roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ec8995d41e3e15c609c8e84442948b72d0032aa7
pic/tests/e2e/helpers/wg_runner.py
T
roof e8b8e47aa4
Unit Tests / test (push) Successful in 7m26s
Details
fix: use sudo for nft list tables — /usr/sbin not in roof user PATH 
nft lives in /usr/sbin which is absent from the non-root PATH on Debian.
The delete call already used sudo; add it to the list call too so the
session-scoped cleanup fixture doesn't crash before any test runs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-06 15:46:09 -04:00

70 lines
2.8 KiB
Python
Raw Blame History

import os
import subprocess
import secrets
import tempfile
from pathlib import Path
class WGInterface:
def __init__(self, config_path: str, iface_name: str):
self.config_path = config_path
self.iface_name = iface_name
self.up = False
def bring_up(self, timeout=30):
subprocess.run(['sudo', 'wg-quick', 'up', self.config_path],
check=True, timeout=timeout, capture_output=True, text=True)
self.up = True
def bring_down(self):
if self.up:
subprocess.run(['sudo', 'wg-quick', 'down', self.config_path],
check=False, timeout=15, capture_output=True)
self.up = False
def is_connected(self, server_ip='10.0.0.1', timeout=5) -> bool:
result = subprocess.run(
['ping', '-c', '1', '-W', str(timeout), server_ip],
capture_output=True, timeout=timeout + 2
)
return result.returncode == 0
def build_wg_config(private_key: str, peer_ip: str, server_pubkey: str,
server_endpoint: str, server_port: int = 51820,
allowed_ips: str = '10.0.0.0/24',
dns: str = None) -> str:
# Omit DNS line by default — wg-quick would try to call resolvconf/systemd-resolved
# to set system DNS, which is not installed in all test environments.
# DNS tests reach 10.0.0.1 directly via `dig @10.0.0.1` once the tunnel is up.
dns_line = f"DNS = {dns}\n" if dns else ""
return (
f"[Interface]\n"
f"PrivateKey = {private_key}\n"
f"Address = {peer_ip}/32\n"
f"{dns_line}\n"
f"[Peer]\n"
f"PublicKey = {server_pubkey}\n"
f"Endpoint = {server_endpoint}:{server_port}\n"
f"AllowedIPs = {allowed_ips}\n"
f"PersistentKeepalive = 25\n"
)
def cleanup_stale_e2e_interfaces():
"""Remove any leftover pic-e2e-* interfaces and nftables tables from previous failed runs."""
result = subprocess.run(['ip', 'link', 'show'], capture_output=True, text=True)
for line in result.stdout.splitlines():
if 'pic-e2e-' in line:
iface = line.split(':')[1].strip().split('@')[0]
subprocess.run(['sudo', 'ip', 'link', 'delete', iface], capture_output=True)
# wg-quick creates an nftables table per interface; if the interface was never brought
# down cleanly the table persists and drops decrypted ICMP replies on future runs.
nft_result = subprocess.run(['sudo', 'nft', 'list', 'tables'], capture_output=True, text=True)
for line in nft_result.stdout.splitlines():
if 'wg-quick-pic-e2e-' in line:
table_name = line.strip().split()[-1]
subprocess.run(['sudo', 'nft', 'delete', 'table', 'ip', table_name],
capture_output=True)
Reference in New Issue View Git Blame Copy Permalink