passed as a key is not parsable/validated as a NodePublic key, then fail to render + // the template and log an error. + var nodeKey key.NodePublic + err := nodeKey.UnmarshalText( + []byte(NodePublicKeyEnsurePrefix(nodeKeyStr)), + ) + + if !ok || nodeKeyStr == "" || err != nil { + log.Warn().Err(err).Msg("Failed to parse incoming nodekey") + writer.Header().Set("Content-Type", "text/plain; charset=utf-8") writer.WriteHeader(http.StatusBadRequest) _, err := writer.Write([]byte("Wrong params")) @@ -130,7 +142,7 @@ func (h *Headscale) RegisterWebAPI( writer.Header().Set("Content-Type", "text/html; charset=utf-8") writer.WriteHeader(http.StatusOK) - _, err := writer.Write(content.Bytes()) + _, err = writer.Write(content.Bytes()) if err != nil { log.Error(). Caller(). From 75a8fc8b3e503d1c9d5eaeb481b689351cbbc97e Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 23 Sep 2022 10:44:29 +0200 Subject: [PATCH 02/21] Update changelog Signed-off-by: Kristoffer Dalby --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 443305da..2b4f6260 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ - Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788) - Fix subnet routers with Primary Routes [#811](https://github.com/juanfont/headscale/pull/811) - Added support for JSON logs [#653](https://github.com/juanfont/headscale/issues/653) +- Sanitise the node key passed to registration url [#823](https://github.com/juanfont/headscale/pull/823) ## 0.16.4 (2022-08-21) From 2bb34751d19dcdfdf188db437e93a75ed9b6c14a Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 23 Sep 2022 11:51:38 +0200 Subject: [PATCH 03/21] Validate the incoming nodekey with regex before attempting to parse Signed-off-by: Kristoffer Dalby --- api.go | 16 ++++++++++++++++ utils.go | 3 +++ 2 files changed, 19 insertions(+) diff --git a/api.go b/api.go index 23aa7c5a..4c3a6ca8 100644 --- a/api.go +++ b/api.go @@ -95,6 +95,22 @@ func (h *Headscale) RegisterWebAPI( vars := mux.Vars(req) nodeKeyStr, ok := vars["nkey"] + if !NodePublicKeyRegex.Match([]byte(nodeKeyStr)) { + log.Warn().Str("node_key", nodeKeyStr).Msg("Invalid node key passed to registration url") + + writer.Header().Set("Content-Type", "text/plain; charset=utf-8") + writer.WriteHeader(http.StatusUnauthorized) + _, err := writer.Write([]byte("Unauthorized")) + if err != nil { + log.Error(). + Caller(). + Err(err). + Msg("Failed to write response") + } + + return + } + // We need to make sure we dont open for XSS style injections, if the parameter that // is passed as a key is not parsable/validated as a NodePublic key, then fail to render // the template and log an error. diff --git a/utils.go b/utils.go index 666683cf..7ef054de 100644 --- a/utils.go +++ b/utils.go @@ -17,6 +17,7 @@ import ( "os" "path/filepath" "reflect" + "regexp" "strconv" "strings" @@ -64,6 +65,8 @@ const ( ZstdCompression = "zstd" ) +var NodePublicKeyRegex = regexp.MustCompile("nodekey:[a-fA-F0-9]+") + func MachinePublicKeyStripPrefix(machineKey key.MachinePublic) string { return strings.TrimPrefix(machineKey.String(), machinePublicHexPrefix) } From 8be14ef6feb160bf67f83be54624d0a83af95a16 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 23 Sep 2022 11:51:46 +0200 Subject: [PATCH 04/21] gofumpt Signed-off-by: Kristoffer Dalby --- utils.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils.go b/utils.go index 7ef054de..fc1fafa2 100644 --- a/utils.go +++ b/utils.go @@ -328,7 +328,9 @@ func GenerateRandomStringDNSSafe(size int) (string, error) { if err != nil { return "", err } - str = strings.ToLower(strings.ReplaceAll(strings.ReplaceAll(str, "_", ""), "-", "")) + str = strings.ToLower( + strings.ReplaceAll(strings.ReplaceAll(str, "_", ""), "-", ""), + ) } return str[:size], nil From 72e2fa46c7dae3a02b8dd314d5d3324bb7c7181b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 30 Sep 2022 08:23:20 +0000 Subject: [PATCH 05/21] docs(README): update contributors --- README.md | 103 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 70 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index a0586f1b..2752d093 100644 --- a/README.md +++ b/README.md @@ -195,6 +195,15 @@ make build Jiang Zhu + + + Benjamin +
+ Benjamin Roberts + + + + Nico/ @@ -202,8 +211,6 @@ make build Nico - - e-zk/ @@ -239,6 +246,8 @@ make build ohdearaugustin + + Moritz @@ -246,8 +255,6 @@ make build Moritz Poldrack - - GrigoriyMikhalkin/ @@ -255,6 +262,13 @@ make build GrigoriyMikhalkin + + + Mike +
+ Mike Lloyd + + Niek @@ -276,6 +290,8 @@ make build Azz + + Anton @@ -290,8 +306,13 @@ make build Aaron Bieber - - + + + Igor +
+ Igor Perepilitsyn + + Laurent @@ -308,11 +329,13 @@ make build - Hoàng + hdhoang/
- Hoàng Đức Hiếu + hdhoang + + bravechamp/ @@ -327,6 +350,13 @@ make build Deon Thomas + + + Jamie +
+ Jamie Greeff + + ChibangLW/ @@ -334,8 +364,6 @@ make build ChibangLW - - Mevan @@ -350,6 +378,8 @@ make build Michael G. + + Paul @@ -378,8 +408,6 @@ make build Artem Klevtsov - - Casey @@ -394,6 +422,8 @@ make build Pavlos Vinieratos + + Silver @@ -422,8 +452,6 @@ make build thomas - - Abraham @@ -438,6 +466,8 @@ make build Antoine POPINEAU + + Aofei @@ -466,8 +496,6 @@ make build Carson Yang - - kundel/ @@ -482,6 +510,8 @@ make build Felix Kronlage-Dammers + + Felix @@ -496,13 +526,6 @@ make build JJGadgets - - - Jamie -
- Jamie Greeff - - Jim @@ -510,8 +533,13 @@ make build Jim Tittsler - - + + + Jonathan +
+ Jonathan de Jong + + Pierre @@ -526,6 +554,8 @@ make build Rasmus Moorats + + rcursaru/ @@ -554,8 +584,13 @@ make build Shaanan Cohney - - + + + Stefan +
+ Stefan VanBuren + + sophware/ @@ -563,6 +598,8 @@ make build sophware + + Tanner/ @@ -598,8 +635,6 @@ make build Tjerk Woudsma - - Yang @@ -607,6 +642,8 @@ make build Yang Bin + + Yujie @@ -642,8 +679,6 @@ make build henning mueller - - ignoramous/ @@ -651,11 +686,13 @@ make build ignoramous + + - lion24/ + sharkonet/
- lion24 + sharkonet From 6b67584d477946cd83b8fa70d9cb3e4ce53703d7 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 13:27:18 +0200 Subject: [PATCH 06/21] Fix DERP name in integration tests Signed-off-by: Kristoffer Dalby --- integration_common_test.go | 2 +- integration_embedded_derp_test.go | 5 +++-- integration_general_test.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/integration_common_test.go b/integration_common_test.go index 9cce12fa..a72af91f 100644 --- a/integration_common_test.go +++ b/integration_common_test.go @@ -19,7 +19,7 @@ import ( ) const ( - headscaleHostname = "headscale-derp" + headscaleHostname = "headscale" DOCKER_EXECUTE_TIMEOUT = 10 * time.Second ) diff --git a/integration_embedded_derp_test.go b/integration_embedded_derp_test.go index a31006e1..4a8a337f 100644 --- a/integration_embedded_derp_test.go +++ b/integration_embedded_derp_test.go @@ -27,6 +27,7 @@ import ( ) const ( + headscaleDerpHostname = "headscale-derp" namespaceName = "derpnamespace" totalContainers = 3 ) @@ -112,7 +113,7 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { } headscaleOptions := &dockertest.RunOptions{ - Name: headscaleHostname, + Name: headscaleDerpHostname, Mounts: []string{ fmt.Sprintf( "%s/integration_test/etc_embedded_derp:/etc/headscale", @@ -127,7 +128,7 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { }, } - err = s.pool.RemoveContainerByName(headscaleHostname) + err = s.pool.RemoveContainerByName(headscaleDerpHostname) if err != nil { s.FailNow( fmt.Sprintf( diff --git a/integration_general_test.go b/integration_general_test.go index 5abdccbb..2f61cfe9 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -236,7 +236,7 @@ func (s *IntegrationTestSuite) SetupSuite() { } headscaleOptions := &dockertest.RunOptions{ - Name: "headscale", + Name: headscaleHostname, Mounts: []string{ fmt.Sprintf("%s/integration_test/etc:/etc/headscale", currentPath), }, From 4904ccc3c3598a391d46e9150f6f84d6e92156a4 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 13:39:57 +0200 Subject: [PATCH 07/21] Make sure mock container is removed before started Signed-off-by: Kristoffer Dalby --- integration_oidc_test.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/integration_oidc_test.go b/integration_oidc_test.go index 70f793b2..55b87fd8 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -25,7 +25,8 @@ import ( ) const ( - oidcHeadscaleHostname = "headscale" + oidcHeadscaleHostname = "headscale-oidc" + oidcMockHostname = "headscale-mock-oidc" oidcNamespaceName = "oidcnamespace" totalOidcContainers = 3 ) @@ -113,8 +114,7 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { s.Suite.T().Log("Setting up mock OIDC") mockOidcOptions := &dockertest.RunOptions{ - Name: "mockoidc", - Hostname: "mockoidc", + Name: oidcMockHostname, Cmd: []string{"headscale", "mockoidc"}, ExposedPorts: []string{"10000/tcp"}, Networks: []*dockertest.Network{&s.network}, @@ -133,6 +133,18 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { ContextDir: ".", } + err = s.pool.RemoveContainerByName(oidcMockHostname) + if err != nil { + s.FailNow( + fmt.Sprintf( + "Could not remove existing container before building test: %s", + err, + ), + "", + ) + } + + if pmockoidc, err := s.pool.BuildAndRunWithBuildOptions( headscaleBuildOptions, mockOidcOptions, From 201f81ce00a34c867ecc229fbbae4f32aa626cb8 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 14:40:28 +0200 Subject: [PATCH 08/21] Make sure mockoidc is up, has unique name and removed if exist Signed-off-by: Kristoffer Dalby --- cmd/headscale/cli/mockoidc.go | 2 +- integration_general_test.go | 11 +++++++++++ integration_oidc_test.go | 30 +++++++++++++++++++++++++++--- 3 files changed, 39 insertions(+), 4 deletions(-) diff --git a/cmd/headscale/cli/mockoidc.go b/cmd/headscale/cli/mockoidc.go index 4313bbf6..8f9c904a 100644 --- a/cmd/headscale/cli/mockoidc.go +++ b/cmd/headscale/cli/mockoidc.go @@ -61,7 +61,7 @@ func mockOIDC() error { return err } - listener, err := net.Listen("tcp", fmt.Sprintf("mockoidc:%d", port)) + listener, err := net.Listen("tcp", fmt.Sprintf("headscale-mock-oidc:%d", port)) if err != nil { return err } diff --git a/integration_general_test.go b/integration_general_test.go index 2f61cfe9..5bfebe1d 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -191,6 +191,17 @@ func (s *IntegrationTestSuite) tailscaleContainer( }, } + err = s.pool.RemoveContainerByName(hostname) + if err != nil { + s.FailNow( + fmt.Sprintf( + "Could not remove existing container before building test: %s", + err, + ), + "", + ) + } + pts, err := s.pool.BuildAndRunWithBuildOptions( tailscaleBuildOptions, tailscaleOptions, diff --git a/integration_oidc_test.go b/integration_oidc_test.go index 55b87fd8..3f9a7a9e 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -144,7 +144,6 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { ) } - if pmockoidc, err := s.pool.BuildAndRunWithBuildOptions( headscaleBuildOptions, mockOidcOptions, @@ -154,6 +153,31 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not start mockOIDC container: %s", err), "") } + s.Suite.T().Logf("Waiting for headscale mock oidc to be ready for tests") + hostEndpoint := fmt.Sprintf("localhost:%s", s.mockOidc.GetPort("10000/tcp")) + + if err := s.pool.Retry(func() error { + url := fmt.Sprintf("http://%s/oidc/.well-known/openid-configuration", hostEndpoint) + resp, err := http.Get(url) + if err != nil { + log.Printf("headscale mock OIDC tests is not ready: %s\n", err) + return err + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("status code not OK") + } + + return nil + }); err != nil { + // TODO(kradalby): If we cannot access headscale, or any other fatal error during + // test setup, we need to abort and tear down. However, testify does not seem to + // support that at the moment: + // https://github.com/stretchr/testify/issues/849 + return // fmt.Errorf("Could not connect to headscale: %s", err) + } + s.Suite.T().Log("headscale-mock-oidc container is ready for embedded OIDC tests") + oidcCfg := fmt.Sprintf(` oidc: issuer: http://%s:10000/oidc @@ -228,10 +252,10 @@ oidc: } s.Suite.T().Logf("Waiting for headscale to be ready for embedded OIDC tests") - hostEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8443/tcp")) + hostMockEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8443/tcp")) if err := s.pool.Retry(func() error { - url := fmt.Sprintf("https://%s/health", hostEndpoint) + url := fmt.Sprintf("https://%s/health", hostMockEndpoint) insecureTransport := http.DefaultTransport.(*http.Transport).Clone() insecureTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} client := &http.Client{Transport: insecureTransport} From 382a37f1e16a51b35d7975415b96a3e50274068c Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 14:41:20 +0200 Subject: [PATCH 09/21] Test against last patch version Signed-off-by: Kristoffer Dalby --- integration_common_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration_common_test.go b/integration_common_test.go index a72af91f..de85a3bd 100644 --- a/integration_common_test.go +++ b/integration_common_test.go @@ -32,7 +32,7 @@ var ( tailscaleVersions = []string{ // "head", // "unstable", - "1.30.0", + "1.30.2", "1.28.0", "1.26.2", "1.24.2", From 37a4d41d0ef729daf195f6bda4f6d95781940727 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 15:37:41 +0200 Subject: [PATCH 10/21] Make addr configurable Signed-off-by: Kristoffer Dalby --- cmd/headscale/cli/mockoidc.go | 6 +++++- integration_oidc_test.go | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/cmd/headscale/cli/mockoidc.go b/cmd/headscale/cli/mockoidc.go index 8f9c904a..165a5115 100644 --- a/cmd/headscale/cli/mockoidc.go +++ b/cmd/headscale/cli/mockoidc.go @@ -46,6 +46,10 @@ func mockOIDC() error { if clientSecret == "" { return errMockOidcClientSecretNotDefined } + addrStr := os.Getenv("MOCKOIDC_ADDR") + if addrStr == "" { + return errMockOidcPortNotDefined + } portStr := os.Getenv("MOCKOIDC_PORT") if portStr == "" { return errMockOidcPortNotDefined @@ -61,7 +65,7 @@ func mockOIDC() error { return err } - listener, err := net.Listen("tcp", fmt.Sprintf("headscale-mock-oidc:%d", port)) + listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", addrStr, port)) if err != nil { return err } diff --git a/integration_oidc_test.go b/integration_oidc_test.go index 3f9a7a9e..4d3b39e1 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -122,6 +122,7 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { "10000/tcp": {{HostPort: "10000"}}, }, Env: []string{ + fmt.Sprintf("MOCKOIDC_ADDR=%s", oidcMockHostname), "MOCKOIDC_PORT=10000", "MOCKOIDC_CLIENT_ID=superclient", "MOCKOIDC_CLIENT_SECRET=supersecret", @@ -330,6 +331,8 @@ func (s *IntegrationOIDCTestSuite) AuthenticateOIDC( resp, err := client.Get(loginURL.String()) assert.Nil(s.T(), err) + log.Printf("auth body, err: %#v, %s", resp, err) + body, err := io.ReadAll(resp.Body) assert.Nil(s.T(), err) From a0ec3690b6ea49c2343f8dcd975868811e921ec0 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 16:02:34 +0200 Subject: [PATCH 11/21] Fix error declaration Signed-off-by: Kristoffer Dalby --- integration_general_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integration_general_test.go b/integration_general_test.go index 5bfebe1d..7185c606 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -191,7 +191,7 @@ func (s *IntegrationTestSuite) tailscaleContainer( }, } - err = s.pool.RemoveContainerByName(hostname) + err := s.pool.RemoveContainerByName(hostname) if err != nil { s.FailNow( fmt.Sprintf( @@ -202,7 +202,7 @@ func (s *IntegrationTestSuite) tailscaleContainer( ) } - pts, err := s.pool.BuildAndRunWithBuildOptions( + pts, err = s.pool.BuildAndRunWithBuildOptions( tailscaleBuildOptions, tailscaleOptions, DockerRestartPolicy, From aca3a667c49803fcb92052aa3a8a6648cdc99117 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 3 Oct 2022 16:15:39 +0200 Subject: [PATCH 12/21] Fix declaration of pointer Signed-off-by: Kristoffer Dalby --- integration_general_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration_general_test.go b/integration_general_test.go index 7185c606..1f0e8be6 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -202,7 +202,7 @@ func (s *IntegrationTestSuite) tailscaleContainer( ) } - pts, err = s.pool.BuildAndRunWithBuildOptions( + pts, err := s.pool.BuildAndRunWithBuildOptions( tailscaleBuildOptions, tailscaleOptions, DockerRestartPolicy, From 85df2c80a84860290901a249f2cf081e876e66e1 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 10:45:23 +0200 Subject: [PATCH 13/21] Run oidc tests fully in docker Signed-off-by: Kristoffer Dalby --- Makefile | 4 ++- integration_common_test.go | 19 ++++++++++++ integration_oidc_test.go | 36 ++++++++++++---------- integration_test/etc_oidc/base_config.yaml | 2 +- 4 files changed, 43 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 84cb63cf..33fc1b50 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,9 @@ test_integration_general: go test -failfast -tags integration_general,integration -timeout 30m -count=1 ./... test_integration_oidc: - go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... + docker network rm $$(docker network ls --filter name=headscale --quiet) || true + docker network create headscale-test || true + docker run -it --rm --network headscale-test -v $$PWD:$$PWD -w $$PWD -v /var/run/docker.sock:/var/run/docker.sock golang:1 go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... coverprofile_func: go tool cover -func=coverage.out diff --git a/integration_common_test.go b/integration_common_test.go index de85a3bd..a11c5b13 100644 --- a/integration_common_test.go +++ b/integration_common_test.go @@ -316,3 +316,22 @@ func GetEnvBool(key string) (bool, error) { return v, nil } + +func GetFirstOrCreateNetwork(pool *dockertest.Pool, name string) (dockertest.Network, error) { + networks, err := pool.NetworksByName(name) + if err != nil || len(networks) == 0 { + + if _, err := pool.CreateNetwork(name); err == nil { + // Create does not give us an updated version of the resource, so we need to + // get it again. + networks, err := pool.NetworksByName(name) + if err != nil { + return dockertest.Network{}, err + } + + return networks[0], nil + } + } + + return networks[0], nil +} diff --git a/integration_oidc_test.go b/integration_oidc_test.go index 4d3b39e1..b438a41b 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -26,7 +26,7 @@ import ( const ( oidcHeadscaleHostname = "headscale-oidc" - oidcMockHostname = "headscale-mock-oidc" + oidcMockHostname = "headscale-mock-oidc" oidcNamespaceName = "oidcnamespace" totalOidcContainers = 3 ) @@ -96,19 +96,11 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } - if pnetwork, err := s.pool.CreateNetwork("headscale-test"); err == nil { - s.network = *pnetwork - } else { - s.FailNow(fmt.Sprintf("Could not create network: %s", err), "") - } - - // Create does not give us an updated version of the resource, so we need to - // get it again. - networks, err := s.pool.NetworksByName("headscale-test") + network, err := GetFirstOrCreateNetwork(&s.pool, "headscale-test") if err != nil { - s.FailNow(fmt.Sprintf("Could not get network: %s", err), "") + s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") } - s.network = networks[0] + s.network = network log.Printf("Network config: %v", s.network.Network.IPAM.Config[0]) @@ -155,7 +147,11 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { } s.Suite.T().Logf("Waiting for headscale mock oidc to be ready for tests") - hostEndpoint := fmt.Sprintf("localhost:%s", s.mockOidc.GetPort("10000/tcp")) + hostEndpoint := fmt.Sprintf( + "%s:%s", + s.mockOidc.GetIPInNetwork(&s.network), + s.mockOidc.GetPort("10000/tcp"), + ) if err := s.pool.Retry(func() error { url := fmt.Sprintf("http://%s/oidc/.well-known/openid-configuration", hostEndpoint) @@ -253,7 +249,11 @@ oidc: } s.Suite.T().Logf("Waiting for headscale to be ready for embedded OIDC tests") - hostMockEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8443/tcp")) + hostMockEndpoint := fmt.Sprintf( + "%s:%s", + s.headscale.GetIPInNetwork(&s.network), + s.headscale.GetPort("8443/tcp"), + ) if err := s.pool.Retry(func() error { url := fmt.Sprintf("https://%s/health", hostMockEndpoint) @@ -347,7 +347,6 @@ func (s *IntegrationOIDCTestSuite) joinOIDC( endpoint, hostname string, tailscale dockertest.Resource, ) (*url.URL, error) { - command := []string{ "tailscale", "up", @@ -536,7 +535,12 @@ func (s *IntegrationOIDCTestSuite) TestPingAllPeersByAddress() { []string{}, ) assert.Nil(t, err) - log.Printf("result for %s: stdout: %s, stderr: %s\n", hostname, stdout, stderr) + log.Printf( + "result for %s: stdout: %s, stderr: %s\n", + hostname, + stdout, + stderr, + ) assert.Contains(t, stdout, "pong") }) } diff --git a/integration_test/etc_oidc/base_config.yaml b/integration_test/etc_oidc/base_config.yaml index 10fa7751..7db58a2a 100644 --- a/integration_test/etc_oidc/base_config.yaml +++ b/integration_test/etc_oidc/base_config.yaml @@ -11,7 +11,7 @@ private_key_path: private.key noise: private_key_path: noise_private.key listen_addr: 0.0.0.0:8443 -server_url: https://localhost:8443 +server_url: https://headscale-oidc:8443 tls_cert_path: "/etc/headscale/tls/server.crt" tls_key_path: "/etc/headscale/tls/server.key" tls_client_auth_mode: disabled From f3dbfc9045ca5f49c80e90cbe15770d3c2d00b94 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 10:45:41 +0200 Subject: [PATCH 14/21] Style change Signed-off-by: Kristoffer Dalby --- integration_common_test.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/integration_common_test.go b/integration_common_test.go index a11c5b13..1d69972b 100644 --- a/integration_common_test.go +++ b/integration_common_test.go @@ -115,13 +115,19 @@ func ExecuteCommand( fmt.Println("stdout: ", stdout.String()) fmt.Println("stderr: ", stderr.String()) - return stdout.String(), stderr.String(), fmt.Errorf("command failed with: %s", stderr.String()) + return stdout.String(), stderr.String(), fmt.Errorf( + "command failed with: %s", + stderr.String(), + ) } return stdout.String(), stderr.String(), nil case <-time.After(execConfig.timeout): - return stdout.String(), stderr.String(), fmt.Errorf("command timed out after %s", execConfig.timeout) + return stdout.String(), stderr.String(), fmt.Errorf( + "command timed out after %s", + execConfig.timeout, + ) } } From 88931001fd996ae50b198407fceb8f9ff36279e2 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 10:45:51 +0200 Subject: [PATCH 15/21] Fail correctly if container exist Signed-off-by: Kristoffer Dalby --- integration_oidc_test.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/integration_oidc_test.go b/integration_oidc_test.go index b438a41b..dd3c99dd 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -412,7 +412,13 @@ func (s *IntegrationOIDCTestSuite) tailscaleContainer( DockerAllowNetworkAdministration, ) if err != nil { - log.Fatalf("Could not start tailscale container version %s: %s", version, err) + s.FailNow( + fmt.Sprintf( + "Could not start tailscale container version %s: %s", + version, + err, + ), + ) } log.Printf("Created %s container\n", hostname) From 22cabc16d7ce39671ff7e887dc2f6392e4dac290 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 10:56:22 +0200 Subject: [PATCH 16/21] No interactive tty Signed-off-by: Kristoffer Dalby --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 33fc1b50..0369435e 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ test_integration_general: test_integration_oidc: docker network rm $$(docker network ls --filter name=headscale --quiet) || true docker network create headscale-test || true - docker run -it --rm --network headscale-test -v $$PWD:$$PWD -w $$PWD -v /var/run/docker.sock:/var/run/docker.sock golang:1 go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... + docker run -t --rm --network headscale-test -v $$PWD:$$PWD -w $$PWD -v /var/run/docker.sock:/var/run/docker.sock golang:1 go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... coverprofile_func: go tool cover -func=coverage.out From a94ed0586e0b93c2f8fdd86495189fd0c244bfe5 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 13:23:40 +0200 Subject: [PATCH 17/21] Run all integration tests fully in docker Signed-off-by: Kristoffer Dalby --- Makefile | 30 ++++++++++++++++++++---- integration_embedded_derp_test.go | 38 ++++++++++++++++++++----------- integration_general_test.go | 4 +++- 3 files changed, 54 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 0369435e..eeac2805 100644 --- a/Makefile +++ b/Makefile @@ -27,18 +27,40 @@ test: test_integration: test_integration_cli test_integration_derp test_integration_oidc test_integration_general test_integration_cli: - go test -failfast -tags integration_cli,integration -timeout 30m -count=1 ./... + docker network rm $$(docker network ls --filter name=headscale --quiet) || true + docker network create headscale-test || true + docker run -t --rm \ + --network headscale-test \ + -v $$PWD:$$PWD -w $$PWD \ + -v /var/run/docker.sock:/var/run/docker.sock golang:1 \ + go test -failfast -tags integration_cli,integration -timeout 30m -count=1 ./... test_integration_derp: - go test -failfast -tags integration_derp,integration -timeout 30m -count=1 ./... + docker network rm $$(docker network ls --filter name=headscale --quiet) || true + docker network create headscale-test || true + docker run -t --rm \ + --network headscale-test \ + -v $$PWD:$$PWD -w $$PWD \ + -v /var/run/docker.sock:/var/run/docker.sock golang:1 \ + go test -failfast -tags integration_derp,integration -timeout 30m -count=1 ./... test_integration_general: - go test -failfast -tags integration_general,integration -timeout 30m -count=1 ./... + docker network rm $$(docker network ls --filter name=headscale --quiet) || true + docker network create headscale-test || true + docker run -t --rm \ + --network headscale-test \ + -v $$PWD:$$PWD -w $$PWD \ + -v /var/run/docker.sock:/var/run/docker.sock golang:1 \ + go test -failfast -tags integration_general,integration -timeout 30m -count=1 ./... test_integration_oidc: docker network rm $$(docker network ls --filter name=headscale --quiet) || true docker network create headscale-test || true - docker run -t --rm --network headscale-test -v $$PWD:$$PWD -w $$PWD -v /var/run/docker.sock:/var/run/docker.sock golang:1 go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... + docker run -t --rm \ + --network headscale-test \ + -v $$PWD:$$PWD -w $$PWD \ + -v /var/run/docker.sock:/var/run/docker.sock golang:1 \ + go test -failfast -tags integration_oidc,integration -timeout 30m -count=1 ./... coverprofile_func: go tool cover -func=coverage.out diff --git a/integration_embedded_derp_test.go b/integration_embedded_derp_test.go index 4a8a337f..421e01d0 100644 --- a/integration_embedded_derp_test.go +++ b/integration_embedded_derp_test.go @@ -28,18 +28,19 @@ import ( const ( headscaleDerpHostname = "headscale-derp" - namespaceName = "derpnamespace" - totalContainers = 3 + namespaceName = "derpnamespace" + totalContainers = 3 ) type IntegrationDERPTestSuite struct { suite.Suite stats *suite.SuiteInformation - pool dockertest.Pool - networks map[int]dockertest.Network // so we keep the containers isolated - headscale dockertest.Resource - saveLogs bool + pool dockertest.Pool + network dockertest.Network + containerNetworks map[int]dockertest.Network // so we keep the containers isolated + headscale dockertest.Resource + saveLogs bool tailscales map[string]dockertest.Resource joinWaitGroup sync.WaitGroup @@ -54,7 +55,7 @@ func TestDERPIntegrationTestSuite(t *testing.T) { s := new(IntegrationDERPTestSuite) s.tailscales = make(map[string]dockertest.Resource) - s.networks = make(map[int]dockertest.Network) + s.containerNetworks = make(map[int]dockertest.Network) s.saveLogs = saveLogs suite.Run(t, s) @@ -79,7 +80,7 @@ func TestDERPIntegrationTestSuite(t *testing.T) { log.Printf("Could not purge resource: %s\n", err) } - for _, network := range s.networks { + for _, network := range s.containerNetworks { if err := network.Close(); err != nil { log.Printf("Could not close network: %s\n", err) } @@ -94,9 +95,15 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } + network, err := GetFirstOrCreateNetwork(&s.pool, "headscale-test") + if err != nil { + s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") + } + s.network = network + for i := 0; i < totalContainers; i++ { if pnetwork, err := s.pool.CreateNetwork(fmt.Sprintf("headscale-derp-%d", i)); err == nil { - s.networks[i] = *pnetwork + s.containerNetworks[i] = *pnetwork } else { s.FailNow(fmt.Sprintf("Could not create network: %s", err), "") } @@ -121,6 +128,7 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { ), }, Cmd: []string{"headscale", "serve"}, + Networks: []*dockertest.Network{&s.network}, ExposedPorts: []string{"8443/tcp", "3478/udp"}, PortBindings: map[docker.Port][]docker.PortBinding{ "8443/tcp": {{HostPort: "8443"}}, @@ -154,13 +162,15 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { hostname, container := s.tailscaleContainer( fmt.Sprint(i), version, - s.networks[i], + s.containerNetworks[i], ) s.tailscales[hostname] = *container } log.Println("Waiting for headscale to be ready for embedded DERP tests") - hostEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8443/tcp")) + hostEndpoint := fmt.Sprintf("%s:%s", + s.headscale.GetIPInNetwork(&s.network), + s.headscale.GetPort("8443/tcp")) if err := s.pool.Retry(func() error { url := fmt.Sprintf("https://%s/health", hostEndpoint) @@ -321,7 +331,7 @@ func (s *IntegrationDERPTestSuite) TearDownSuite() { log.Printf("Could not purge resource: %s\n", err) } - for _, network := range s.networks { + for _, network := range s.containerNetworks { if err := network.Close(); err != nil { log.Printf("Could not close network: %s\n", err) } @@ -429,7 +439,9 @@ func (s *IntegrationDERPTestSuite) TestPingAllPeersByHostname() { } func (s *IntegrationDERPTestSuite) TestDERPSTUN() { - headscaleSTUNAddr := fmt.Sprintf("localhost:%s", s.headscale.GetPort("3478/udp")) + headscaleSTUNAddr := fmt.Sprintf("%s:%s", + s.headscale.GetIPInNetwork(&s.network), + s.headscale.GetPort("3478/udp")) client := stun.NewClient() client.SetVerbose(true) client.SetVVerbose(true) diff --git a/integration_general_test.go b/integration_general_test.go index 1f0e8be6..d24c4d95 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -289,7 +289,9 @@ func (s *IntegrationTestSuite) SetupSuite() { } log.Println("Waiting for headscale to be ready for core integration tests") - hostEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8080/tcp")) + hostEndpoint := fmt.Sprintf("%s:%s", + s.headscale.GetIPInNetwork(&s.network), + s.headscale.GetPort("8080/tcp")) if err := s.pool.Retry(func() error { url := fmt.Sprintf("http://%s/health", hostEndpoint) From ed2236aa24a8c375f8b8c9d3574b8f1017e323f2 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 13:49:24 +0200 Subject: [PATCH 18/21] Add buildtags to pls Signed-off-by: Kristoffer Dalby --- flake.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 050fd747..f7d0c669 100644 --- a/flake.nix +++ b/flake.nix @@ -128,7 +128,13 @@ }; in rec { # `nix develop` - devShell = pkgs.mkShell {buildInputs = devDeps;}; + devShell = pkgs.mkShell { + buildInputs = devDeps; + + shellHook = '' + export GOFLAGS=-tags="integration,integration_general,integration_oidc,integration_cli,integration_derp" + ''; + }; # `nix build` packages = with pkgs; { From a846e13c78b29e93ea2e11a80572d2d928b012ab Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 14:29:21 +0200 Subject: [PATCH 19/21] Expose and use ports consistently Signed-off-by: Kristoffer Dalby --- integration_cli_test.go | 9 ++++++++- integration_general_test.go | 4 ++++ integration_oidc_test.go | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/integration_cli_test.go b/integration_cli_test.go index bf302d2d..cc9d33b2 100644 --- a/integration_cli_test.go +++ b/integration_cli_test.go @@ -13,6 +13,7 @@ import ( v1 "github.com/juanfont/headscale/gen/go/headscale/v1" "github.com/ory/dockertest/v3" + "github.com/ory/dockertest/v3/docker" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" ) @@ -63,6 +64,10 @@ func (s *IntegrationCLITestSuite) SetupTest() { Mounts: []string{ fmt.Sprintf("%s/integration_test/etc:/etc/headscale", currentPath), }, + ExposedPorts: []string{"8080/tcp"}, + PortBindings: map[docker.Port][]docker.PortBinding{ + "8080/tcp": {{HostPort: "8080"}}, + }, Networks: []*dockertest.Network{&s.network}, Cmd: []string{"headscale", "serve"}, } @@ -87,7 +92,9 @@ func (s *IntegrationCLITestSuite) SetupTest() { fmt.Println("Created headscale container for CLI tests") fmt.Println("Waiting for headscale to be ready for CLI tests") - hostEndpoint := fmt.Sprintf("localhost:%s", s.headscale.GetPort("8080/tcp")) + hostEndpoint := fmt.Sprintf("%s:%s", + s.headscale.GetIPInNetwork(&s.network), + s.headscale.GetPort("8080/tcp")) if err := s.pool.Retry(func() error { url := fmt.Sprintf("http://%s/health", hostEndpoint) diff --git a/integration_general_test.go b/integration_general_test.go index d24c4d95..4087c9db 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -189,6 +189,10 @@ func (s *IntegrationTestSuite) tailscaleContainer( Cmd: []string{ "tailscaled", "--tun=tsdev", }, + ExposedPorts: []string{"8080/tcp"}, + PortBindings: map[docker.Port][]docker.PortBinding{ + "8080/tcp": {{HostPort: "8080"}}, + }, } err := s.pool.RemoveContainerByName(hostname) diff --git a/integration_oidc_test.go b/integration_oidc_test.go index dd3c99dd..27c1e7bc 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -109,10 +109,10 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { Name: oidcMockHostname, Cmd: []string{"headscale", "mockoidc"}, ExposedPorts: []string{"10000/tcp"}, - Networks: []*dockertest.Network{&s.network}, PortBindings: map[docker.Port][]docker.PortBinding{ "10000/tcp": {{HostPort: "10000"}}, }, + Networks: []*dockertest.Network{&s.network}, Env: []string{ fmt.Sprintf("MOCKOIDC_ADDR=%s", oidcMockHostname), "MOCKOIDC_PORT=10000", From d900f48d38ae145b009bd683a0f4d71fc0a6efb1 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 14:39:49 +0200 Subject: [PATCH 20/21] expose right porsts Signed-off-by: Kristoffer Dalby --- integration_general_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integration_general_test.go b/integration_general_test.go index 4087c9db..500247df 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -189,10 +189,6 @@ func (s *IntegrationTestSuite) tailscaleContainer( Cmd: []string{ "tailscaled", "--tun=tsdev", }, - ExposedPorts: []string{"8080/tcp"}, - PortBindings: map[docker.Port][]docker.PortBinding{ - "8080/tcp": {{HostPort: "8080"}}, - }, } err := s.pool.RemoveContainerByName(hostname) @@ -255,6 +251,10 @@ func (s *IntegrationTestSuite) SetupSuite() { Mounts: []string{ fmt.Sprintf("%s/integration_test/etc:/etc/headscale", currentPath), }, + ExposedPorts: []string{"8080/tcp"}, + PortBindings: map[docker.Port][]docker.PortBinding{ + "8080/tcp": {{HostPort: "8080"}}, + }, Networks: []*dockertest.Network{&s.network}, Cmd: []string{"headscale", "serve"}, } From 8ee35c9c226cfe6ed8ae8b46bc6be3a96810a223 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 7 Oct 2022 22:10:33 +0200 Subject: [PATCH 21/21] Stuff Signed-off-by: Kristoffer Dalby --- integration_cli_test.go | 12 ++++++------ integration_common_test.go | 1 + integration_embedded_derp_test.go | 3 ++- integration_general_test.go | 8 ++++---- integration_oidc_test.go | 2 +- 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/integration_cli_test.go b/integration_cli_test.go index cc9d33b2..0f5d69ad 100644 --- a/integration_cli_test.go +++ b/integration_cli_test.go @@ -43,11 +43,11 @@ func (s *IntegrationCLITestSuite) SetupTest() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } - if pnetwork, err := s.pool.CreateNetwork("headscale-test"); err == nil { - s.network = *pnetwork - } else { - s.FailNow(fmt.Sprintf("Could not create network: %s", err), "") + network, err := GetFirstOrCreateNetwork(&s.pool, headscaleNetwork) + if err != nil { + s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") } + s.network = network headscaleBuildOptions := &dockertest.BuildOptions{ Dockerfile: "Dockerfile", @@ -64,12 +64,12 @@ func (s *IntegrationCLITestSuite) SetupTest() { Mounts: []string{ fmt.Sprintf("%s/integration_test/etc:/etc/headscale", currentPath), }, + Cmd: []string{"headscale", "serve"}, + Networks: []*dockertest.Network{&s.network}, ExposedPorts: []string{"8080/tcp"}, PortBindings: map[docker.Port][]docker.PortBinding{ "8080/tcp": {{HostPort: "8080"}}, }, - Networks: []*dockertest.Network{&s.network}, - Cmd: []string{"headscale", "serve"}, } err = s.pool.RemoveContainerByName(headscaleHostname) diff --git a/integration_common_test.go b/integration_common_test.go index 1d69972b..f3c39232 100644 --- a/integration_common_test.go +++ b/integration_common_test.go @@ -19,6 +19,7 @@ import ( ) const ( + headscaleNetwork = "headscale-test" headscaleHostname = "headscale" DOCKER_EXECUTE_TIMEOUT = 10 * time.Second ) diff --git a/integration_embedded_derp_test.go b/integration_embedded_derp_test.go index 421e01d0..c83f6106 100644 --- a/integration_embedded_derp_test.go +++ b/integration_embedded_derp_test.go @@ -95,7 +95,7 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } - network, err := GetFirstOrCreateNetwork(&s.pool, "headscale-test") + network, err := GetFirstOrCreateNetwork(&s.pool, headscaleNetwork) if err != nil { s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") } @@ -120,6 +120,7 @@ func (s *IntegrationDERPTestSuite) SetupSuite() { } headscaleOptions := &dockertest.RunOptions{ + Name: headscaleDerpHostname, Mounts: []string{ fmt.Sprintf( diff --git a/integration_general_test.go b/integration_general_test.go index 500247df..5b5abf07 100644 --- a/integration_general_test.go +++ b/integration_general_test.go @@ -230,11 +230,11 @@ func (s *IntegrationTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } - if pnetwork, err := s.pool.CreateNetwork("headscale-test"); err == nil { - s.network = *pnetwork - } else { - s.FailNow(fmt.Sprintf("Could not create network: %s", err), "") + network, err := GetFirstOrCreateNetwork(&s.pool, headscaleNetwork) + if err != nil { + s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") } + s.network = network headscaleBuildOptions := &dockertest.BuildOptions{ Dockerfile: "Dockerfile", diff --git a/integration_oidc_test.go b/integration_oidc_test.go index 27c1e7bc..ba0b00f6 100644 --- a/integration_oidc_test.go +++ b/integration_oidc_test.go @@ -96,7 +96,7 @@ func (s *IntegrationOIDCTestSuite) SetupSuite() { s.FailNow(fmt.Sprintf("Could not connect to docker: %s", err), "") } - network, err := GetFirstOrCreateNetwork(&s.pool, "headscale-test") + network, err := GetFirstOrCreateNetwork(&s.pool, headscaleNetwork) if err != nil { s.FailNow(fmt.Sprintf("Failed to create or get network: %s", err), "") }