From a316e39cae21718040be1ab609dacec14f41fcba Mon Sep 17 00:00:00 2001 From: Prox Date: Fri, 6 Mar 2026 18:29:39 +0200 Subject: [PATCH] added TEST_SCENARIOS --- .beads/.gitignore | 50 ++++------ .beads/issues.jsonl | 0 .beads/metadata.json | 7 +- .gitattributes | 3 + poc/TEST-SCENARIOS.md | 227 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 252 insertions(+), 35 deletions(-) create mode 100644 .beads/issues.jsonl create mode 100644 .gitattributes create mode 100644 poc/TEST-SCENARIOS.md diff --git a/.beads/.gitignore b/.beads/.gitignore index dba6914..d27a1db 100644 --- a/.beads/.gitignore +++ b/.beads/.gitignore @@ -1,45 +1,30 @@ -# Dolt database (managed by Dolt, not git) -dolt/ -dolt-access.lock +# SQLite databases +*.db +*.db?* +*.db-journal +*.db-wal +*.db-shm -# Runtime files +# Daemon runtime files +daemon.lock +daemon.log +daemon.pid bd.sock -bd.sock.startlock sync-state.json last-touched # Local version tracking (prevents upgrade notification spam after git ops) .local_version +# Legacy database files +db.sqlite +bd.db + # Worktree redirect file (contains relative path to main repo's .beads/) # Must not be committed as paths would be wrong in other clones redirect -# Sync state (local-only, per-machine) -# These files are machine-specific and should not be shared across clones -.sync.lock -.jsonl.lock -sync_base.jsonl -export-state/ - -# Ephemeral store (SQLite - wisps/molecules, intentionally not versioned) -ephemeral.sqlite3 -ephemeral.sqlite3-journal -ephemeral.sqlite3-wal -ephemeral.sqlite3-shm - -# Legacy files (from pre-Dolt versions) -*.db -*.db?* -*.db-journal -*.db-wal -*.db-shm -db.sqlite -bd.db -daemon.lock -daemon.log -daemon-*.log.gz -daemon.pid +# Merge artifacts (temporary files from 3-way merge) beads.base.jsonl beads.base.meta.json beads.left.jsonl @@ -47,6 +32,11 @@ beads.left.meta.json beads.right.jsonl beads.right.meta.json +# Sync state (local-only, per-machine) +# These files are machine-specific and should not be shared across clones +.sync.lock +sync_base.jsonl + # NOTE: Do NOT add negation patterns (e.g., !issues.jsonl) here. # They would override fork protection in .git/info/exclude, allowing # contributors to accidentally commit upstream issue databases. diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl new file mode 100644 index 0000000..e69de29 diff --git a/.beads/metadata.json b/.beads/metadata.json index ef2b0b1..9c7d425 100644 --- a/.beads/metadata.json +++ b/.beads/metadata.json @@ -1,7 +1,4 @@ { "database": "dolt", - "jsonl_export": "issues.jsonl", - "backend": "dolt", - "dolt_mode": "server", - "dolt_database": "beads_netbird-gitops" -} + "jsonl_export": "issues.jsonl" +} \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..807d598 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ + +# Use bd merge for beads JSONL files +.beads/issues.jsonl merge=beads diff --git a/poc/TEST-SCENARIOS.md b/poc/TEST-SCENARIOS.md new file mode 100644 index 0000000..3b20d79 --- /dev/null +++ b/poc/TEST-SCENARIOS.md @@ -0,0 +1,227 @@ +# Test Scenarios for NetBird GitOps PoC + +Test instance: `vps-a.networkmonitor.cc` +State file: `state/test.json` +Gitea: `gitea.vps-a.networkmonitor.cc` + +Current state on the instance: 2 groups, 3 setup keys, 1 policy, 1 user. + +Each scenario: create a branch, edit `state/test.json`, push, open PR (dry-run), +review plan, merge (apply), verify on NetBird dashboard. + +--- + +## Scenario 1: Add a new group and policy + +**Goal:** Verify creating multiple resources in one PR. + +**Changes to `state/test.json`:** + +Add a new group `observers` and a policy allowing observers to see +ground-stations: + +```json +"groups": { + "ground-stations": { "peers": [] }, + "pilots": { "peers": [] }, + "observers": { "peers": [] } +}, +"policies": { + "pilots-to-gs": { ... }, + "observers-to-gs": { + "description": "Observers can view ground stations", + "enabled": true, + "sources": ["observers"], + "destinations": ["ground-stations"], + "bidirectional": false, + "protocol": "all", + "action": "accept" + } +} +``` + +**Expected dry-run:** +- Create: group `observers`, policy `observers-to-gs` + +**Verify after merge:** +- Dashboard shows the `observers` group +- Policy `observers-to-gs` exists with correct sources/destinations + +--- + +## Scenario 2: Update an existing policy + +**Goal:** Verify update detection works. + +**Changes to `state/test.json`:** + +Disable the `pilots-to-gs` policy: + +```json +"pilots-to-gs": { + "enabled": false, + ... +} +``` + +**Expected dry-run:** +- Update: policy `pilots-to-gs` + +**Verify after merge:** +- Policy shows as disabled on the dashboard + +--- + +## Scenario 3: Delete a resource + +**Goal:** Verify deletion works safely. + +**Changes to `state/test.json`:** + +Remove `Pilot-Vlad-2` from `setup_keys` (delete the entire key). + +**Expected dry-run:** +- Delete: setup_key `Pilot-Vlad-2` + +**Verify after merge:** +- Setup key no longer appears on the dashboard + +--- + +## Scenario 4: Enroll a peer (full lifecycle) + +**Goal:** Verify the enrollment detection and peer rename flow. + +**Prerequisite:** Runner and Gitea token must be configured for the reconciler +poller. Run ansible-playbook with filled vault.yml first. + +**Steps:** + +1. Make sure `state/test.json` has an unenrolled setup key, e.g.: + ```json + "GS-TestHawk-1": { + "type": "one-off", + "expires_in": 604800, + "usage_limit": 1, + "auto_groups": ["ground-stations"], + "enrolled": false + } + ``` + +2. Copy the setup key value from the NetBird dashboard (or from a previous + reconcile run's created_keys output) + +3. Enroll a peer: + ```bash + sudo netbird up --management-url https://vps-a.networkmonitor.cc --setup-key + ``` + +4. Wait for the poller to detect enrollment (~30 seconds) + +5. Verify: + - Peer is renamed to `GS-TestHawk-1` on the dashboard + - `state/test.json` in Gitea repo has `"enrolled": true` for that key + - The commit was made by the reconciler automatically + +--- + +## Scenario 5: Multi-resource create (bigger change) + +**Goal:** Test a realistic initial deployment scenario. + +**Changes to `state/test.json`:** + +Add network, posture check, and DNS in one PR: + +```json +"posture_checks": { + "geo-restrict-ua": { + "description": "Allow only UA/PL locations", + "checks": { + "geo_location_check": { + "locations": [ + { "country_code": "UA" }, + { "country_code": "PL" } + ], + "action": "allow" + } + } + } +}, +"dns": { + "nameserver_groups": { + "cloudflare": { + "nameservers": [ + { "ip": "1.1.1.1", "ns_type": "udp", "port": 53 } + ], + "domains": [], + "enabled": true, + "primary": true, + "groups": ["pilots", "ground-stations"] + } + } +} +``` + +**Expected dry-run:** +- Create: posture_check `geo-restrict-ua`, dns `cloudflare` + +**Verify after merge:** +- Posture check appears in dashboard +- DNS nameserver group exists + +--- + +## Scenario 6: No-op (idempotency check) + +**Goal:** Verify that pushing state that matches what's already deployed +produces no operations. + +**Steps:** + +1. Export current state: + ```bash + deno task export -- \ + --netbird-api-url https://vps-a.networkmonitor.cc/api \ + --netbird-api-token > state/test.json + ``` + +2. Push to a branch, open PR + +3. **Expected dry-run:** "No changes detected." + +--- + +## Scenario 7: Conflicting change (error handling) + +**Goal:** Verify the reconciler handles errors gracefully. + +**Steps:** + +1. Reference a group that doesn't exist in a policy: + ```json + "bad-policy": { + "enabled": true, + "sources": ["nonexistent-group"], + "destinations": ["pilots"], + "bidirectional": true + } + ``` + +2. This should fail schema validation before hitting the API. + +3. **Expected:** CI job fails with a clear error message. + +--- + +## Quick reference + +```bash +# Create test branch +git checkout -b test-scenario-N +# Edit state/test.json +# Push and open PR +git push poc test-scenario-N +# After testing, clean up +git checkout main && git branch -D test-scenario-N +```