wgctl/commands/test/destructive.sh
Nuno Duque Nunes 8bb1de4976 init feature
2026-05-19 15:26:31 +00:00

116 lines
No EOL
5.3 KiB
Bash

#!/usr/bin/env bash
# test/destructive.sh — tests that modify system state
# Sourced by test.command.sh — do not execute directly.
# Requires run_cmd / run_cmd_fails from integration.sh to be sourced first.
function cmd::test::section_destructive() {
test::section "Destructive (modifying state)"
# Cleanup from any previous failed run
"$WGCTL_BINARY" remove --name phone-testunit --force > /dev/null 2>&1 || true
"$WGCTL_BINARY" group remove --name testgroup --force > /dev/null 2>&1 || true
"$WGCTL_BINARY" group remove --name testgroup2 --force > /dev/null 2>&1 || true
"$WGCTL_BINARY" net rm --name test-block-svc --force > /dev/null 2>&1 || true
"$WGCTL_BINARY" unblock --name phone-testunit > /dev/null 2>&1 || true
cmd::test::_destructive_peer
cmd::test::_destructive_block_unblock
cmd::test::_destructive_service_block
cmd::test::_destructive_rule
cmd::test::_destructive_groups
cmd::test::_destructive_identity
cmd::test::_destructive_cleanup
}
function cmd::test::_destructive_peer() {
cmd::test::run_cmd "add phone peer" "added" \
add --name testunit --type phone
}
function cmd::test::_destructive_block_unblock() {
cmd::test::run_cmd "block peer" "blocked" block --name phone-testunit
cmd::test::run_cmd "list shows blocked" "blocked" list --blocked
cmd::test::run_cmd "unblock peer" "unblocked" unblock --name phone-testunit
cmd::test::run_cmd "block peer --ip" "blocked for" \
block --name phone-testunit --ip 10.0.0.99
cmd::test::run_cmd "list shows restricted" "restricted" \
list --name phone-testunit
cmd::test::run_cmd "unblock peer --ip" "unblocked" \
unblock --name phone-testunit --ip 10.0.0.99
}
function cmd::test::_destructive_service_block() {
"$WGCTL_BINARY" net add --name test-block-svc \
--ip 10.0.0.99 > /dev/null 2>&1
"$WGCTL_BINARY" net add --name test-block-svc:web \
--port 9999:tcp > /dev/null 2>&1
cmd::test::run_cmd "block peer --service (ip)" "blocked" block --name phone-testunit --service test-block-svc
cmd::test::run_cmd "block already blocked service" "already" block --name phone-testunit --service test-block-svc
cmd::test::run_cmd "unblock peer --service (ip)" "unblocked" unblock --name phone-testunit --service test-block-svc
cmd::test::run_cmd "unblock not blocked service" "not blocked" unblock --name phone-testunit --service test-block-svc
cmd::test::run_cmd "block peer --service (port)" "blocked" block --name phone-testunit --service test-block-svc:web
cmd::test::run_cmd "unblock peer --service (port)" "unblocked" unblock --name phone-testunit --service test-block-svc:web
"$WGCTL_BINARY" net rm --name test-block-svc --force > /dev/null 2>&1 || true
}
function cmd::test::_destructive_rule() {
cmd::test::run_cmd "rule assign" "Assigned" rule assign --name user --peer phone-testunit
cmd::test::run_cmd "rule unassign" "Unassigned" rule unassign --peer phone-testunit
"$WGCTL_BINARY" rule assign --name user --peer phone-testunit > /dev/null 2>&1 || true
}
function cmd::test::_destructive_groups() {
cmd::test::run_cmd "group add" "created" group add --name testgroup --desc "Test group"
cmd::test::run_cmd "group peer add" "Added" group peer add --name testgroup --peer phone-testunit
cmd::test::run_cmd "group block" "blocked" group block --name testgroup
cmd::test::run_cmd "group unblock" "unblocked" group unblock --name testgroup
# M:N group block tracking
"$WGCTL_BINARY" group add --name testgroup2 --desc "Test group 2" > /dev/null 2>&1
"$WGCTL_BINARY" group peer add --name testgroup2 --peer phone-testunit > /dev/null 2>&1
cmd::test::run_cmd "group block first" "blocked" group block --name testgroup
cmd::test::run_cmd "group block second" "blocked" group block --name testgroup2
"$WGCTL_BINARY" group unblock --name testgroup > /dev/null 2>&1
cmd::test::run_cmd "peer stays blocked after partial unblock" "blocked" list --blocked
"$WGCTL_BINARY" group unblock --name testgroup2 > /dev/null 2>&1
cmd::test::run_cmd "peer unblocked after all groups unblock" "phone-testunit" list --allowed
# Direct block overrides group block
"$WGCTL_BINARY" group block --name testgroup > /dev/null 2>&1
cmd::test::run_cmd "direct unblock overrides group block" "unblocked" unblock --name phone-testunit
cmd::test::run_cmd "group remove" "removed" group remove --name testgroup --force
"$WGCTL_BINARY" group remove --name testgroup2 --force > /dev/null 2>&1 || true
}
function cmd::test::_destructive_identity() {
test::section "Destructive: identity auto-attach/detach"
# Add verifies auto-attach
cmd::test::run_cmd "add attaches to identity" "added" \
add --name testunit2 --type laptop
cmd::test::run_cmd "identity shows testunit2" "testunit2" \
identity show --name testunit
# Rename verifies identity::rename_peer
cmd::test::run_cmd "rename updates identity" "renamed" \
rename --name laptop-testunit2 --new-name laptop-testunit2b
cmd::test::run_cmd "identity reflects rename" "testunit2b" \
identity show --name testunit
# Remove verifies auto-detach
"$WGCTL_BINARY" remove --name laptop-testunit2b --force > /dev/null 2>&1 || true
}
function cmd::test::_destructive_cleanup() {
cmd::test::run_cmd "remove phone peer" "removed" \
remove --name phone-testunit --force
}