roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add comprehensive E2E test suite (Playwright + WireGuard + API)

Browse Source 
Adds tests/e2e/ with three layers of E2E coverage:
- API layer (tests/e2e/api/): unauthenticated access, admin endpoints,
  peer endpoints, access control enforcement — 24 tests
- Playwright UI (tests/e2e/ui/): login flows, admin navigation, peer
  dashboard/services, role-based ACL, password change — 60+ tests
- WireGuard connectivity (tests/e2e/wg/): tunnel up/down, DNS resolution
  through VPN, service ACL enforcement via iptables, full-tunnel routing
Shared helpers: PicAPIClient, WGInterface, playwright_login, cleanup.
Makefile targets: test-e2e-api, test-e2e-ui, test-e2e-wg, test-e2e.
Adds scripts/reset_admin_password.py for test bootstrap.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-25 16:41:13 -04:00
parent 1e81b3b618
commit 0d32038150
34 changed files with 2122 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/e2e/wg/test_wg_full_tunnel.py
+31
View File
@@ -0,0 +1,31 @@
import pytest
import subprocess
pytestmark = [pytest.mark.wg, pytest.mark.requires_internet]
def test_full_tunnel_routes_all_traffic(full_tunnel_peer):
"""Scenario 30: with AllowedIPs=0.0.0.0/0, external traffic routes through VPN."""
# Check routing table — 0.0.0.0/0 should be via the WG interface
result = subprocess.run(['ip', 'route', 'show'], capture_output=True, text=True)
iface_name = full_tunnel_peer['iface'].iface_name
# In full tunnel mode, the default route or the 0.0.0.0/1 + 128.0.0.0/1 split routes
# point to the WG interface
assert (iface_name in result.stdout or
'0.0.0.0/1' in result.stdout or
'128.0.0.0/1' in result.stdout), "Full tunnel routes not found"
@pytest.mark.requires_internet
def test_full_tunnel_changes_apparent_ip(full_tunnel_peer, pic_host):
"""External IP check via a local echo service — skip if no internet."""
result = subprocess.run(
['curl', '-s', '--max-time', '5', 'https://ifconfig.me'],
capture_output=True, text=True, timeout=10
)
if result.returncode != 0:
pytest.skip("No internet access from test runner")
apparent_ip = result.stdout.strip()
# The apparent IP should NOT be the test runner's local IP
# (it should be pic0's external IP if full tunnel is working)
assert apparent_ip != '', "Could not determine apparent IP"