archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
alexc/bump-setec
jwhited/so-reuseport
bradfitz/mutex_debug
main
davidb/k8s-tailnet-crd
hwh33/add-unix-sockets-to-serve
davidb/k8s-multi-tailnet
tomhjp/bun
tomhjp/test-with-cigocached-down
cmol/resolveconf_trample_trample_back
alexc/tailscale-lock-status-json
tomhjp/cigocacher-windows
dependabot/go_modules/gokrazy/natlabapp/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.38.0
raggi/disco-key-tsmp2
bradfitz/lazy_wg_pushdown2
release-branch/1.92
raggi/envknobs-gso-gro
aaron/oss_17111
jonathan/netmon-changedelta
tomhjp/win-go-brrr
fran/conn25-peer-api
release-branch/1.90
tomhjp/tsnet-auth-loop
jwhited/relay-set-flags-config
bradfitz/disco_change_remove_sync
alexc/better-localbackend-logging
bradfitz/cgnat_disable_v4
chaosinthecrd/k8s-operator-ha-ingress-readiness
dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.45.0
tomhjp/cigocacher-with-ci
raggi/disco-key-tsmp
bradfitz/nm_cache_disk
dsnet/netlog-tailcfg
zofrex/fix-peerapi-double-up
patrickod/swtpm-integration-test
bradfitz/nm_cache
bradfitz/getstatus
icio/netmap-diff-check
bradfitz/eventbus_too_slow
jonathan/netns_probe
andrew/syncs-tsync
gesa/ssh-client-session-monitoring
raggi/latencyqueue
raggi/disco-key-rotate-graceful
jaxxstorm/static_endpoints
dsnet/migrate-omitzero
dsnet/jsonimports-ci
naman/tls-terminated-tcp-services
gesa/device-ui-bug
fserb/no-ell
mikeodr/add-nixos-modules
alexc/no-ell-in-tailchonk
alexc/tka-dont-fetch-unneeded-bootstrap
dependabot/github_actions/github/codeql-action-4.31.0
containerboot-exit-code
nickkhyl/healthnotify-on-release
bradfitz/cherry-pick-iptables
cmol/add_upnp_release_timeout
zofrex/auto-login-comments
k8s-ingress-redirect
ipn-redirect
release-branch/1.90.0
bradfitz/test
alexc/share-tka-tests
ptruby/initial-tailscale-ui-components-integration
releaase
release-branch/1.88
davidb/containerboot-disconnect-control
andrew/pr-17281-test
nickkhyl/lb-statemachine2
tomhjp/k8s-egress-to-svcs
tomhjp/default-state-encryption
sfllaw/tailscale-ping-for-client-side-reachability
zofrex/set-url-wg-status-race-2
cmol/portupdate_eventbus_direct
bradfitz/evsub
tomhjp/k8s-e2e-with-devcontrol
tomhjp/k8s-e2e
zofrex/fix-test-wg-engine-status-race
bradfitz/magicsock_relayserver
alexc/mark-break-watcher-conn-recv-flaky
jonathan/derp-health-spam
ipv6-nameserver
knyar/sshcap
bradfitz/rm_usermetrics_66KB
percy/issue16983
dsnet/logtail-iopipe
bradfitz/cli_ts2021_hang_test
jamesbrad/controlhttp-race-dial
bradfitz/foo
alexc/clean-up-deprecated-aliases
knyar/serve-grants-headers
alexc/more-testing-for-tailscale-up
dependabot/github_actions/actions/create-github-app-token-2.1.4
alexc/offline-integration-test
bradfitz/ios_ish
alexc/add-named-options-to-send
patrickod/hardware-attestation-key
tomhjp/poc-peer-relay-proxygroup
bradfitz/lite-on-restart
knyar/netmapdiff2
dependabot/github_actions/actions/setup-go-6.0.0
alex-command
jwhited/relay-manager-logs
percy/oss14025-2
percy/oss14025
jonathan/darwin-netmon-thrashing
alexc/remove-magic-dns-suffix
nickkhyl/locksmith
dependabot/github_actions/actions/checkout-5.0.0
tomhjp/test
release-branch/1.86
cmol/decouple_magicsock_ipnlocal
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
dependabot/go_modules/github.com/docker/docker-28.0.0incompatible
icio/shrink-singleflight
aaron/gocross
mzb/corp-30906/direct-dnstype
jwhited/lazy-endpoint-control-knobs
jwhited/disable-peer-relay-if-cryptorouting-disabled
dylan/debug-peer-relay-sessions
kradalby/chaos-oss
sfllaw/traffic-steering/suggest-exit-node-steering
sam/tailscale-up-with-jwt
push-tyyxlsmpmlvz
k8s_priority_class
k8s-idp
rajsinghtech/tsidp-kubestore
dns-proxygroup
tomhjp/handle-multiple-messages-per-ws-frame
tomhjp/debug
tomhjp/disable-http2
sfllaw/traffic-steering/debug-set-location
tomhjp/k8s-proxy-auth-mode-reload
jwhited/peer-relay-pathological-intervals
jwhited/relay-manager-alloc-req-no-keepalives
fran/nat-conn-follower-only-flag
dsnet/jsonv1in2
mpminardi/policy-debugging
jwhited/verify-peer-periodically
tomhjp/k8s-proxy-svc
tomhjp/authkey-reissue
jwhited/peer-verify-every-packet-batch
dsnet/update-jsonv2
kevin/packet_to_vipService_by_ip_instead_of_host
release-branch/1.84
chaosinthecrd/k8s-operator-proxygroup-event-filter
jwhited/testing-mod-capver-checks
annotations
bradfitz/tinyderpclient
awly/tpm-seal-timing
awly/tpm-command-caps
nickkhyl/authreconfig-defer-unlock
dylan/derp-hosting-provider
nocross
kari/nilbus
patrickod/bump-circl
percy/drive-verbose
tomhjp/magicsock-endpoints
chaosinthecrd/k8s-operator-tailscale-service-ports
tomhjp/k8s-proxy-3
kevin/add_services_flag_to_tailscale_serve_and_enrich_output
exclude_int
irbekrm/pretendpoints
revert-15839-zofrex/refactor-control-health
kari/taildropsaf2
jwhited/relay-handshake
irbekrm/ingress_services
knyar/tnlocktest
nickkhyl/authreconfig-once
mjf/no-ws-on-ios
kevin/test_for_applyCheckoutAddr
knyar/lp
jwhited/ep-relay-capable
tomhjp/k8s-proxy-2
proxyclass/sa
dependabot/github_actions/golangci/golangci-lint-action-8.0.0
nickkhyl/context-with-lock
nickkhyl/ctxlock-generics
bradfitz/nodectx_ctx
nickkhyl/appendmatchingpeers
mikeodr/derp-mesh-separate-port-26312
nickkhyl/nodecontext-lifecycle
patrickod/webui-sec-fetch-site
patrickod/safeweb-sec-fetch-site
chaosinthecrd/k8s-operator-network-proxy-ha-mode
kari/saftaildrop
dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.35.0
push-ykxypyzonmux
chaosinthecrd/configure-proxyclass-via-annotation
irbekrm/doc_tags
nickkhyl/fix-dialplan-resets
irbekrm/log_invalid_order
nickkhyl/viewer-improvements
release-branch/1.82
zofrex/poc-health-v2
dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.38.0
knyar/morebuntu
knyar/dnstest
jwhited/relay-peerapi
jasonodonnell/add-twice-set-test
mpminardi/temp
jonathan/dns_loopback
kari/taildropsaf
bradfitz/mcp
rajsinghtech/k8s-operator/enphemeral
rajsinghtech/cmd/k8s-operator/enphemeral-proxy
raggi/iptables-kernel-bug-message
tomhjp/ingress-preshutdown
percy/issue14393
chart/k8s-operator
bradfitz/plan9
bradfitz/notify_delta
irbekrm/cert_share_kubestore
kevin/add_services_to_status_subcommand_for_serve
percy/corp27066-vizerror-wrapf
irbekrm/certsharev2
tomhjp/mock-acme-server
andrew/current-time
raggi/natc-6
mpminardi/test-cache-experiments
push-wmvmtoxuoumt
push-otwrlsqunmon
brianp/controlclient-timings
release-branch/1.80
raggi/stun-reply-source
jaxxstorm/ssm_kms
patrickod/backport-csrf-fix
fran/franwip3
patrickod/reverse-web-handler-order-csrf
scottjab/add-sparsefile-punching
icio/views-jsonv2
icio/opt-nojsonv2
raggi/stunc2
irbekrm/cert_share
zofrex/testwrapper-json-output
bradfitz/gocross_cgo_packages_test
fran/franwip2
awly/go_124
icio/testwrapper2
icio/go1.24-testwrapper
andrew/wgengine-filter-split
irbekrm/pc_pretendpoints
percy/movelocalapi
zach/temporary-cert-testing
raggi/netmon-darwin-route-restart
operator_direct_connections
raggi/derp-204-cache-control
raggi/mkversion-pre
zofrex/x-poc-e2e-netmap-packetfilter-test
angott/26146-define
mpminardi/bump-go-patch
knyar/installmore
knyar/install
raggi/hello-temp
andrew/execqueue-metrics
bradfitz/controll
tomhjp/dns-01-test-env
nickkhyl/tailscaled-deferredinit
bradfitz/browser_ext
irbekrm/funnel_on
bradfitz/syspolicy_key
raggi/natc-upstream-keepalive
percy/derp-track-drop-distribution
mpminardi/deadlock-test
dependabot/go_modules/gokrazy/natlabapp.arm64/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.33.0
percy/derp-track-queue-depth
release-branch/1.78
bradfitz/lanscaping
andrew/topk-no-duplicates
irbekrm/lcdeprecated
awly/appconnector-debug-logs
irbekrm/vip_svcs_api
irbekrm/udp_fwd
kradalby/nix-dont-overlap-tool
irbekrm/egressc
jwhited/qd-slice
docker_state
will/status-tailnet
patrickod/bradtfitz-flow-rebased
percy/derpopt
tomhjp/consistent-state-test
walterp/docs-863-update-docker-run-command-on-docker-hub-page-for
mpminardi/derp-ideal-reconnect
irbekrm/tunmssg
percy/derp_sequence_diagram
mpminardi/derp-experiments
awly/hide-wranings-option
awly/tlsdial-mitm-warning
andrew/context-dedup-errors
irbekrm/containerboot_healthz
percy/issue24522-1-continuous-bandwidth
bradfitz/avoid_initial
raggi/derp-intern-key
percy/issue24522-2-region-restrict-yaml
andrew/dnscache-hard-code-localhost
irbekrm/debug
bradfitz/nodepublic_uniq
bradfitz/bench
fran/natc-raft
irbekrm/connector_multireplica
release-branch/1.76
lp
bradfitz/percy/unforked-ssh-try-gomod
percy/unforked-ssh-try
bradfitz/mesh_vpc
knyar/metricshelp
irbekrm/serve_log
andrew/keyfallback
naman/web-client-update-fixes
percy/derp-jwt
andrew/wgengine-router-debug
bradfitz/cmd_printmetric
adrian/stricter-labels
bradfitz/ssh_config_from_env
kradalby/usermetrics-wgengine-errors
dsnet/slices-collect
tomhjp/tailscaled-kube-conf
mpminardi/dsm-7-2-builds-fix
13765-taildrive-server-unexpectedly-starts-on-apple-tv
angott/23782
bradfitz/vizerrinternal2
bradfitz/vizinternal
fran/fix-appc-routes
irbekrm/egressconfig
13685-low-memory-mode-in-logtail-may-no-longer-be-needed
angott/doh-clients-sleep-mode
release-branch/1.74
tomhjp/comparable-struct-as-key
adrian/vip
andrew/noise-conn-test
bradfitz/quic_dns
knyar/usermetrics-wgengine
raggi/eperm-health
fran/natc-consensus-prototype
bradfitz/dup_add
bradfitz/derp_flow_track
kradalby/userfacing-metrics-moar
angott/dns-cli-stream
maisem/tsnet-forward
angott/captive-exit-node-disablement
bradfitz/bumptoolchain
angott/tvos-23087
nickkhyl/http2-for-win-safesocket
irbekrm/egresshapm
dependabot/npm_and_yarn/cmd/tsconnect/micromatch-4.0.8
irbekrm/egressha
nickkhyl/authurl-notify-backport
jwhited/test-local-forwarder
release-branch/1.72
jonathan/missing_resolvers
knyar/userfacing-metrics
andrew/disco-af-packet-refactor
jwhited/gvisor-revert-gro
irbekrm/proxycidrs
22332-macos-sequoia-hostname
knyar/metrictype
dependabot/go_modules/github.com/docker/docker-26.1.5incompatible
bradfitz/vnet2
jwhited/derp-https-tcp-connect
raggi/callmebaby
raggi/linux6644
irbekrm/reload_config
maisem/flake-3
nickkhyl/syspolicy-new
irbekrm/dnat
raggi/dnsfallback
irbekrm/websocket
andrew/captive-use-atomic
marwan/offunc
jwhited/gVisor-gso-gro
release-branch/1.70
irbekrm/kubetestsetup
irbekrm/eks
dsnet/syncs-lock
raggi/derp-route-optimization
will-systray
bradfitz/json2
andrew/dns-more-logging
andrew/net-dns-systemd-no-stub
release-branch/1.68
fran/fix-appc-write-new-domain
adrian/fix-vet-failures
angott/dns-warnables
andrew/workgraph
agottardo-patch-1
bradfitz/resume
irbekrm/operator_linux_only
nickkhyl/posture-sn-override
kradalby/chaos
angott/ignore-some-warnings-startup
irbekrm/fixsubnets
irbekrm/dnstest
irbekrm/fix
irbekrm/accept_routes
percy/issue8593
percy/issue8593-prep
release-branch/1.66
icio/public-key-short
clairew/handle-auto-exit-node-value
knyar/install2
will/tsnet-udp
raggi/web-zst-precompress
raggi/gocross-empty-goos-goarch
andrew/dns-fallback
andrew/prom-omit-metrics
jwhited/android-packet-vectors
knyar/renew
bradfitz/debug_tstest
clairew/revert-storing-last-suggested
andrew/debug-integration-tests
fran/appc-ensmallen-gh-preset
ox/11854-3-sftp
percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a
ox/corp-19592
ox/11954-3
ox/11854
kevin/Split_Remove_advertised_routes_from_pref
bradfitz/dataplane_logs_no_logs_no_support
nickkhyl/ipn-user-identity
irbekrm/extsvcnftableslb
andrew/dns-wrap-errors
release-branch/1.64
noncombatant/safeweb-cleanup
bradfitz/login_retry
release-branch/1.64.0
fran/appc-store-routes-by-source
andrew/controlclient-use-last-addr
enable-exit-node-dst-logs
clairew/peer-node-capability-documentation
revert-11590-catzkorn/penguin
enable-exit-node-dst-logs-2
licenses/corp
licenses/android
licenses/cli
release-branch/1.62
clairew/log-dst-exit-node
fran/appc-domain-delte-prototype
irbekrm/maybe_fix_v6
oxtoacart/golden_memory
irbekrm/cherry_fix_panic
oxtoacart/no_indent_status
angott/corp-18441
soniaappasamy/serve-funnel-ui
brafitz/remote-config
andrew/control-key-store
maisem/proxy-1
release-branch/1.60
andrew/netstack-forwarder-debug
oxtoacart/immediately_access_shares
irbekrm/splitkeys
oxtoacart/automount
angott/sleep-debug-apis
clairew/suggest-non-mullvad-exit-node
tom/tka4
clairew/add-latitude-longitude
irbekrm/operatorversion
oxtoacart/dsnet_codereview_fixes
clairew/client-suggest-node-poc
raggi/rand
flyingsquirrel_bak
will/containerboot-webui
irbekrm/clustermagicdns
noncombatant/add-hello-systemd
catzkorn/jira
release-branch/1.58
kradalby/view-only-type
clairew/add-disco-pong-padding
clairew/receive-icmp-errors
dgentry-b10911
irbekrm/proxyclass2
irbekrm/proxyclass
irbekrm/byocerts
knyar/worklifeposture
dsnet/httpio
will/webclient-mobile
will/webclient-csrf
irbekrm/static_crd
irbekrm/manifests_crd
maisem/exp-k8s
release-branch/1.44
irbekrm/containerbootdeclarativeconf
kube_exp
irbekrm/conf
raggi/stun-subprocess
andrew/nixos-vm-tests
irbekrm/set_args
andrew/peer-ipv6-addrs
irbekrm/external_services
irbekrm/os
irbekrm/pull_in_certs
irbekrm/kube_build_tags
release-branch/1.56
jwhited/derp-cmm-timestamp
soniaappasamy/use-swr
marwan/displayname
release-branch/1.54
danderson/debug-garden
jwhited/unsafe-exp
clairew/test-wrapper-file
bradfitz/compontent_logs
kradalby-keys-db-interface
kradalby/keys-db-interface
andrew/upnp-unfork
bm/tsoidc
irbekrm/le
knyar/restartmap
kristoffer/editable-tailnet-displayname
raggi/document-deprecated-approach
dsnet/statestore
awly/version-override
bradfitz/silentdisco_knob
richard/15372
raggi/icmplistener
awly/linux-sudoers-local-admin-poc
release-branch/1.52
soniaappasamy/web-auth-restructure
bradfitz/ipx_set_contains
knyar/derpmesh
irbekrm/chartandcli
richard/15037-2
bradfitz/linuxfw_nil_table
richard/15037
bradfitz/tbug
bradfitz/derp_mesh
will/sonia/web-tailscaled
tyler/serve-status
maisem/ni
maisem/hi
rhea/apple-test
dgentry-nix-flake
dgentry-coverage
c761d10
bradfitz/gocross_wantver
awly/ipnlocal-watchnotifications-clientversion
bradfitz/integration_more_tun
bradfitz/recursive_controlknob
dgentry-authkey
dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31
bm/4via6
bradfitz/sessionactivetimeout
release-branch/1.50
rhea/taildrop-resume
andrew/peercap-ipv6-aaaa
irbekrm/k8sipnftheuristics
irbekrm/kubeipnft
irbekrm/k8sipnft
dgentry-istoreos
knyar/posturemac
irbekrm/egress
raggi/restore-extra-records-dns
aaron/win_process_mitigations
danderson/lru-rollback
clairew/mdm-interface
angott/userdefaults-reader
andrew/bump-esbuild
andrew/netns-more-logging
release-branch/1.48
irbekrm/k8s-autopilot
dsnet/viewer-jsonv2
marwan/altmem_stash
irbekrm/k8s-nftables
marwan/postmem
maisem/fix-deadlock
bradfitz/matrix
irbekrm/egress-dns
bradfitz/wait_unpause
bradfitz/calc_state
irbekrm/svc_conditions
soniaappasamy/fix-test-flake
marwan/servedev
soniaappasamy/fix-web-client-lock
raggi/netfilter-runtime
raggi/netfilter-add-modes
marwan/scmem
bradfitz/ignore_ula
clairew/tstime-net
clairew/tstime-wgengine
bradfitz/tkasig_type
shayne/k8s-serve
bradfitz/gui_netmap
macsys-update
catzkorn/netcheckuout
andrew/doctor-conntrack
tsweb/client-ui
valscale/ptb
raggi/gotoolchain
irbekrm/improve_logout
maisem/doc
rhea/egress
noncombatant/large-int-string
release-branch/1.46
andrew/captive-portal-package
s/pmtud
andrew/derp-bound-latency
andrew/health-state
bradfitz/gokrazy_dns
clairew/use-tstime-etc
bradfitz/negdep
raggi/stunc
raggi/gvisor-hostarch-deptest
crawshaw/art-table
irbekrm/fix_logout_loop
clairew/refactor-new-timer
clairew/test-wrapper-write-file
s/tsnetd
bradfitz/countrycode
crawshaw/stunchild
tom/disco
raggi/v6masq
release-branch/1.42
raggi/heartbeat-timebomb
raggi/derp-probe-stun-loss
raggi/tsdebugger
tom/derp
andrew/ipn-debug-1.42.0
marwan/portlistrefactor
marwan/noconstructor
angott/allow-thunderbolt-bridge
marwan/polleropts
marwan/noconstructor2
andrew/slicesx-deduplicate
unraid-web
release-branch/1.40
kristoffer/enable-mips-pkgs
s/eq
raggi/atomiccloseonce
raggi/bump-goreleaserv2
marwan/tmp
catzkorn/addrsend
raggi/gofuzz
shayne/funnel_cmd
release-branch/1.38
dgentry/atomicfile
tom/tka6
maisem/k8s-cache
azure
andrew/fastjson
crawshaw/lnclose
crawshaw/tsnet1
crawshaw/httpconnect
Xe/tsnet-funnel
dgentry/sniproxy-dns
andrew/util-dnsconfig
andrew/cloudenv-location
release-branch/1.36
aaron/migrate_windows
crawshaw/pidlisten
andrew/router-drop-ula
will/vizerr
danderson/mkversion
crawshaw/activesum
andrew/doctor-scutil
danderson/version-private3
bradfitz/sassy
bradfitz/win_unattended_warning
andrew/hostinfo-HavePortMap
skriptble/ssh-recording-persist
crawshaw/ondemanddomains
danderson/helm
andrew/peer-status-KeyExpiry
bradfitz/noise_debug_more
release-branch/1.34
cloner
danderson/backport
clairew/tsnet_get_own_ip
bradfitz/tidy
raggi/tsweb-compression
bradfitz/fix_ipn_cloner
danderson/bootstrap
will/enforce-hostname
mihaip/delete-all-profiles
release-branch/1.32
shayne/serve_empty_text_handler
bradfitz/hostinfo_ingress_bit
mihaip/logout-async-start
net-audit-log/1.32
bradfitz/set_prefs_locked
mihaip/fas
bradfitz/port_intercept
andrew/net-tsaddr-mapviaaddr
danderson/tsburrito
andrew/tstest-goroutine-ignore
andrew/monitor-link-change
danderson/k8s
andrew/debug-subnet-router
andrew/metrics-distribution
crawshaw/accumulatorcfg
bradfitz/keyboard-interactive
bradfitz/tailpipe
vm
raggi/accept-routes-filter
nyghtowl/tailnet-name2
dsnet/tunstats-v2
buildjet
buildjet-vs-github
andrew/netns-macos-route
walterp-api
andrew/linux-router-v4-disabled
bradfitz/distro_ubuntu
tom/iptables
release-branch/1.30
tom/tka2
andrew/dnscache-debugging-1.22.2
andrew/controlclient-dial
raggi/experiment-queues
bradfitz/u32
ip6tables
catzkorn/derp-benchmark
jwhited/wireguard-go-vectorized-bind
catzkorn/otel-init
bradfitz/appendf
mihaip/js-cli
dsnet/tsweb-499s
bradfitz/deephash_early_exit
crawshaw/xdp
dsnet/logtail-zstd-single-segment
Xe/gitops-pusher-three-version-problem
Xe/gitops-pusher-acl-test-error-output
Xe/gitops-pusher-ffcli
bradfitz/ssh_auth_none_demo
release-branch/1.28
catzkorn/otel-derp
bradfitz/shared_split_dns
nyghtowl/fix-resolved
release-branch/1.26
bradfitz/explicit_empty_test_3808
crawshaw/preservenetinfo
miriah-3808-reset-operator
dsnet/tsnet-logging
mihaip/wasm-taildrop
crawshaw/stunname
bradfitz/wasm_play
bradfitz/dot
bradfitz/tcp_flows
release-branch/1.24
raggi/netstack_fwd_close
bradfitz/netstack_fwd_close
merge-tag
cross-android
bradfitz/kmod
bradfitz/ssh_banner
bradfitz/ping
tom/integration
bradfitz/ssh_policy_earlier
bradfitz/derpy_cast
bradfitz/cli_admin
release-branch/1.22
aaron/go-ole-ref
bradfitz/key_rotation_prep
josh/tswebflags
release-branch/1.20
crawshaw/envtype
danderson/tsweb-server
bradfitz/autocert_force
bradfitz/use_netstack_upstream
Xe/winui-bugreport-without-tailscaled
bradfitz/hostinfo_basically_equal
release-branch/1.18
aaron/loglog
aaron/dnsapc
bradfitz/demo_client_hijack
bradfitz/windns
bradfitz/exit_node_forward_dns
bradfitz/1.18.1
Xe/tailtlsproxy
bradfitz/allsrc
josh/peermap
danderson/ebpf
bradfitz/1_16_stress_netmap
danderson/nodekey-move
danderson/nodekey-delete-old
danderson/nodekey-cleanup
danderson/magicsock-discokey
release-branch/1.16
danderson/magicsock-node-key
crawshaw/updatefallback
release-branch/1.14
bradfitz/1.14
bradfitz/updates
josh/immutable-views
bradfitz/portmap_gh_actions
danderson/kernel-tailscale
bradfitz/win_default_route
release-branch/1.12
jknodt/logging
simenghe/add-tsmpping-call
josh/opt-getstatus
Aadi/speedtest-tailscaled
dsnet/admin-cli
bradfitz/portmap_test
jknodt/portmap_test
upnpdebug
jknodt/upnp_reuse
crawshaw/peerdoh
josh/debug-flake
simenghe/pingresult-work
jknodt/derp_flow
tps/tailscaled
jknodt/vms_ref
jknodt/integ_test
josh/fast-time
josh/coarsetime
bradfitz/derp_flow
release-branch/1.10
josh/io_uring
josh/deflake-pipe-again
Xe/testcontrol-v6
jknodt/io-uring
simenghe/admin-ping-test
jknodt/periodic_probe
simenghe/isoping
Xe/private-logcatcher-in-process
simenghe/tcpnodeping
bradfitz/deephash_methods
crawshaw/deephash
josh/de-select-tstun-wrapper
Xe/debug-nixos-build
simenghe/isoping-experiment
crawshaw/dnswslhackery
jknodt/userderp
jknodt/bw_rep2
crawshaw/wslresolvconf
jknodt/upnp
crawshaw/magicdnsalways
simenghe/flakeresolve
rec_in_use_after_5_sec
bradfitz/acme
release-branch/1.8
simenghe/add-httphandlers-ping
simenghe/add-ping-route-testcontrol-mux
simeng-pingtest
Xe/test-install-script-libvirtd
apenwarr/check184
crawshaw/newbackendserver
adding-address-ips-totestcontrolnode
onebinary
Xe/synology-does-actually-work-with-subnet-routes-til
bradfitz/netstack_port_map
bradfitz/demo_pinger
apenwarr/fixes
apenwarr/relogin
josh/NewIPPort
josh/IPWithPort
bradfitz/integration_tests
josh/opt-dp-wip
bradfitz/ping_notes
bradfitz/dropped_by_filter_logspam
bradfitz/netstack_drop_silent
bradfitz/log_rate_test
bradfitz/issue_1840_rebased_tree
bradfitz/issue_1849_rebased_tree
crawshaw/syno
apenwarr/statefix
apenwarr/statetest
josh/wip/endpoint-serialize
apenwarr/ioslogin
rosszurowski/cli-fix-typo
bradfitz/cli_pretty
bradfitz/win_delete_retry
bradfitz/sleep
naman/netstack-request-logging
naman/ephem-expand-range
bradfitz/macos_progress
bradfitz/ip_of
crawshaw/localapi404
crawshaw/movefiles
crawshaw/socket
crawshaw/cgi
naman/netstack-subnet-routing
josh/wip/create-endpoint-no-public-key
Xe/log-target-registry-key
release-branch/1.6
bradfitz/ipv6_link_local_strip
bradfitz/darwin_gw
Xe/disallow-local-ip-for-exit-node
release-branch/1.4
crawshaw/upjson
bradfitz/proposed_1.4.6
bradfitz/derp_steer
crawshaw/tailscalestatus
Xe/reset-logid-on-logout-login
naman/netstack-incoming
mkramlich/macos-brew2
naman/netstack-outgoing-udp-test
mkramlich/macos-brew
bradfitz/proposed-1.4.5
peske/ifacewatcher
Xe/hello-vr
crawshaw/filchsync
Xe/derphttp-panic-fix
peske/elnotfound
Xe/rel-144-fix-ipv6-broken-in-tests
bradfitz/darwin_creds
josh/longblock
josh/udp-alloc-less
josh/simplify-filch
josh/remove-ipcgetfilter
Xe/envvar-name-TS
Xe/TS-envvar-name
Xe/do-windows-logserver-better
Xe/log-target-flag
crawshaw/ipuint
bradfitz/hello
bradfitz/linux_v6_off
bradfitz/call_me_maybe_eps
bradfitz/api_docs
alexbrainman/use_wg_dns_code
naman/netstack-use-tailscale-ip
josh/debug-TestLikelyHomeRouterIPSyscallExec
noerror-not-notimp
bradfitz/umaskless_permissions
naman/netstack-bump-version
bradfitz/lite_endpoint_update
c22wen/api-docs
bradfitz/grafana_auth_proxy
crawshaw/dnsguid
nix-shell
release-branch/1.2
bradfitz/acl_tags_in_tailscale_status
bradfitz/expiry_spin
josh/no-goroutine-per-udp-read-2
crawshaw/tailcfg
bradfitz/wgengine_monitor_windows_take2
netstat-unsafe
bradfitz/ipn_empty
bradfitz/win_firewall_async
bradfitz/machine_key
apenwarr/faketun
crawshaw/cloner
crawshaw/jsonhandler
c22wen/route-addr
c22wen/magicsock.go
bradfitz/gvisor_netstack
crawshaw/loadtest
dshynkev/dns-autoset
crawshaw/e2etest
bradfitz/win_wpad_pac
release-branch/1.0
bradfitz/linux_default_route_interface
bradfitz/release-branch-1.0
crawshaw/restartlimit
clone
dshynkev/dns-name
dshynkev/dns-refactor
bradfitz/go_vet
crawshaw/tswebextra
crawshaw/pinger2
lzjluzijie/all_proxy
rate-limiting
lzjluzijie/227_http_proxy
crawshaw/rebind
crawshaw/hostinfo
crawshaw/derp-nokeepalives
crawshaw/derptimeout
crawshaw/derpdial2
crawshaw/derpdial
crawshaw/ipn
crawshaw/e2e_test
crawshaw/ipn2
crawshaw/magicsock
crawshaw/magicsock-infping
crawshaw/spray
crawshaw/br1
v1.93.0-pre
v1.92.0
v1.90.9
v1.90.8
v1.90.7
v1.90.6
v1.90.5
v1.90.4
v1.90.3
v1.90.2
v1.90.1
v1.91.0-pre
v1.90.0
v1.88.4
v1.88.3
v1.88.2
v1.88.1
v1.88.0
v1.86.5
v1.86.4
v1.86.3
v1.86.2
v1.86.1
v1.86.0
v1.84.3
v1.84.2
v1.84.1
v1.84.0
v1.82.5
v1.82.4
v1.82.3
v1.82.2
v1.80.3
v1.80.2
v1.80.1
v1.80.0
v1.78.3
v1.78.2
v1.78.1
v1.78.0
v1.77.0-pre
v1.76.6
v1.76.3
v1.76.1
v1.76.0
v1.74.1
v1.74.0
v1.72.1
v1.72.0
v1.70.0
v1.68.2
v1.68.1
v1.68.0
v1.66.4
v1.66.3
v1.66.2
v1.66.1
v1.66.0
v1.64.2
v1.64.1
v1.64.0
v1.62.1
v1.62.0
v1.60.1
v1.60.0
v1.58.2
v1.58.1
v1.58.0
v1.44.3
v1.56.1
v1.56.0
v1.54.1
v1.54.0
v1.52.1
v1.52.0
v1.50.1
v1.50.0
v1.48.2
v1.48.1
v1.48.0
v1.46.1
v1.46.0
v1.44.2
v1.44.0
v1.42.1
v1.42.0
v1.40.1
v1.40.0
v1.38.4
v1.38.3
v1.38.2
v1.38.1
v1.38.0
v1.36.2
v1.36.1
v1.36.0
v1.34.2
v1.34.1
v1.34.0
v1.32.3
v1.32.2
v1.32.1
v1.32.0
v1.30.2
v1.30.1
v1.30.0
v1.28.0
v1.26.2
v1.26.1
v1.26.0
v1.24.2
v1.24.1
v1.24.0
v1.22.2
v1.22.1
v1.22.0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.18.2
v1.18.1
v1.18.0
v1.16.2
v1.16.1
v1.16.0
v1.14.6
v1.14.5
v1.14.4
v1.14.3
v1.14.0
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.10.2
v1.10.1
v1.10.0
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.6.0
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.2.10
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.1.0
v1.0.0
v0.100.0
v0.99.1
v0.99.0
v0.98.1
v0.98
v0.98.0
v0.97
v0.96.1
v0.96
coral-gitops
gitops-1.30.0
gitops-1.58.2
nginx-auth-0.1.2
v0.100.0-107
v0.100.0-153
v1.61.0-pre
v1.63.0-pre
v1.65.0-pre
v1.67.0-pre
v1.69.0-pre
v1.71.0-pre
v1.73.0-pre
v1.75.0-pre
v1.79.0-pre
v1.81.0-pre
v1.82.0
v1.83.0-pre
v1.85.0-pre
v1.87.0-pre
v1.89.0-pre
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '576aacd459'
${ noResults }
tailscale/cmd/tailscale/cli/serve_v2_test.go

2347 lines
64 KiB
Go
Raw Blame History

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
package cli
import (
"bytes"
"context"
"encoding/json"
"fmt"
"net/netip"
"os"
"path/filepath"
"reflect"
"slices"
"strconv"
"strings"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/peterbourgon/ff/v3/ffcli"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnstate"
"tailscale.com/tailcfg"
"tailscale.com/types/views"
)
func TestServeDevConfigMutations(t *testing.T) {
// step is a stateful mutation within a group
type step struct {
command []string // serve args; nil means no command to run (only reset)
want *ipn.ServeConfig // non-nil means we want a save of this value
wantErr func(error) (badErrMsg string) // nil means no error is wanted
}
// group is a group of steps that share the same
// config mutation
type group struct {
name string
steps []step
initialState fakeLocalServeClient // use the zero value for empty config
}
// creaet a temporary directory for path-based destinations
td := t.TempDir()
writeFile := func(suffix, contents string) {
if err := os.WriteFile(filepath.Join(td, suffix), []byte(contents), 0600); err != nil {
t.Fatal(err)
}
}
writeFile("foo", "this is foo")
err := os.MkdirAll(filepath.Join(td, "subdir"), 0700)
if err != nil {
t.Fatal(err)
}
writeFile("subdir/file-a", "this is subdir")
groups := [...]group{
{
name: "using_port_number",
steps: []step{{
command: cmd("funnel --bg 3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://127.0.0.1:3000"},
}},
},
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:443": true},
},
}},
},
{
name: "funnel_background",
steps: []step{{
command: cmd("funnel --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:443": true},
},
}},
},
{
name: "serve_background",
steps: []step{{
command: cmd("serve --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
}},
},
{
name: "set_path_bg",
steps: []step{{
command: cmd("serve --set-path=/ --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
}},
},
{
name: "http_listener",
steps: []step{{
command: cmd("serve --bg --http=80 localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
}},
},
{
name: "https_listener_valid_port",
steps: []step{{
command: cmd("serve --bg --https=8443 localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
}},
},
{
name: "multiple_http_with_off",
steps: []step{
{
command: cmd("serve --http=80 --bg http://localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // support non Funnel port
command: cmd("serve --bg --http=9999 --set-path=/abc http://localhost:3001"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}, 9999: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:9999": {Handlers: map[string]*ipn.HTTPHandler{
"/abc": {Proxy: "http://localhost:3001"},
}},
},
},
},
{ // turn off one handler
command: cmd("serve --bg --http=9999 --set-path=/abc off"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // add another handler
command: cmd("serve --bg --http=8080 --set-path=/abc http://127.0.0.1:3001"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}, 8080: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8080": {Handlers: map[string]*ipn.HTTPHandler{
"/abc": {Proxy: "http://127.0.0.1:3001"},
}},
},
},
},
},
},
{
name: "invalid_port_too_low",
steps: []step{{
command: cmd("serve --https=443 --bg http://localhost:0"), // invalid port, too low
wantErr: anyErr(),
}},
},
{
name: "invalid_port_too_high",
steps: []step{{
command: cmd("serve --https=443 --bg http://localhost:65536"), // invalid port, too high
wantErr: anyErr(),
}},
},
{
name: "invalid_mount_port_too_high",
steps: []step{{
command: cmd("serve --https=65536 --bg http://localhost:3000"), // invalid port, too high
wantErr: anyErr(),
}},
},
{
name: "invalid_host",
steps: []step{{
command: cmd("serve --https=443 --bg http://somehost:3000"), // invalid host
wantErr: anyErr(),
}},
},
{
name: "invalid_scheme",
steps: []step{{
command: cmd("serve --https=443 --bg httpz://127.0.0.1"), // invalid scheme
wantErr: anyErr(),
}},
},
{
name: "turn_off_https",
steps: []step{
{
command: cmd("serve --bg --https=443 http://localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --bg --https=9999 --set-path=/abc http://localhost:3001"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 9999: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:9999": {Handlers: map[string]*ipn.HTTPHandler{
"/abc": {Proxy: "http://localhost:3001"},
}},
},
},
},
{
command: cmd("serve --bg --https=9999 --set-path=/abc off"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --bg --https=8443 --set-path=/abc http://127.0.0.1:3001"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/abc": {Proxy: "http://127.0.0.1:3001"},
}},
},
},
},
},
},
{
name: "https_text_bg",
steps: []step{{
command: cmd("serve --bg --https=10000 text:hi"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{10000: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:10000": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Text: "hi"},
}},
},
},
}},
},
{
name: "handler_not_found",
steps: []step{{
command: cmd("serve --https=443 --set-path=/foo off"),
want: nil, // nothing to save
wantErr: anyErr(),
}},
},
{
name: "clean_mount", // "bar" becomes "/bar"
steps: []step{{
command: cmd("serve --bg --https=443 --set-path=bar https://127.0.0.1:8443"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/bar": {Proxy: "https://127.0.0.1:8443"},
}},
},
},
}},
},
{
name: "serve_reset",
steps: []step{
{
command: cmd("serve --bg --https=443 --set-path=bar https://127.0.0.1:8443"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/bar": {Proxy: "https://127.0.0.1:8443"},
}},
},
},
},
{
command: cmd("serve reset"),
want: &ipn.ServeConfig{},
},
},
},
{
name: "https_insecure",
steps: []step{{
command: cmd("serve --bg --https=443 https+insecure://127.0.0.1:3001"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "https+insecure://127.0.0.1:3001"},
}},
},
},
}},
},
{
name: "two_ports_same_dest",
steps: []step{
{
command: cmd("serve --bg --https=443 --set-path=/foo localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/foo": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --bg --https=8443 --set-path=/foo localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/foo": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/foo": {Proxy: "http://localhost:3000"},
}},
},
},
},
},
},
{
name: "path_in_dest",
steps: []step{{
command: cmd("serve --bg --https=443 http://127.0.0.1:3000/foo/bar"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://127.0.0.1:3000/foo/bar"},
}},
},
},
}},
},
{
name: "unknown_host_tcp",
steps: []step{{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://somehost:5432"),
wantErr: exactErrMsg(errHelp),
}},
},
{
name: "tcp_port_too_low",
steps: []step{{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://somehost:0"),
wantErr: exactErrMsg(errHelp),
}},
},
{
name: "tcp_port_too_high",
steps: []step{{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://somehost:65536"),
wantErr: exactErrMsg(errHelp),
}},
},
{
name: "tcp_shorthand",
steps: []step{{
command: cmd("serve --tls-terminated-tcp=443 --bg 5432"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {
TCPForward: "127.0.0.1:5432",
TerminateTLS: "foo.test.ts.net",
},
},
},
}},
},
{
name: "tls_terminated_tcp",
steps: []step{
{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://localhost:5432"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {
TCPForward: "localhost:5432",
TerminateTLS: "foo.test.ts.net",
},
},
},
},
{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://127.0.0.1:8443"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {
TCPForward: "127.0.0.1:8443",
TerminateTLS: "foo.test.ts.net",
},
},
},
},
},
},
{
name: "tcp_off",
steps: []step{
{
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://localhost:123"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {
TCPForward: "localhost:123",
TerminateTLS: "foo.test.ts.net",
},
},
},
},
{ // handler doesn't exist
command: cmd("serve --tls-terminated-tcp=8443 off"),
wantErr: anyErr(),
},
{
command: cmd("serve --tls-terminated-tcp=443 off"),
want: &ipn.ServeConfig{},
},
},
},
{
name: "text",
steps: []step{{
command: cmd("serve --https=443 --bg text:hello"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Text: "hello"},
}},
},
},
}},
},
{
name: "path",
steps: []step{
{
command: cmd("serve --https=443 --bg " + filepath.Join(td, "foo")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Path: filepath.Join(td, "foo")},
}},
},
},
},
{
command: cmd("serve --bg --https=443 --set-path=/some/where " + filepath.Join(td, "subdir/file-a")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Path: filepath.Join(td, "foo")},
"/some/where": {Path: filepath.Join(td, "subdir/file-a")},
}},
},
},
},
},
},
{
name: "bad_path",
steps: []step{{
command: cmd("serve --bg --https=443 bad/path"),
wantErr: exactErrMsg(errHelp),
}},
},
{
name: "path_off",
steps: []step{
{
command: cmd("serve --bg --https=443 " + filepath.Join(td, "subdir")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Path: filepath.Join(td, "subdir/")},
}},
},
},
},
{
command: cmd("serve --bg --https=443 off"),
want: &ipn.ServeConfig{},
},
},
},
{
name: "combos",
steps: []step{
{
command: cmd("serve --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // enable funnel for primary port
command: cmd("funnel --bg localhost:3000"),
want: &ipn.ServeConfig{
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:443": true},
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // serving on secondary port doesn't change funnel on primary port
command: cmd("serve --bg --https=8443 --set-path=/bar localhost:3001"),
want: &ipn.ServeConfig{
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:443": true},
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/bar": {Proxy: "http://localhost:3001"},
}},
},
},
},
{ // turn funnel on for secondary port
command: cmd("funnel --bg --https=8443 --set-path=/bar localhost:3001"),
want: &ipn.ServeConfig{
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:443": true, "foo.test.ts.net:8443": true},
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/bar": {Proxy: "http://localhost:3001"},
}},
},
},
},
{ // turn funnel off for primary port 443
command: cmd("serve --bg localhost:3000"),
want: &ipn.ServeConfig{
AllowFunnel: map[ipn.HostPort]bool{"foo.test.ts.net:8443": true},
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
"foo.test.ts.net:8443": {Handlers: map[string]*ipn.HTTPHandler{
"/bar": {Proxy: "http://localhost:3001"},
}},
},
},
},
{ // remove secondary port
command: cmd("serve --bg --https=8443 --set-path=/bar off"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // start a tcp forwarder on 8443
command: cmd("serve --bg --tcp=8443 tcp://localhost:5432"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}, 8443: {TCPForward: "localhost:5432"}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // remove primary port http handler
command: cmd("serve off"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{8443: {TCPForward: "localhost:5432"}},
},
},
{ // remove tcp forwarder
command: cmd("serve --tls-terminated-tcp=8443 off"),
want: &ipn.ServeConfig{},
},
},
},
{
name: "tricky_steps",
steps: []step{
{ // a directory with a trailing slash mount point
command: cmd("serve --bg --https=443 --set-path=/dir " + filepath.Join(td, "subdir")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/dir/": {Path: filepath.Join(td, "subdir/")},
}},
},
},
},
{ // this should overwrite the previous one
command: cmd("serve --bg --https=443 --set-path=/dir " + filepath.Join(td, "foo")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/dir": {Path: filepath.Join(td, "foo")},
}},
},
},
},
{ // reset and do opposite
command: cmd("serve reset"),
want: &ipn.ServeConfig{},
},
{ // a file without a trailing slash mount point
command: cmd("serve --bg --https=443 --set-path=/dir " + filepath.Join(td, "foo")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/dir": {Path: filepath.Join(td, "foo")},
}},
},
},
},
{ // this should overwrite the previous one
command: cmd("serve --bg --https=443 --set-path=/dir " + filepath.Join(td, "subdir")),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/dir/": {Path: filepath.Join(td, "subdir/")},
}},
},
},
},
},
},
{
name: "cannot_override_tcp_with_http",
steps: []step{
{ // tcp forward 5432 on serve port 443
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://localhost:5432"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {
TCPForward: "localhost:5432",
TerminateTLS: "foo.test.ts.net",
},
},
},
},
{
command: cmd("serve --https=443 --bg localhost:3000"),
wantErr: anyErr(),
},
},
},
{
name: "cannot_override_http_with_tcp",
steps: []step{
{
command: cmd("serve --https=443 --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{ // try to start a tcp forwarder on the same serve port
command: cmd("serve --tls-terminated-tcp=443 --bg tcp://localhost:5432"),
wantErr: anyErr(),
},
},
},
{
name: "turn_off_multiple_handlers",
steps: []step{
{
command: cmd("serve --https=4545 --set-path=/foo --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{4545: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:4545": {Handlers: map[string]*ipn.HTTPHandler{
"/foo": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --https=4545 --set-path=/bar --bg localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{4545: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:4545": {Handlers: map[string]*ipn.HTTPHandler{
"/foo": {Proxy: "http://localhost:3000"},
"/bar": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --https=4545 --bg --yes localhost:3000 off"),
want: &ipn.ServeConfig{},
},
},
},
{
name: "no_http_with_funnel",
steps: []step{
{
command: cmd("funnel --http=80 3000"),
// error parsing commandline arguments: flag provided but not defined: -http
wantErr: anyErr(),
},
},
},
{
name: "forground_with_bg_conflict",
steps: []step{
{
command: cmd("serve --bg --http=3000 localhost:3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{3000: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:3000": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
}},
},
},
},
{
command: cmd("serve --http=3000 localhost:3000"),
wantErr: exactErrMsg(fmt.Errorf(backgroundExistsMsg, "serve", "http", 3000)),
},
},
},
{
name: "advertise_service",
initialState: fakeLocalServeClient{
statusWithoutPeers: &ipnstate.Status{
BackendState: ipn.Running.String(),
Self: &ipnstate.PeerStatus{
DNSName: "foo.test.ts.net",
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrFunnel: nil,
tailcfg.CapabilityFunnelPorts + "?ports=443,8443": nil,
},
Tags: ptrToReadOnlySlice([]string{"some-tag"}),
},
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
},
steps: []step{{
command: cmd("serve --service=svc:foo --http=80 text:foo"),
want: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {Handlers: map[string]*ipn.HTTPHandler{
"/": {Text: "foo"},
}},
},
},
},
},
}},
},
{
name: "advertise_service_from_untagged_node",
steps: []step{{
command: cmd("serve --service=svc:foo --http=80 text:foo"),
wantErr: anyErr(),
}},
},
{
name: "forward_grant_header",
steps: []step{
{
command: cmd("serve --bg --usercaps=example.com/cap/foo 3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {
Proxy: "http://127.0.0.1:3000",
UserCaps: []tailcfg.PeerCapability{"example.com/cap/foo"},
},
}},
},
},
},
{
command: cmd("serve --bg --usercaps=example.com/cap/foo --usercaps=example.com/cap/bar 3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {
Proxy: "http://127.0.0.1:3000",
UserCaps: []tailcfg.PeerCapability{"example.com/cap/foo", "example.com/cap/bar"},
},
}},
},
},
},
{
command: cmd("serve --bg --usercaps=example.com/cap/bar 3000"),
want: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
"/": {
Proxy: "http://127.0.0.1:3000",
UserCaps: []tailcfg.PeerCapability{"example.com/cap/bar"},
},
}},
},
},
},
},
},
}
for _, group := range groups {
t.Run(group.name, func(t *testing.T) {
lc := group.initialState
for i, st := range group.steps {
var stderr bytes.Buffer
var stdout bytes.Buffer
var flagOut bytes.Buffer
e := &serveEnv{
lc: &lc,
testFlagOut: &flagOut,
testStdout: &stdout,
testStderr: &stderr,
}
lastCount := lc.setCount
var cmd *ffcli.Command
var args []string
mode := serve
if st.command[0] == "funnel" {
mode = funnel
}
cmd = newServeV2Command(e, mode)
args = st.command[1:]
err := cmd.ParseAndRun(context.Background(), args)
if flagOut.Len() > 0 {
t.Logf("flag package output: %q", flagOut.Bytes())
}
if err != nil {
if st.wantErr == nil {
t.Fatalf("step #%d: unexpected error: %v", i, err)
}
if bad := st.wantErr(err); bad != "" {
t.Fatalf("step #%d: unexpected error: %v", i, bad)
}
continue
}
if st.wantErr != nil {
t.Fatalf("step #%d: got success (saved=%v), but wanted an error", i, lc.config != nil)
}
var got *ipn.ServeConfig = nil
if lc.setCount > lastCount {
got = lc.config
}
if !reflect.DeepEqual(got, st.want) {
gotbts, _ := json.MarshalIndent(got, "", "\t")
wantbts, _ := json.MarshalIndent(st.want, "", "\t")
t.Fatalf("step: %d, cmd: %v, diff:\n%s", i, st.command, cmp.Diff(string(gotbts), string(wantbts)))
}
}
})
}
}
func TestValidateConfig(t *testing.T) {
tests := [...]struct {
name string
desc string
cfg *ipn.ServeConfig
svc tailcfg.ServiceName
servePort uint16
serveType serveType
bg bgBoolFlag
wantErr bool
}{
{
name: "nil_config",
desc: "when config is nil, all requests valid",
cfg: nil,
servePort: 3000,
serveType: serveTypeHTTPS,
},
{
name: "new_bg_tcp",
desc: "no error when config exists but we're adding a new bg tcp port",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTPS: true},
},
},
bg: bgBoolFlag{true, false},
servePort: 10000,
serveType: serveTypeHTTPS,
},
{
name: "override_bg_tcp",
desc: "no error when overwriting previous port under the same serve type",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {TCPForward: "http://localhost:4545"},
},
},
bg: bgBoolFlag{true, false},
servePort: 443,
serveType: serveTypeTCP,
},
{
name: "override_bg_tcp",
desc: "error when overwriting previous port under a different serve type",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTPS: true},
},
},
bg: bgBoolFlag{true, false},
servePort: 443,
serveType: serveTypeHTTP,
wantErr: true,
},
{
name: "new_fg_port",
desc: "no error when serving a new foreground port",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTPS: true},
},
Foreground: map[string]*ipn.ServeConfig{
"abc123": {
TCP: map[uint16]*ipn.TCPPortHandler{
3000: {HTTPS: true},
},
},
},
},
servePort: 4040,
serveType: serveTypeTCP,
},
{
name: "same_fg_port",
desc: "error when overwriting a previous fg port",
cfg: &ipn.ServeConfig{
Foreground: map[string]*ipn.ServeConfig{
"abc123": {
TCP: map[uint16]*ipn.TCPPortHandler{
3000: {HTTPS: true},
},
},
},
},
servePort: 3000,
serveType: serveTypeTCP,
wantErr: true,
},
{
name: "new_service_tcp",
desc: "no error when adding a new service port",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
},
},
},
svc: "svc:foo",
servePort: 8080,
serveType: serveTypeTCP,
},
{
name: "override_service_tcp",
desc: "no error when overwriting a previous service port",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
443: {TCPForward: "http://localhost:4545"},
},
},
},
},
svc: "svc:foo",
servePort: 443,
serveType: serveTypeTCP,
},
{
name: "override_service_tcp",
desc: "error when overwriting a previous service port with a different serve type",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTPS: true},
},
},
},
},
svc: "svc:foo",
servePort: 443,
serveType: serveTypeHTTP,
wantErr: true,
},
{
name: "override_service_tcp",
desc: "error when setting previous tcp service to tun mode",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
443: {TCPForward: "http://localhost:4545"},
},
},
},
},
svc: "svc:foo",
serveType: serveTypeTUN,
wantErr: true,
},
{
name: "override_service_tun",
desc: "error when setting previous tun service to tcp forwarder",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
Tun: true,
},
},
},
svc: "svc:foo",
serveType: serveTypeTCP,
servePort: 443,
wantErr: true,
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
se := serveEnv{bg: tc.bg}
err := se.validateConfig(tc.cfg, tc.servePort, tc.serveType, tc.svc)
if err == nil && tc.wantErr {
t.Fatal("expected an error but got nil")
}
if err != nil && !tc.wantErr {
t.Fatalf("expected no error but got: %v", err)
}
})
}
}
func TestSrcTypeFromFlags(t *testing.T) {
tests := []struct {
name string
env *serveEnv
expectedType serveType
expectedPort uint16
expectedErr bool
}{
{
name: "only http set",
env: &serveEnv{http: 80},
expectedType: serveTypeHTTP,
expectedPort: 80,
expectedErr: false,
},
{
name: "only https set",
env: &serveEnv{https: 10000},
expectedType: serveTypeHTTPS,
expectedPort: 10000,
expectedErr: false,
},
{
name: "only tcp set",
env: &serveEnv{tcp: 8000},
expectedType: serveTypeTCP,
expectedPort: 8000,
expectedErr: false,
},
{
name: "only tls-terminated-tcp set",
env: &serveEnv{tlsTerminatedTCP: 8080},
expectedType: serveTypeTLSTerminatedTCP,
expectedPort: 8080,
expectedErr: false,
},
{
name: "defaults to https, port 443",
env: &serveEnv{},
expectedType: serveTypeHTTPS,
expectedPort: 443,
expectedErr: false,
},
{
name: "defaults to https, port 443 for service",
env: &serveEnv{service: "svc:foo"},
expectedType: serveTypeHTTPS,
expectedPort: 443,
expectedErr: false,
},
{
name: "multiple types set",
env: &serveEnv{http: 80, https: 443},
expectedPort: 0,
expectedErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
srcType, srcPort, err := srvTypeAndPortFromFlags(tt.env)
if (err != nil) != tt.expectedErr {
t.Errorf("Expected error: %v, got: %v", tt.expectedErr, err)
}
if srcType != tt.expectedType {
t.Errorf("Expected srcType: %s, got: %s", tt.expectedType.String(), srcType)
}
if srcPort != tt.expectedPort {
t.Errorf("Expected srcPort: %d, got: %d", tt.expectedPort, srcPort)
}
})
}
}
func TestCleanURLPath(t *testing.T) {
tests := []struct {
input string
expected string
wantErr bool
}{
{input: "", expected: "/"},
{input: "/", expected: "/"},
{input: "/foo", expected: "/foo"},
{input: "/foo/", expected: "/foo/"},
{input: "/../bar", wantErr: true},
}
for _, tt := range tests {
t.Run(tt.input, func(t *testing.T) {
actual, err := cleanURLPath(tt.input)
if tt.wantErr == true && err == nil {
t.Errorf("Expected an error but got none")
return
}
if tt.wantErr == false && err != nil {
t.Errorf("Got an error, but didn't expect one: %v", err)
return
}
if actual != tt.expected {
t.Errorf("Got: %q; expected: %q", actual, tt.expected)
}
})
}
}
func TestAddServiceToPrefs(t *testing.T) {
tests := []struct {
name string
svcName tailcfg.ServiceName
startServices []string
expected []string
}{
{
name: "add service to empty prefs",
svcName: "svc:foo",
expected: []string{"svc:foo"},
},
{
name: "add service to existing prefs",
svcName: "svc:bar",
startServices: []string{"svc:foo"},
expected: []string{"svc:foo", "svc:bar"},
},
{
name: "add existing service to prefs",
svcName: "svc:foo",
startServices: []string{"svc:foo"},
expected: []string{"svc:foo"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
lc := &fakeLocalServeClient{}
ctx := t.Context()
lc.EditPrefs(ctx, &ipn.MaskedPrefs{
AdvertiseServicesSet: true,
Prefs: ipn.Prefs{
AdvertiseServices: tt.startServices,
},
})
e := &serveEnv{lc: lc, bg: bgBoolFlag{true, false}}
err := e.addServiceToPrefs(ctx, tt.svcName)
if err != nil {
t.Fatalf("addServiceToPrefs(%q) returned unexpected error: %v", tt.svcName, err)
}
if !slices.Equal(lc.prefs.AdvertiseServices, tt.expected) {
t.Errorf("addServiceToPrefs(%q) = %v, want %v", tt.svcName, lc.prefs.AdvertiseServices, tt.expected)
}
})
}
}
func TestRemoveServiceFromPrefs(t *testing.T) {
tests := []struct {
name string
svcName tailcfg.ServiceName
startServices []string
expected []string
}{
{
name: "remove service from empty prefs",
svcName: "svc:foo",
expected: []string{},
},
{
name: "remove existing service from prefs",
svcName: "svc:foo",
startServices: []string{"svc:foo"},
expected: []string{},
},
{
name: "remove service not in prefs",
svcName: "svc:bar",
startServices: []string{"svc:foo"},
expected: []string{"svc:foo"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
lc := &fakeLocalServeClient{}
ctx := t.Context()
lc.EditPrefs(ctx, &ipn.MaskedPrefs{
AdvertiseServicesSet: true,
Prefs: ipn.Prefs{
AdvertiseServices: tt.startServices,
},
})
e := &serveEnv{lc: lc, bg: bgBoolFlag{true, false}}
err := e.removeServiceFromPrefs(ctx, tt.svcName)
if err != nil {
t.Fatalf("removeServiceFromPrefs(%q) returned unexpected error: %v", tt.svcName, err)
}
if !slices.Equal(lc.prefs.AdvertiseServices, tt.expected) {
t.Errorf("removeServiceFromPrefs(%q) = %v, want %v", tt.svcName, lc.prefs.AdvertiseServices, tt.expected)
}
})
}
}
func TestMessageForPort(t *testing.T) {
svcIPMap := tailcfg.ServiceIPMappings{
"svc:foo": []netip.Addr{
netip.MustParseAddr("100.101.101.101"),
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:cd96:6565:6565"),
},
}
svcIPMapJSON, _ := json.Marshal(svcIPMap)
svcIPMapJSONRawMSG := tailcfg.RawMessage(svcIPMapJSON)
tests := []struct {
name string
subcmd serveMode
serveConfig *ipn.ServeConfig
status *ipnstate.Status
prefs *ipn.Prefs
dnsName string
srvType serveType
srvPort uint16
expected string
}{
{
name: "funnel-https",
subcmd: funnel,
serveConfig: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTPS: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:443": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://127.0.0.1:3000"},
},
},
},
AllowFunnel: map[ipn.HostPort]bool{
"foo.test.ts.net:443": true,
},
},
status: &ipnstate.Status{CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"}},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTPS,
srvPort: 443,
expected: strings.Join([]string{
msgFunnelAvailable,
"",
"https://foo.test.ts.net/",
"|-- proxy http://127.0.0.1:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Funnel"),
fmt.Sprintf(msgDisableProxy, "funnel", "https", 443),
}, "\n"),
},
{
name: "serve-http",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
443: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://127.0.0.1:3000"},
},
},
},
},
status: &ipnstate.Status{CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"}},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
expected: strings.Join([]string{
msgServeAvailable,
"",
"https://foo.test.ts.net:80/",
"|-- proxy http://127.0.0.1:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Serve"),
fmt.Sprintf(msgDisableProxy, "serve", "http", 80),
}, "\n"),
},
{
name: "serve service http",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
status: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
Self: &ipnstate.PeerStatus{
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrServiceHost: []tailcfg.RawMessage{svcIPMapJSONRawMSG},
},
},
},
prefs: &ipn.Prefs{
AdvertiseServices: []string{"svc:foo"},
},
dnsName: "svc:foo",
srvType: serveTypeHTTP,
srvPort: 80,
expected: strings.Join([]string{
msgServeAvailable,
"",
"http://foo.test.ts.net/",
"|-- proxy http://localhost:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Serve"),
fmt.Sprintf(msgDisableServiceProxy, "svc:foo", "http", 80),
fmt.Sprintf(msgDisableService, "svc:foo"),
}, "\n"),
},
{
name: "serve service no capmap",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
status: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
Self: &ipnstate.PeerStatus{
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrServiceHost: []tailcfg.RawMessage{svcIPMapJSONRawMSG},
},
},
},
prefs: &ipn.Prefs{
AdvertiseServices: []string{"svc:bar"},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
expected: strings.Join([]string{
fmt.Sprintf(msgServiceWaitingApproval, "svc:bar"),
"",
"http://bar.test.ts.net/",
"|-- proxy http://localhost:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Serve"),
fmt.Sprintf(msgDisableServiceProxy, "svc:bar", "http", 80),
fmt.Sprintf(msgDisableService, "svc:bar"),
}, "\n"),
},
{
name: "serve service https non-default port",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
2200: {HTTPS: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:2200": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
status: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
Self: &ipnstate.PeerStatus{
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrServiceHost: []tailcfg.RawMessage{svcIPMapJSONRawMSG},
},
},
},
prefs: &ipn.Prefs{AdvertiseServices: []string{"svc:foo"}},
dnsName: "svc:foo",
srvType: serveTypeHTTPS,
srvPort: 2200,
expected: strings.Join([]string{
msgServeAvailable,
"",
"https://foo.test.ts.net:2200/",
"|-- proxy http://localhost:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Serve"),
fmt.Sprintf(msgDisableServiceProxy, "svc:foo", "https", 2200),
fmt.Sprintf(msgDisableService, "svc:foo"),
}, "\n"),
},
{
name: "serve service TCPForward",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
TCP: map[uint16]*ipn.TCPPortHandler{
2200: {TCPForward: "localhost:3000"},
},
},
},
},
status: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
Self: &ipnstate.PeerStatus{
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrServiceHost: []tailcfg.RawMessage{svcIPMapJSONRawMSG},
},
},
},
prefs: &ipn.Prefs{AdvertiseServices: []string{"svc:foo"}},
dnsName: "svc:foo",
srvType: serveTypeTCP,
srvPort: 2200,
expected: strings.Join([]string{
msgServeAvailable,
"",
"|-- tcp://foo.test.ts.net:2200 (TLS over TCP)",
"|-- tcp://100.101.101.101:2200",
"|-- tcp://[fd7a:115c:a1e0:ab12:4843:cd96:6565:6565]:2200",
"|--> tcp://localhost:3000",
"",
fmt.Sprintf(msgRunningInBackground, "Serve"),
fmt.Sprintf(msgDisableServiceProxy, "svc:foo", "tcp", 2200),
fmt.Sprintf(msgDisableService, "svc:foo"),
}, "\n"),
},
{
name: "serve service Tun",
subcmd: serve,
serveConfig: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:foo": {
Tun: true,
},
},
},
status: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
Self: &ipnstate.PeerStatus{
CapMap: tailcfg.NodeCapMap{
tailcfg.NodeAttrServiceHost: []tailcfg.RawMessage{svcIPMapJSONRawMSG},
},
},
},
prefs: &ipn.Prefs{AdvertiseServices: []string{"svc:foo"}},
dnsName: "svc:foo",
srvType: serveTypeTUN,
expected: strings.Join([]string{
msgServeAvailable,
"",
fmt.Sprintf(msgRunningTunService, "foo.test.ts.net"),
fmt.Sprintf(msgDisableServiceTun, "svc:foo"),
fmt.Sprintf(msgDisableService, "svc:foo"),
}, "\n"),
},
}
for _, tt := range tests {
e := &serveEnv{bg: bgBoolFlag{true, false}, subcmd: tt.subcmd}
t.Run(tt.name, func(t *testing.T) {
actual := e.messageForPort(tt.serveConfig, tt.status, tt.dnsName, tt.srvType, tt.srvPort)
if actual == "" {
t.Errorf("Got empty message")
}
if actual != tt.expected {
t.Errorf("\nGot: %q\nExpected: %q", actual, tt.expected)
}
})
}
}
func TestIsLegacyInvocation(t *testing.T) {
tests := []struct {
subcmd serveMode
args []string
expected bool
translation string
}{
{
subcmd: serve,
args: []string{"https", "/", "localhost:3000"},
expected: true,
translation: "tailscale serve --bg localhost:3000",
},
{
subcmd: serve,
args: []string{"https", "/", "localhost:3000", "off"},
expected: true,
translation: "tailscale serve --bg localhost:3000 off",
},
{
subcmd: serve,
args: []string{"https", "/", "off"},
expected: true,
translation: "tailscale serve --bg off",
},
{
subcmd: serve,
args: []string{"https:4545", "/foo", "off"},
expected: true,
translation: "tailscale serve --bg --https 4545 --set-path /foo off",
},
{
subcmd: serve,
args: []string{"https:4545", "/foo", "localhost:9090", "off"},
expected: true,
translation: "tailscale serve --bg --https 4545 --set-path /foo localhost:9090 off",
},
{
subcmd: serve,
args: []string{"https:8443", "/", "localhost:3000"},
expected: true,
translation: "tailscale serve --bg --https 8443 localhost:3000",
},
{
subcmd: serve,
args: []string{"http", "/", "localhost:3000"},
expected: true,
translation: "tailscale serve --bg --http 80 localhost:3000",
},
{
subcmd: serve,
args: []string{"http:80", "/", "localhost:3000"},
expected: true,
translation: "tailscale serve --bg --http 80 localhost:3000",
},
{
subcmd: serve,
args: []string{"https:10000", "/motd.txt", `text:Hello, world!`},
expected: true,
translation: `tailscale serve --bg --https 10000 --set-path /motd.txt "text:Hello, world!"`,
},
{
subcmd: serve,
args: []string{"tcp:2222", "tcp://localhost:22"},
expected: true,
translation: "tailscale serve --bg --tcp 2222 tcp://localhost:22",
},
{
subcmd: serve,
args: []string{"tls-terminated-tcp:443", "tcp://localhost:80"},
expected: true,
translation: "tailscale serve --bg --tls-terminated-tcp 443 tcp://localhost:80",
},
{
subcmd: funnel,
args: []string{"443", "on"},
expected: true,
},
{
subcmd: funnel,
args: []string{"443", "off"},
expected: true,
},
{
subcmd: serve,
args: []string{"3000"},
expected: false,
},
{
subcmd: serve,
args: []string{"localhost:3000"},
expected: false,
},
}
for idx, tt := range tests {
t.Run(strconv.Itoa(idx), func(t *testing.T) {
gotTranslation, actual := isLegacyInvocation(tt.subcmd, tt.args)
if actual != tt.expected {
t.Fatalf("got: %v; expected: %v", actual, tt.expected)
}
if gotTranslation != tt.translation {
t.Fatalf("expected translaction to be %q but got %q", tt.translation, gotTranslation)
}
})
}
}
func TestSetServe(t *testing.T) {
e := &serveEnv{}
magicDNSSuffix := "test.ts.net"
tests := []struct {
name string
desc string
cfg *ipn.ServeConfig
st *ipnstate.Status
dnsName string
srvType serveType
srvPort uint16
mountPath string
target string
allowFunnel bool
expected *ipn.ServeConfig
expectErr bool
}{
{
name: "add new handler",
desc: "add a new http handler to empty config",
cfg: &ipn.ServeConfig{},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3000",
expected: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
{
name: "update http handler",
desc: "update an existing http handler on the same port to same type",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3001",
expected: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3001"},
},
},
},
},
},
{
name: "update TCP handler",
desc: "update an existing TCP handler on the same port to a http handler",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{80: {TCPForward: "http://localhost:3000"}},
},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3001",
expectErr: true,
},
{
name: "add new service handler",
desc: "add a new service TCP handler to empty config",
cfg: &ipn.ServeConfig{},
dnsName: "svc:bar",
srvType: serveTypeTCP,
srvPort: 80,
target: "3000",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {TCPForward: "127.0.0.1:3000"}},
},
},
},
},
{
name: "update service handler",
desc: "update an existing service TCP handler on the same port to same type",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {TCPForward: "127.0.0.1:3000"}},
},
},
},
dnsName: "svc:bar",
srvType: serveTypeTCP,
srvPort: 80,
target: "3001",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {TCPForward: "127.0.0.1:3001"}},
},
},
},
},
{
name: "update service handler",
desc: "update an existing service TCP handler on the same port to a http handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {TCPForward: "127.0.0.1:3000"}},
},
},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3001",
expectErr: true,
},
{
name: "add new service handler",
desc: "add a new service HTTP handler to empty config",
cfg: &ipn.ServeConfig{},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3000",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
},
{
name: "update existing service handler",
desc: "update an existing service HTTP handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/",
target: "http://localhost:3001",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3001"},
},
},
},
},
},
},
},
{
name: "add new service handler",
desc: "add a new service HTTP handler to existing service config",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 88,
mountPath: "/",
target: "http://localhost:3001",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
88: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
"bar.test.ts.net:88": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3001"},
},
},
},
},
},
},
},
{
name: "add new service mount",
desc: "add a new service mount to existing service config",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{80: {HTTP: true}},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mountPath: "/added",
target: "http://localhost:3001",
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
"/added": {Proxy: "http://localhost:3001"},
},
},
},
},
},
},
},
{
name: "add new service handler",
desc: "add a new service handler in tun mode to empty config",
cfg: &ipn.ServeConfig{},
dnsName: "svc:bar",
srvType: serveTypeTUN,
expected: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
Tun: true,
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := e.setServe(tt.cfg, tt.dnsName, tt.srvType, tt.srvPort, tt.mountPath, tt.target, tt.allowFunnel, magicDNSSuffix, nil)
if err != nil && !tt.expectErr {
t.Fatalf("got error: %v; did not expect error.", err)
}
if err == nil && tt.expectErr {
t.Fatalf("got no error; expected error.")
}
if !tt.expectErr && !reflect.DeepEqual(tt.cfg, tt.expected) {
svcName := tailcfg.ServiceName(tt.dnsName)
t.Fatalf("got: %v; expected: %v", tt.cfg.Services[svcName], tt.expected.Services[svcName])
}
})
}
}
func TestUnsetServe(t *testing.T) {
tests := []struct {
name string
desc string
cfg *ipn.ServeConfig
st *ipnstate.Status
dnsName string
srvType serveType
srvPort uint16
mount string
setServeEnv bool
serveEnv *serveEnv // if set, use this instead of the default serveEnv
expected *ipn.ServeConfig
expectErr bool
}{
{
name: "unset http handler",
desc: "remove an existing http handler",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "foo.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
mount: "/",
expected: &ipn.ServeConfig{},
expectErr: false,
},
{
name: "unset service handler",
desc: "remove an existing service TCP handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mount: "/",
expected: &ipn.ServeConfig{},
expectErr: false,
},
{
name: "unset service handler tun",
desc: "remove an existing service handler in tun mode",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
Tun: true,
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:bar",
srvType: serveTypeTUN,
expected: &ipn.ServeConfig{},
expectErr: false,
},
{
name: "unset service handler tcp",
desc: "remove an existing service TCP handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {TCPForward: "11.11.11.11:3000"},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:bar",
srvType: serveTypeTCP,
srvPort: 80,
expected: &ipn.ServeConfig{},
expectErr: false,
},
{
name: "unset http handler not found",
desc: "try to remove a non-existing http handler",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "bar.test.ts.net",
srvType: serveTypeHTTP,
srvPort: 80,
mount: "/abc",
expected: &ipn.ServeConfig{},
expectErr: true,
},
{
name: "unset service handler not found",
desc: "try to remove a non-existing service TCP handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:bar",
srvType: serveTypeHTTP,
srvPort: 80,
mount: "/abc",
setServeEnv: true,
serveEnv: &serveEnv{setPath: "/abc"},
expected: &ipn.ServeConfig{},
expectErr: true,
},
{
name: "unset service doesn't exist",
desc: "try to remove a non-existing service's handler",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {TCPForward: "11.11.11.11:3000"},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:foo",
srvType: serveTypeTCP,
srvPort: 80,
expectErr: true,
},
{
name: "unset tcp while port is in use",
desc: "try to remove a TCP handler while the port is used for web",
cfg: &ipn.ServeConfig{
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"foo:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "foo.test.ts.net",
srvType: serveTypeTCP,
srvPort: 80,
mount: "/",
expectErr: true,
},
{
name: "unset service tcp while port is in use",
desc: "try to remove a service TCP handler while the port is used for web",
cfg: &ipn.ServeConfig{
Services: map[tailcfg.ServiceName]*ipn.ServiceConfig{
"svc:bar": {
TCP: map[uint16]*ipn.TCPPortHandler{
80: {HTTP: true},
},
Web: map[ipn.HostPort]*ipn.WebServerConfig{
"bar.test.ts.net:80": {
Handlers: map[string]*ipn.HTTPHandler{
"/": {Proxy: "http://localhost:3000"},
},
},
},
},
},
},
st: &ipnstate.Status{
CurrentTailnet: &ipnstate.TailnetStatus{MagicDNSSuffix: "test.ts.net"},
},
dnsName: "svc:bar",
srvType: serveTypeTCP,
srvPort: 80,
mount: "/",
expectErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
e := &serveEnv{}
if tt.setServeEnv {
e = tt.serveEnv
}
err := e.unsetServe(tt.cfg, tt.dnsName, tt.srvType, tt.srvPort, tt.mount, tt.st.CurrentTailnet.MagicDNSSuffix)
if err != nil && !tt.expectErr {
t.Fatalf("got error: %v; did not expect error.", err)
}
if err == nil && tt.expectErr {
t.Fatalf("got no error; expected error.")
}
if !tt.expectErr && !reflect.DeepEqual(tt.cfg, tt.expected) {
t.Fatalf("got: %v; expected: %v", tt.cfg, tt.expected)
}
})
}
}
// exactErrMsg returns an error checker that wants exactly the provided want error.
// If optName is non-empty, it's used in the error message.
func exactErrMsg(want error) func(error) string {
return func(got error) string {
if got.Error() == want.Error() {
return ""
}
return fmt.Sprintf("\ngot: %v\nwant: %v\n", got, want)
}
}
func ptrToReadOnlySlice[T any](s []T) *views.Slice[T] {
vs := views.SliceOf(s)
return &vs
}
Reference in New Issue View Git Blame Copy Permalink