Files
netbird/e2e/agentnetwork/bootstrap_test.go
mlsmaycon 4a296c5338 [e2e] Add container-based agent-network e2e harness (Pillar 1)
Introduce a self-contained, OIDC-free e2e harness that stands up NetBird
in containers, so suites no longer depend on the hand-maintained Tilt
stack or a real IdP.

- harness brings up the combined server (management + signal + relay +
  STUN + embedded IdP) in a single container built from
  combined/Dockerfile.multistage, and mints an admin PAT through the
  unauthenticated /api/setup bootstrap (NB_SETUP_PAT_ENABLED). API access
  goes through the existing shared/management/client/rest typed client.
- the image is built via the docker CLI (BuildKit) so the Dockerfile's
  cache mounts are honored; testcontainers then runs the tagged image.
- everything is behind the `e2e` build tag so normal builds and unit
  tests never pull in testcontainers.

Adds BuildKit cache mounts to combined/Dockerfile.multistage so source
changes recompile incrementally rather than from scratch.

Pillar 1 proven by TestCombinedBootstrap: server builds, boots, mints a
PAT, and the PAT authenticates a real management API call.
2026-06-28 18:39:20 +02:00

44 lines
1.3 KiB
Go

//go:build e2e
package agentnetwork
import (
"context"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/netbirdio/netbird/e2e/harness"
)
// TestCombinedBootstrap proves Pillar 1: a combined NetBird server comes up in a
// container, the /api/setup bootstrap mints an admin PAT with no OIDC, and that
// PAT authenticates real management API calls through the typed REST client.
func TestCombinedBootstrap(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
defer cancel()
srv, err := harness.StartCombined(ctx)
require.NoError(t, err, "combined server must build and start")
t.Cleanup(func() {
_ = srv.Terminate(context.Background())
})
pat, err := srv.Bootstrap(ctx)
require.NoError(t, err, "/api/setup must mint an admin PAT")
require.NotEmpty(t, pat, "PAT must be non-empty")
// The PAT must authenticate a real management API call through the client.
users, err := srv.API().Users.List(ctx)
require.NoError(t, err, "authenticated Users.List must round-trip")
require.NotEmpty(t, users, "the bootstrapped account must have at least one user")
var emails []string
for _, u := range users {
emails = append(emails, u.Email)
}
assert.Contains(t, emails, "admin@netbird.test", "the bootstrapped owner should appear in the users list")
}