platform: modularize api/gui, add docs-tests-web foundation, and refresh root config

2026-03-26 22:40:54 +03:00
parent 0e2d7f61ea
commit 6a56d734c2
562 changed files with 70151 additions and 16423 deletions
--- a/selective-vpn-api/app/transport_policy_apply_executor_test.go
+++ b/selective-vpn-api/app/transport_policy_apply_executor_test.go
@@ -0,0 +1,118 @@
+package app
+
+import (
+	"path/filepath"
+	"testing"
+)
+
+func withTransportPolicyRuntimeTestPaths(t *testing.T) {
+	t.Helper()
+	tmp := t.TempDir()
+	prevState := transportPolicyRuntimeStatePath
+	prevSnap := transportPolicyRuntimeSnapPath
+	transportPolicyRuntimeStatePath = filepath.Join(tmp, "transport-policies.runtime.json")
+	transportPolicyRuntimeSnapPath = filepath.Join(tmp, "transport-policies.runtime.prev.json")
+	t.Cleanup(func() {
+		transportPolicyRuntimeStatePath = prevState
+		transportPolicyRuntimeSnapPath = prevSnap
+	})
+}
+
+func TestApplyTransportPolicyDataPlaneAtomicLockedSuccess(t *testing.T) {
+	withTransportPolicyRuntimeTestPaths(t)
+
+	plan := TransportPolicyCompilePlan{
+		PolicyRevision: 9,
+		InterfaceCount: 1,
+		RuleCount:      1,
+		Interfaces: []TransportPolicyCompileInterface{
+			{
+				IfaceID:      "edge-a",
+				RoutingTable: "agvpn_if_edge_a",
+				RuleCount:    1,
+				Rules: []TransportPolicyCompileRule{
+					{
+						SelectorType:  "domain",
+						SelectorValue: "example.com",
+						ClientID:      "c1",
+					},
+				},
+			},
+		},
+	}
+
+	runtime, err := applyTransportPolicyDataPlaneAtomicLocked(plan, "apl-test")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if runtime.PolicyRevision != 9 {
+		t.Fatalf("unexpected runtime revision: %d", runtime.PolicyRevision)
+	}
+	if runtime.ApplyID != "apl-test" {
+		t.Fatalf("unexpected apply_id: %q", runtime.ApplyID)
+	}
+	stored := loadTransportPolicyRuntimeState()
+	if stored.ApplyID != "apl-test" || stored.PolicyRevision != 9 {
+		t.Fatalf("unexpected stored runtime state: %#v", stored)
+	}
+	if _, ok := loadTransportPolicyRuntimeSnapshot(); !ok {
+		t.Fatalf("expected runtime snapshot to be saved")
+	}
+}
+
+func TestApplyTransportPolicyDataPlaneAtomicLockedRollbackOnFailure(t *testing.T) {
+	withTransportPolicyRuntimeTestPaths(t)
+
+	prev := transportPolicyRuntimeState{
+		Version:        transportStateVersion,
+		PolicyRevision: 3,
+		ApplyID:        "apl-prev",
+		InterfaceCount: 1,
+		RuleCount:      1,
+		Interfaces: []TransportPolicyCompileInterface{
+			{
+				IfaceID:      "edge-prev",
+				RoutingTable: "agvpn_if_edge_prev",
+				RuleCount:    1,
+				Rules: []TransportPolicyCompileRule{
+					{
+						SelectorType:  "domain",
+						SelectorValue: "prev.example",
+						ClientID:      "c-prev",
+					},
+				},
+			},
+		},
+	}
+	if err := saveTransportPolicyRuntimeState(prev); err != nil {
+		t.Fatalf("save prev runtime: %v", err)
+	}
+
+	badPlan := TransportPolicyCompilePlan{
+		PolicyRevision: 10,
+		InterfaceCount: 1,
+		RuleCount:      1,
+		Interfaces: []TransportPolicyCompileInterface{
+			{
+				IfaceID:      "edge-bad",
+				RoutingTable: "",
+				RuleCount:    1,
+				Rules: []TransportPolicyCompileRule{
+					{
+						SelectorType:  "domain",
+						SelectorValue: "bad.example",
+						ClientID:      "c-bad",
+					},
+				},
+			},
+		},
+	}
+
+	if _, err := applyTransportPolicyDataPlaneAtomicLocked(badPlan, "apl-bad"); err == nil {
+		t.Fatalf("expected error for invalid plan")
+	}
+	rolled := loadTransportPolicyRuntimeState()
+	if rolled.ApplyID != "apl-prev" || rolled.PolicyRevision != 3 {
+		t.Fatalf("runtime state must be rolled back to previous: %#v", rolled)
+	}
+}