roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prevent _syncconf from touching live container when run from tests

Browse Source 
Added a path guard: if the config file resolves to /tmp/ or a pytest
temp dir, _syncconf bails out immediately. Without this, tests calling
add_peer/remove_peer with a temp-dir WireGuardManager would connect to
the live cell-wireguard container and remove production peers.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-21 01:05:56 -04:00
parent 53c7661812
commit 84d33aa88c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/wireguard_manager.py
+7
View File
@@ -160,8 +160,15 @@ class WireGuardManager(BaseServiceManager):
wg syncconf resets the ListenPort when given a peers-only config, wg syncconf resets the ListenPort when given a peers-only config,
breaking client connections. We diff the config file against the live breaking client connections. We diff the config file against the live
interface and add/remove peers individually instead. interface and add/remove peers individually instead.
SAFETY: if the config file is not under the real wireguard config dir
(e.g. a test temp dir), bail out immediately — never touch the live container.
""" """
import subprocess, re import subprocess, re
real_conf = self._config_file()
if '/tmp/' in real_conf or 'pytest' in real_conf:
logger.debug('_syncconf: skipping — config path looks like a test dir')
return
try: try:
# Parse desired peers from config file # Parse desired peers from config file
content = self._read_config() content = self._read_config()