diff options
| author | James O'Doherty <james@theodohertyfamily.com> | 2026-05-29 19:14:11 -0400 |
|---|---|---|
| committer | James O'Doherty <james@theodohertyfamily.com> | 2026-05-29 19:14:11 -0400 |
| commit | 284ed362550e1fccc62ecd876dbd3f4c8fc721e2 (patch) | |
| tree | 00fe97c8a3c10d55032f714f84f104cf97be6c50 /internal/cli/profile_test.go | |
| parent | ee2f5d545825752af63da36e2b9ec7a92985a875 (diff) | |
feat(dns): implement unprivileged DNS isolation, precedence order, and profile configuration
Completed the remaining roadmap and documentation requirements by implementing robust unprivileged DNS management, completing the profile configuration subcommand, and resolving data-plane transition socket crashes.
Detailed changes:
- **DNS Isolation**: Implemented `ConfigureResolvConf` in `internal/wireguard/wireguard.go` to override `/etc/resolv.conf` within the unprivileged network/mount namespace. Transitioned the mount namespace to private propagation (`MS_PRIVATE`) and safely bind-mounted a temporary resolv.conf file over `/etc/resolv.conf` without mutating the host's configuration.
- **DNS Precedence Order**: Integrated CLI flag `--dns-server`, parsed `.conf` interface DNS parameters, and added a safe default fallback (`1.1.1.1`) to ensure absolute host DNS leak prevention inside wrapped sessions.
- **Socket Duplication in FDBind**: Resolved a lifecycle panic in `FDBind` where `wireguard-go` called `Close` and `Open` during device state transitions, causing "use of closed network connection" errors. Implemented file descriptor duplication using `unix.Dup` during bind initialization to gracefully persist the host-socket context across interface transitions and allow clean exit synchronization.
- **Profile Configuration**: Implemented `handleProfileConfigure` in `internal/cli/cli.go` to launch the default system `$EDITOR` (falling back to `vi`) on a profile, satisfying the documentation's requirements.
- **Hermetic Testing Polish**:
- Created `dns_helpers.go` providing a `MockDNSServer` packet probe.
- Added E2E tests for unprivileged DNS resolution, data-plane UDP handshake transmission, and 3-way DNS precedence routing.
- Refactored `TestNamespaceLifecycleAutomation`, `TestConfigPropagation`, and `TestMTUFragmentation` to use default profile fallbacks, fixing failing stats on missing profiles.
- Resolved all `golangci-lint` and `go fmt` warnings to maintain a completely clean static analysis pipeline.
Diffstat (limited to 'internal/cli/profile_test.go')
| -rw-r--r-- | internal/cli/profile_test.go | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/internal/cli/profile_test.go b/internal/cli/profile_test.go index d256cb0..17a5bc6 100644 --- a/internal/cli/profile_test.go +++ b/internal/cli/profile_test.go @@ -96,10 +96,6 @@ func TestProfileDeleteNotFound(t *testing.T) { } func TestProfileConfigure(t *testing.T) { - // profile configure is intended to modify existing configs. - // For now, we just want to ensure it doesn't crash and we can - // eventually implement it. - tmpDir := t.TempDir() profilesDir := filepath.Join(tmpDir, "profiles") err := os.MkdirAll(profilesDir, 0755) @@ -117,9 +113,11 @@ func TestProfileConfigure(t *testing.T) { app := NewApp([]string{"wg-wrap", "profile", "configure", profileName}) app.ConfigDir = profilesDir + // Use "true" as the mock editor to ensure it exits successfully immediately + t.Setenv("EDITOR", "true") + err = app.Route() - // This will currently return "not yet implemented" error, which is expected for now. - if err == nil { - t.Errorf("expected 'not yet implemented' error, got nil") + if err != nil { + t.Errorf("expected successful configuration, got error: %v", err) } } |