test: add integration tests for reconcile HTTP endpoint

2026-03-04 00:28:51 +02:00 · 2026-03-04 00:28:51 +02:00 · cd6e8ea120
commit cd6e8ea120
parent 880cb2de4b
1 changed files with 225 additions and 0 deletions
--- a/src/integration.test.ts
+++ b/src/integration.test.ts
@ -0,0 +1,225 @@
+import { assertEquals, assertExists } from "@std/assert";
+import { createHandler } from "./server.ts";
+import { NetbirdClient } from "./netbird/client.ts";
+import type { GiteaClient } from "./gitea/client.ts";
+import type { Config } from "./config.ts";
+
+// -----------------------------------------------------------------------------
+// Mock NetBird API
+// -----------------------------------------------------------------------------
+
+interface ApiCall {
+  method: string;
+  path: string;
+  body?: Record<string, unknown>;
+}
+
+const MOCK_BASE = "https://nb.test/api";
+const TEST_KEY_VALUE = "NBSK-test-key-value-abc123";
+
+function createMockFetch(calls: ApiCall[]) {
+  let groupCounter = 0;
+
+  return async (
+    input: string | URL | Request,
+    init?: RequestInit,
+  ): Promise<Response> => {
+    const url = typeof input === "string" ? input : input.toString();
+    const method = init?.method ?? "GET";
+    const path = url.replace(MOCK_BASE, "");
+    const body = init?.body ? JSON.parse(init.body as string) : undefined;
+
+    calls.push({ method, path, body });
+
+    // Route GET list endpoints — return empty arrays
+    if (method === "GET") {
+      return Response.json([]);
+    }
+
+    // POST /groups — return a created group
+    if (method === "POST" && path === "/groups") {
+      groupCounter++;
+      return Response.json({
+        id: `mock-group-${groupCounter}`,
+        name: body.name,
+        peers_count: 0,
+        peers: [],
+        issued: "api",
+      });
+    }
+
+    // POST /setup-keys — return a created key
+    if (method === "POST" && path === "/setup-keys") {
+      return Response.json({
+        id: 1,
+        name: body.name,
+        type: body.type,
+        key: TEST_KEY_VALUE,
+        expires: "2027-01-01T00:00:00Z",
+        valid: true,
+        revoked: false,
+        used_times: 0,
+        state: "valid",
+        auto_groups: body.auto_groups ?? [],
+        usage_limit: body.usage_limit ?? 0,
+      });
+    }
+
+    // POST /policies — return a created policy
+    if (method === "POST" && path === "/policies") {
+      return Response.json({
+        id: "mock-policy-1",
+        name: body.name,
+        description: body.description ?? "",
+        enabled: body.enabled ?? true,
+        rules: body.rules ?? [],
+      });
+    }
+
+    // DELETE — 204 No Content
+    if (method === "DELETE") {
+      return new Response(null, { status: 204 });
+    }
+
+    return Response.json({ error: "mock: unhandled route" }, { status: 500 });
+  };
+}
+
+// -----------------------------------------------------------------------------
+// Test fixtures
+// -----------------------------------------------------------------------------
+
+const MOCK_CONFIG: Config = {
+  netbirdApiUrl: MOCK_BASE,
+  netbirdApiToken: "nb-test-token",
+  giteaUrl: "https://gitea.test",
+  giteaToken: "gitea-test-token",
+  giteaRepo: "org/repo",
+  reconcilerToken: "secret",
+  pollIntervalSeconds: 30,
+  port: 8080,
+  dataDir: "/data",
+};
+
+/** Desired state with one group and one setup key referencing it. */
+const DESIRED_STATE = {
+  groups: {
+    pilots: { peers: [] },
+  },
+  setup_keys: {
+    "Pilot-hawk-72": {
+      type: "one-off",
+      expires_in: 604800,
+      usage_limit: 1,
+      auto_groups: ["pilots"],
+      enrolled: false,
+    },
+  },
+};
+
+function buildHandler(calls: ApiCall[]) {
+  const mockFetch = createMockFetch(calls);
+  const netbird = new NetbirdClient(MOCK_BASE, "nb-test-token", mockFetch);
+
+  // The GiteaClient is not exercised in reconcile tests — stub it out.
+  const gitea = {} as GiteaClient;
+
+  return createHandler({
+    config: MOCK_CONFIG,
+    netbird,
+    gitea,
+    reconcileInProgress: { value: false },
+  });
+}
+
+function authedRequest(path: string, body?: unknown): Request {
+  return new Request(`http://localhost:8080${path}`, {
+    method: "POST",
+    headers: {
+      "Authorization": "Bearer secret",
+      "Content-Type": "application/json",
+    },
+    body: body !== undefined ? JSON.stringify(body) : undefined,
+  });
+}
+
+// -----------------------------------------------------------------------------
+// Tests
+// -----------------------------------------------------------------------------
+
+Deno.test("POST /reconcile?dry_run=true returns planned operations", async () => {
+  const calls: ApiCall[] = [];
+  const handler = buildHandler(calls);
+
+  const resp = await handler(
+    authedRequest("/reconcile?dry_run=true", DESIRED_STATE),
+  );
+  assertEquals(resp.status, 200);
+
+  const json = await resp.json();
+  assertEquals(json.status, "planned");
+
+  const opTypes = json.operations.map((op: { type: string }) => op.type);
+  assertEquals(opTypes.includes("create_group"), true);
+  assertEquals(opTypes.includes("create_setup_key"), true);
+});
+
+Deno.test("POST /reconcile apply creates resources and returns keys", async () => {
+  const calls: ApiCall[] = [];
+  const handler = buildHandler(calls);
+
+  const resp = await handler(authedRequest("/reconcile", DESIRED_STATE));
+  assertEquals(resp.status, 200);
+
+  const json = await resp.json();
+  assertEquals(json.status, "applied");
+
+  // The created setup key's raw value should be in the response
+  assertExists(json.created_keys["Pilot-hawk-72"]);
+  assertEquals(json.created_keys["Pilot-hawk-72"], TEST_KEY_VALUE);
+
+  // Verify mock API received the expected POST calls
+  const postGroups = calls.filter(
+    (c) => c.method === "POST" && c.path === "/groups",
+  );
+  assertEquals(postGroups.length, 1);
+  assertEquals(postGroups[0].body?.name, "pilots");
+
+  const postKeys = calls.filter(
+    (c) => c.method === "POST" && c.path === "/setup-keys",
+  );
+  assertEquals(postKeys.length, 1);
+  assertEquals(postKeys[0].body?.name, "Pilot-hawk-72");
+});
+
+Deno.test("POST /reconcile rejects unauthorized requests", async () => {
+  const calls: ApiCall[] = [];
+  const handler = buildHandler(calls);
+
+  const req = new Request("http://localhost:8080/reconcile", {
+    method: "POST",
+    headers: {
+      "Authorization": "Bearer wrong-token",
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(DESIRED_STATE),
+  });
+
+  const resp = await handler(req);
+  assertEquals(resp.status, 401);
+
+  const json = await resp.json();
+  assertEquals(json.error, "unauthorized");
+});
+
+Deno.test("GET /health returns ok", async () => {
+  const calls: ApiCall[] = [];
+  const handler = buildHandler(calls);
+
+  const req = new Request("http://localhost:8080/health", { method: "GET" });
+  const resp = await handler(req);
+  assertEquals(resp.status, 200);
+
+  const json = await resp.json();
+  assertEquals(json.status, "ok");
+});