fix: add /api/network/dns/corefile endpoint and per-line iptables check
Unit Tests / test (push) Successful in 11m13s
Unit Tests / test (push) Successful in 11m13s
The e2e tests were reading a stale Corefile at a hardcoded fallback path (/home/roof/pic/config/dns/Corefile) instead of the live one written by the API (/opt/pic/config/dns/Corefile on pic1). Adding a proper API endpoint eliminates the path ambiguity. The iptables test was checking whether peer_ip, DROP, and dpt:80 appeared anywhere in the full multi-line output rather than on the same rule line, producing false positives. Now checks per line. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -85,7 +85,10 @@ class TestServiceAccessUpdate:
|
||||
if not rules:
|
||||
return # can't verify without iptables access — skip silently
|
||||
# No Caddy-targeted DROP for this peer; service blocking is DNS-ACL only
|
||||
caddy_drop = f'{peer_ip}' in rules and 'DROP' in rules and 'dpt:80' in rules
|
||||
caddy_drop = any(
|
||||
peer_ip in line and 'DROP' in line and 'dpt:80' in line
|
||||
for line in rules.splitlines()
|
||||
)
|
||||
assert not caddy_drop, (
|
||||
f'Found Caddy DROP rule for {peer_ip} after service_access=[] — '
|
||||
f'this blocks the PIC UI. Service access should be DNS-ACL only.\n{rules}'
|
||||
|
||||
Reference in New Issue
Block a user