tstest: extend node key expiration integration test.

Can produce the problem in #2515, preparing to test a fix. Marked as t.Skip() until we have a fix. Updates https://github.com/tailscale/tailscale/issues/2515 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-10-28 17:44:18 -07:00
parent 12148dcf48
commit 1ec99e99f4
2 changed files with 80 additions and 1 deletions
--- a/tstest/integration/testcontrol/testcontrol.go
+++ b/tstest/integration/testcontrol/testcontrol.go
@ -65,6 +65,7 @@ type Server struct {
 	authPath      map[string]*AuthPath
 	nodeKeyAuthed map[key.NodePublic]bool // key => true once authenticated
 	pingReqsToAdd map[key.NodePublic]*tailcfg.PingRequest
+	allExpired    bool // All nodes will be told their node key is expired.
 }

 // BaseURL returns the server's base URL, without trailing slash.
@ -153,6 +154,17 @@ func (s *Server) AddPingRequest(nodeKeyDst key.NodePublic, pr *tailcfg.PingReque
 	return sendUpdate(oldUpdatesCh, updateDebugInjection)
 }

+// Mark the Node key of every node as expired
+func (s *Server) SetExpireAllNodes(expired bool) {
+	s.mu.Lock()
+	s.allExpired = expired
+	s.mu.Unlock()
+
+	for _, node := range s.AllNodes() {
+		sendUpdate(s.updates[node.ID], updateSelfChanged)
+	}
+}
+
 type AuthPath struct {
 	nodeKey key.NodePublic

@ -467,6 +479,7 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key.
 	if requireAuth && s.nodeKeyAuthed[nk] {
 		requireAuth = false
 	}
+	allExpired := s.allExpired
 	s.mu.Unlock()

 	authURL := ""
@ -481,7 +494,7 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key.
 	res, err := s.encode(mkey, false, tailcfg.RegisterResponse{
 		User:              *user,
 		Login:             *login,
-		NodeKeyExpired:    false,
+		NodeKeyExpired:    allExpired,
 		MachineAuthorized: machineAuthorized,
 		AuthURL:           authURL,
 	})
@ -642,6 +655,13 @@ func (s *Server) serveMap(w http.ResponseWriter, r *http.Request, mkey key.Machi
 		if res == nil {
 			return // done
 		}
+
+		s.mu.Lock()
+		allExpired := s.allExpired
+		s.mu.Unlock()
+		if allExpired {
+			res.Node.KeyExpiry = time.Now().Add(-1 * time.Minute)
+		}
 		// TODO: add minner if/when needed
 		resBytes, err := json.Marshal(res)
 		if err != nil {