mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-03-17 19:36:58 +00:00
231 lines
8.1 KiB
Go
231 lines
8.1 KiB
Go
package checks
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/DeBrosOfficial/network/pkg/inspector"
|
|
)
|
|
|
|
func TestCheckWireGuard_InterfaceDown(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{InterfaceUp: false}
|
|
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
|
|
expectStatus(t, results, "wg.interface_up", inspector.StatusFail)
|
|
// Early return — no further per-node checks
|
|
if findCheck(results, "wg.service_active") != nil {
|
|
t.Error("should not check service_active when interface down")
|
|
}
|
|
}
|
|
|
|
func TestCheckWireGuard_HealthyNode(t *testing.T) {
|
|
now := time.Now().Unix()
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
ServiceActive: true,
|
|
WgIP: "10.0.0.1",
|
|
ListenPort: 51820,
|
|
PeerCount: 2,
|
|
MTU: 1420,
|
|
ConfigExists: true,
|
|
ConfigPerms: "600",
|
|
Peers: []inspector.WGPeer{
|
|
{PublicKey: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", AllowedIPs: "10.0.0.2/32", LatestHandshake: now - 30, TransferRx: 1000, TransferTx: 2000},
|
|
{PublicKey: "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=", AllowedIPs: "10.0.0.3/32", LatestHandshake: now - 60, TransferRx: 500, TransferTx: 800},
|
|
},
|
|
}
|
|
|
|
// Single-node for per-node assertions (avoids helper node interference)
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
|
|
expectStatus(t, results, "wg.interface_up", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.service_active", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.correct_ip", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.listen_port", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.mtu", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.config_exists", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.config_perms", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.handshake_all", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.handshake_fresh", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.peer_traffic", inspector.StatusPass)
|
|
}
|
|
|
|
func TestCheckWireGuard_WrongIP(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "192.168.1.5",
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.correct_ip", inspector.StatusWarn)
|
|
}
|
|
|
|
func TestCheckWireGuard_WrongPort(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "10.0.0.1",
|
|
ListenPort: 12345,
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.listen_port", inspector.StatusWarn)
|
|
}
|
|
|
|
func TestCheckWireGuard_PeerCountMismatch(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{InterfaceUp: true, WgIP: "10.0.0.1", PeerCount: 1}
|
|
|
|
nodes := map[string]*inspector.NodeData{"1.1.1.1": nd}
|
|
for _, host := range []string{"2.2.2.2", "3.3.3.3", "4.4.4.4"} {
|
|
other := makeNodeData(host, "node")
|
|
other.WireGuard = &inspector.WireGuardData{InterfaceUp: true, PeerCount: 3}
|
|
nodes[host] = other
|
|
}
|
|
data := makeCluster(nodes)
|
|
results := CheckWireGuard(data)
|
|
|
|
// Node 1.1.1.1 has 1 peer but expects 3 (4 nodes - 1)
|
|
c := findCheck(results, "wg.peer_count")
|
|
if c == nil {
|
|
t.Fatal("expected wg.peer_count check")
|
|
}
|
|
// At least one node should have a warn
|
|
hasWarn := false
|
|
for _, r := range results {
|
|
if r.ID == "wg.peer_count" && r.Status == inspector.StatusWarn {
|
|
hasWarn = true
|
|
}
|
|
}
|
|
if !hasWarn {
|
|
t.Error("expected at least one wg.peer_count warn for mismatched peer count")
|
|
}
|
|
}
|
|
|
|
func TestCheckWireGuard_ZeroPeers(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{InterfaceUp: true, WgIP: "10.0.0.1", PeerCount: 0}
|
|
|
|
nodes := map[string]*inspector.NodeData{"1.1.1.1": nd}
|
|
for _, host := range []string{"2.2.2.2", "3.3.3.3"} {
|
|
other := makeNodeData(host, "node")
|
|
other.WireGuard = &inspector.WireGuardData{InterfaceUp: true, PeerCount: 2}
|
|
nodes[host] = other
|
|
}
|
|
data := makeCluster(nodes)
|
|
results := CheckWireGuard(data)
|
|
|
|
// At least one node should fail (zero peers = isolated)
|
|
hasFail := false
|
|
for _, r := range results {
|
|
if r.ID == "wg.peer_count" && r.Status == inspector.StatusFail {
|
|
hasFail = true
|
|
}
|
|
}
|
|
if !hasFail {
|
|
t.Error("expected wg.peer_count fail for isolated node")
|
|
}
|
|
}
|
|
|
|
func TestCheckWireGuard_StaleHandshakes(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "10.0.0.1",
|
|
PeerCount: 2,
|
|
Peers: []inspector.WGPeer{
|
|
{PublicKey: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", AllowedIPs: "10.0.0.2/32", LatestHandshake: time.Now().Unix() - 600, TransferRx: 100, TransferTx: 200},
|
|
{PublicKey: "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=", AllowedIPs: "10.0.0.3/32", LatestHandshake: time.Now().Unix() - 600, TransferRx: 100, TransferTx: 200},
|
|
},
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.handshake_fresh", inspector.StatusWarn)
|
|
}
|
|
|
|
func TestCheckWireGuard_NeverHandshaked(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "10.0.0.1",
|
|
PeerCount: 1,
|
|
Peers: []inspector.WGPeer{
|
|
{PublicKey: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", AllowedIPs: "10.0.0.2/32", LatestHandshake: 0},
|
|
},
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.handshake_all", inspector.StatusFail)
|
|
}
|
|
|
|
func TestCheckWireGuard_NoTraffic(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "10.0.0.1",
|
|
PeerCount: 1,
|
|
Peers: []inspector.WGPeer{
|
|
{PublicKey: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", AllowedIPs: "10.0.0.2/32", LatestHandshake: time.Now().Unix(), TransferRx: 0, TransferTx: 0},
|
|
},
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.peer_traffic", inspector.StatusWarn)
|
|
}
|
|
|
|
func TestCheckWireGuard_CatchAllRoute(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
nd.WireGuard = &inspector.WireGuardData{
|
|
InterfaceUp: true,
|
|
WgIP: "10.0.0.1",
|
|
PeerCount: 1,
|
|
Peers: []inspector.WGPeer{
|
|
{PublicKey: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", AllowedIPs: "0.0.0.0/0", LatestHandshake: time.Now().Unix(), TransferRx: 100, TransferTx: 200},
|
|
},
|
|
}
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.peer_catch_all", inspector.StatusFail)
|
|
}
|
|
|
|
func TestCheckWireGuard_CrossNode_PeerCountConsistent(t *testing.T) {
|
|
nodes := map[string]*inspector.NodeData{}
|
|
for _, host := range []string{"1.1.1.1", "2.2.2.2", "3.3.3.3"} {
|
|
nd := makeNodeData(host, "node")
|
|
nd.WireGuard = &inspector.WireGuardData{InterfaceUp: true, PeerCount: 2, MTU: 1420}
|
|
nodes[host] = nd
|
|
}
|
|
data := makeCluster(nodes)
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.peer_count_consistent", inspector.StatusPass)
|
|
expectStatus(t, results, "wg.mtu_consistent", inspector.StatusPass)
|
|
}
|
|
|
|
func TestCheckWireGuard_CrossNode_PeerCountInconsistent(t *testing.T) {
|
|
nodes := map[string]*inspector.NodeData{}
|
|
counts := []int{2, 2, 1}
|
|
for i, host := range []string{"1.1.1.1", "2.2.2.2", "3.3.3.3"} {
|
|
nd := makeNodeData(host, "node")
|
|
nd.WireGuard = &inspector.WireGuardData{InterfaceUp: true, PeerCount: counts[i], MTU: 1420}
|
|
nodes[host] = nd
|
|
}
|
|
data := makeCluster(nodes)
|
|
results := CheckWireGuard(data)
|
|
expectStatus(t, results, "wg.peer_count_consistent", inspector.StatusWarn)
|
|
}
|
|
|
|
func TestCheckWireGuard_NilData(t *testing.T) {
|
|
nd := makeNodeData("1.1.1.1", "node")
|
|
data := makeCluster(map[string]*inspector.NodeData{"1.1.1.1": nd})
|
|
results := CheckWireGuard(data)
|
|
if len(results) != 0 {
|
|
t.Errorf("expected 0 results for nil WireGuard data, got %d", len(results))
|
|
}
|
|
}
|