116 lines
No EOL
5.3 KiB
Bash
116 lines
No EOL
5.3 KiB
Bash
#!/usr/bin/env bash
|
|
# test/destructive.sh — tests that modify system state
|
|
# Sourced by test.command.sh — do not execute directly.
|
|
# Requires run_cmd / run_cmd_fails from integration.sh to be sourced first.
|
|
|
|
function cmd::test::section_destructive() {
|
|
test::section "Destructive (modifying state)"
|
|
|
|
# Cleanup from any previous failed run
|
|
"$WGCTL_BINARY" remove --name phone-testunit --force > /dev/null 2>&1 || true
|
|
"$WGCTL_BINARY" group remove --name testgroup --force > /dev/null 2>&1 || true
|
|
"$WGCTL_BINARY" group remove --name testgroup2 --force > /dev/null 2>&1 || true
|
|
"$WGCTL_BINARY" net rm --name test-block-svc --force > /dev/null 2>&1 || true
|
|
"$WGCTL_BINARY" unblock --name phone-testunit > /dev/null 2>&1 || true
|
|
|
|
cmd::test::_destructive_peer
|
|
cmd::test::_destructive_block_unblock
|
|
cmd::test::_destructive_service_block
|
|
cmd::test::_destructive_rule
|
|
cmd::test::_destructive_groups
|
|
cmd::test::_destructive_identity
|
|
cmd::test::_destructive_cleanup
|
|
}
|
|
|
|
function cmd::test::_destructive_peer() {
|
|
cmd::test::run_cmd "add phone peer" "added" \
|
|
add --name testunit --type phone
|
|
}
|
|
|
|
function cmd::test::_destructive_block_unblock() {
|
|
cmd::test::run_cmd "block peer" "blocked" block --name phone-testunit
|
|
cmd::test::run_cmd "list shows blocked" "blocked" list --blocked
|
|
cmd::test::run_cmd "unblock peer" "unblocked" unblock --name phone-testunit
|
|
|
|
cmd::test::run_cmd "block peer --ip" "blocked for" \
|
|
block --name phone-testunit --ip 10.0.0.99
|
|
cmd::test::run_cmd "list shows restricted" "restricted" \
|
|
list --name phone-testunit
|
|
cmd::test::run_cmd "unblock peer --ip" "unblocked" \
|
|
unblock --name phone-testunit --ip 10.0.0.99
|
|
}
|
|
|
|
function cmd::test::_destructive_service_block() {
|
|
"$WGCTL_BINARY" net add --name test-block-svc \
|
|
--ip 10.0.0.99 > /dev/null 2>&1
|
|
"$WGCTL_BINARY" net add --name test-block-svc:web \
|
|
--port 9999:tcp > /dev/null 2>&1
|
|
|
|
cmd::test::run_cmd "block peer --service (ip)" "blocked" block --name phone-testunit --service test-block-svc
|
|
cmd::test::run_cmd "block already blocked service" "already" block --name phone-testunit --service test-block-svc
|
|
cmd::test::run_cmd "unblock peer --service (ip)" "unblocked" unblock --name phone-testunit --service test-block-svc
|
|
cmd::test::run_cmd "unblock not blocked service" "not blocked" unblock --name phone-testunit --service test-block-svc
|
|
cmd::test::run_cmd "block peer --service (port)" "blocked" block --name phone-testunit --service test-block-svc:web
|
|
cmd::test::run_cmd "unblock peer --service (port)" "unblocked" unblock --name phone-testunit --service test-block-svc:web
|
|
|
|
"$WGCTL_BINARY" net rm --name test-block-svc --force > /dev/null 2>&1 || true
|
|
}
|
|
|
|
function cmd::test::_destructive_rule() {
|
|
cmd::test::run_cmd "rule assign" "Assigned" rule assign --name user --peer phone-testunit
|
|
cmd::test::run_cmd "rule unassign" "Unassigned" rule unassign --peer phone-testunit
|
|
"$WGCTL_BINARY" rule assign --name user --peer phone-testunit > /dev/null 2>&1 || true
|
|
}
|
|
|
|
function cmd::test::_destructive_groups() {
|
|
cmd::test::run_cmd "group add" "created" group add --name testgroup --desc "Test group"
|
|
cmd::test::run_cmd "group peer add" "Added" group peer add --name testgroup --peer phone-testunit
|
|
cmd::test::run_cmd "group block" "blocked" group block --name testgroup
|
|
cmd::test::run_cmd "group unblock" "unblocked" group unblock --name testgroup
|
|
|
|
# M:N group block tracking
|
|
"$WGCTL_BINARY" group add --name testgroup2 --desc "Test group 2" > /dev/null 2>&1
|
|
"$WGCTL_BINARY" group peer add --name testgroup2 --peer phone-testunit > /dev/null 2>&1
|
|
|
|
cmd::test::run_cmd "group block first" "blocked" group block --name testgroup
|
|
cmd::test::run_cmd "group block second" "blocked" group block --name testgroup2
|
|
|
|
"$WGCTL_BINARY" group unblock --name testgroup > /dev/null 2>&1
|
|
cmd::test::run_cmd "peer stays blocked after partial unblock" "blocked" list --blocked
|
|
|
|
"$WGCTL_BINARY" group unblock --name testgroup2 > /dev/null 2>&1
|
|
cmd::test::run_cmd "peer unblocked after all groups unblock" "phone-testunit" list --allowed
|
|
|
|
# Direct block overrides group block
|
|
"$WGCTL_BINARY" group block --name testgroup > /dev/null 2>&1
|
|
cmd::test::run_cmd "direct unblock overrides group block" "unblocked" unblock --name phone-testunit
|
|
|
|
cmd::test::run_cmd "group remove" "removed" group remove --name testgroup --force
|
|
"$WGCTL_BINARY" group remove --name testgroup2 --force > /dev/null 2>&1 || true
|
|
}
|
|
|
|
function cmd::test::_destructive_identity() {
|
|
test::section "Destructive: identity auto-attach/detach"
|
|
|
|
# Add verifies auto-attach
|
|
cmd::test::run_cmd "add attaches to identity" "added" \
|
|
add --name testunit2 --type laptop
|
|
|
|
cmd::test::run_cmd "identity shows testunit2" "testunit2" \
|
|
identity show --name testunit
|
|
|
|
# Rename verifies identity::rename_peer
|
|
cmd::test::run_cmd "rename updates identity" "renamed" \
|
|
rename --name laptop-testunit2 --new-name laptop-testunit2b
|
|
|
|
cmd::test::run_cmd "identity reflects rename" "testunit2b" \
|
|
identity show --name testunit
|
|
|
|
# Remove verifies auto-detach
|
|
"$WGCTL_BINARY" remove --name laptop-testunit2b --force > /dev/null 2>&1 || true
|
|
}
|
|
|
|
function cmd::test::_destructive_cleanup() {
|
|
cmd::test::run_cmd "remove phone peer" "removed" \
|
|
remove --name phone-testunit --force
|
|
} |