roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a35cf72d3cf0a27131aa26d3301692dd25d3c27
pic/tests/e2e/wg/test_wg_dns.py
T
roof 420dced9ff fix: WireGuard peer sync, privileged mode, E2E and integration test correctness 
- api/app.py: sync WireGuard server config on peer add/remove (non-fatal)
- docker-compose.yml: add privileged:true to wireguard service
- E2E tests: fix logout selector, DNS IP lookup, wg config DNS line, VIP skip guards,
  badge text selectors, heading .first, async logout wait
- Integration tests: fix 4 tests that sent unauthenticated requests expecting 400
  (now use authenticated session helpers); accept 401 as valid in webui proxy test;
  add password field to service_access validation test
- Remove stale tracked config templates (config/api/api/*, config/api/cell.env, etc.)
  that no longer exist on disk after config layout was reorganised

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-26 06:04:40 -04:00

44 lines
1.6 KiB
Python
Raw Blame History

import pytest
import subprocess
pytestmark = pytest.mark.wg
def _get_dns_ip(admin_client) -> str:
"""Return the CoreDNS IP from the config, falling back to the default Docker IP."""
r = admin_client.get('/api/config')
if r.status_code == 200:
sips = r.json().get('service_ips', {})
dns_ip = sips.get('dns', '')
if dns_ip:
return dns_ip
return '172.20.0.3'
def test_dns_resolves_via_vpn(connected_peer, admin_client):
"""Scenario 27: DNS queries for cell domain resolve via the PIC CoreDNS server."""
r = admin_client.get('/api/config')
domain = r.json().get('domain', 'cell') if r.status_code == 200 else 'cell'
# CoreDNS is at the Docker bridge IP (172.20.0.3 by default).
# The VPN tunnel routes 10.0.0.0/24 — CoreDNS is reachable via Docker bridge directly.
dns_ip = _get_dns_ip(admin_client)
result = subprocess.run(
['dig', f'@{dns_ip}', f'mail.{domain}', '+short', '+time=5'],
capture_output=True, text=True, timeout=10
)
assert result.returncode == 0, f"DNS query to {dns_ip} failed: {result.stderr}"
def test_dns_server_reachable_via_vpn(connected_peer, admin_client):
"""CoreDNS port 53 is reachable from the test environment."""
dns_ip = _get_dns_ip(admin_client)
result = subprocess.run(
['dig', f'@{dns_ip}', 'health.check', '+time=2'],
capture_output=True, text=True, timeout=5
)
# Even a NXDOMAIN response means DNS is up — we just need a response not a timeout
assert 'status:' in result.stdout or result.returncode == 0, (
f"CoreDNS at {dns_ip} did not respond: {result.stdout[:200]}"
)
Reference in New Issue View Git Blame Copy Permalink