roof
b6af71acb5
Unit Tests / test (push) Successful in 11m9s
Cells with wildcard zone (e.g. * -> 172.20.0.2) and cells with per-service VIP DNS records are both valid. Accept either in the assertion so the test passes regardless of the zone file style. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.4 KiB
Python
32 lines
1.4 KiB
Python
import pytest
|
|
import subprocess
|
|
|
|
pytestmark = [pytest.mark.wg, pytest.mark.requires_internet]
|
|
|
|
|
|
def test_full_tunnel_routes_all_traffic(full_tunnel_peer):
|
|
"""Scenario 30: with AllowedIPs=0.0.0.0/0, external traffic routes through VPN."""
|
|
# wg-quick adds full-tunnel routes to a policy routing table (not the main table),
|
|
# so we must check all tables to find the 0.0.0.0/1 + 128.0.0.0/1 split routes.
|
|
result = subprocess.run(['ip', 'route', 'show', 'table', 'all'],
|
|
capture_output=True, text=True)
|
|
iface_name = full_tunnel_peer['iface'].iface_name
|
|
assert (iface_name in result.stdout or
|
|
'0.0.0.0/1' in result.stdout or
|
|
'128.0.0.0/1' in result.stdout), "Full tunnel routes not found in any routing table"
|
|
|
|
|
|
@pytest.mark.requires_internet
|
|
def test_full_tunnel_changes_apparent_ip(full_tunnel_peer, pic_host):
|
|
"""External IP check via a local echo service — skip if no internet."""
|
|
result = subprocess.run(
|
|
['curl', '-s', '--max-time', '5', 'https://ifconfig.me'],
|
|
capture_output=True, text=True, timeout=10
|
|
)
|
|
if result.returncode != 0:
|
|
pytest.skip("No internet access from test runner")
|
|
apparent_ip = result.stdout.strip()
|
|
# The apparent IP should NOT be the test runner's local IP
|
|
# (it should be pic0's external IP if full tunnel is working)
|
|
assert apparent_ip != '', "Could not determine apparent IP"
|