@@ -484,6 +484,93 @@ func TestConfigMaps_updatePeers_lost_and_found(t *testing.T) {
484484_ = testutil .RequireRecvCtx (ctx ,t ,done )
485485}
486486
487+ func TestConfigMaps_setBlockEndpoints_different (t * testing.T ) {
488+ t .Parallel ()
489+ ctx := testutil .Context (t ,testutil .WaitShort )
490+ logger := slogtest .Make (t ,nil ).Leveled (slog .LevelDebug )
491+ fEng := newFakeEngineConfigurable ()
492+ nodePrivateKey := key .NewNode ()
493+ nodeID := tailcfg .NodeID (5 )
494+ discoKey := key .NewDisco ()
495+ uut := newConfigMaps (logger ,fEng ,nodeID ,nodePrivateKey ,discoKey .Public (),nil )
496+ defer uut .close ()
497+
498+ p1ID := uuid .MustParse ("10000000-0000-0000-0000-000000000000" )
499+ p1Node := newTestNode (1 )
500+ p1n ,err := NodeToProto (p1Node )
501+ require .NoError (t ,err )
502+ p1tcn ,err := uut .protoNodeToTailcfg (p1n )
503+ p1tcn .KeepAlive = true
504+ require .NoError (t ,err )
505+
506+ // Given: peer already exists
507+ uut .L .Lock ()
508+ uut .peers [p1ID ]= & peerLifecycle {
509+ peerID :p1ID ,
510+ node :p1tcn ,
511+ lastHandshake :time .Date (2024 ,1 ,7 ,12 ,0 ,10 ,0 ,time .UTC ),
512+ }
513+ uut .L .Unlock ()
514+
515+ uut .setBlockEndpoints (true )
516+
517+ nm := testutil .RequireRecvCtx (ctx ,t ,fEng .setNetworkMap )
518+ r := testutil .RequireRecvCtx (ctx ,t ,fEng .reconfig )
519+ require .Len (t ,nm .Peers ,1 )
520+ require .Len (t ,nm .Peers [0 ].Endpoints ,0 )
521+ require .Len (t ,r .wg .Peers ,1 )
522+
523+ done := make (chan struct {})
524+ go func () {
525+ defer close (done )
526+ uut .close ()
527+ }()
528+ _ = testutil .RequireRecvCtx (ctx ,t ,done )
529+ }
530+
531+ func TestConfigMaps_setBlockEndpoints_same (t * testing.T ) {
532+ t .Parallel ()
533+ ctx := testutil .Context (t ,testutil .WaitShort )
534+ logger := slogtest .Make (t ,nil ).Leveled (slog .LevelDebug )
535+ fEng := newFakeEngineConfigurable ()
536+ nodePrivateKey := key .NewNode ()
537+ nodeID := tailcfg .NodeID (5 )
538+ discoKey := key .NewDisco ()
539+ uut := newConfigMaps (logger ,fEng ,nodeID ,nodePrivateKey ,discoKey .Public (),nil )
540+ defer uut .close ()
541+
542+ p1ID := uuid .MustParse ("10000000-0000-0000-0000-000000000000" )
543+ p1Node := newTestNode (1 )
544+ p1n ,err := NodeToProto (p1Node )
545+ require .NoError (t ,err )
546+ p1tcn ,err := uut .protoNodeToTailcfg (p1n )
547+ p1tcn .KeepAlive = true
548+ require .NoError (t ,err )
549+
550+ // Given: peer already exists && blockEndpoints set to true
551+ uut .L .Lock ()
552+ uut .peers [p1ID ]= & peerLifecycle {
553+ peerID :p1ID ,
554+ node :p1tcn ,
555+ lastHandshake :time .Date (2024 ,1 ,7 ,12 ,0 ,10 ,0 ,time .UTC ),
556+ }
557+ uut .blockEndpoints = true
558+ uut .L .Unlock ()
559+
560+ // Then: we don't configure
561+ requireNeverConfigures (ctx ,t ,uut )
562+
563+ // When we set blockEndpoints to true
564+ uut .setBlockEndpoints (true )
565+
566+ done := make (chan struct {})
567+ go func () {
568+ defer close (done )
569+ uut .close ()
570+ }()
571+ _ = testutil .RequireRecvCtx (ctx ,t ,done )
572+ }
573+
487574func expectStatusWithHandshake (
488575ctx context.Context ,t testing.TB ,fEng * fakeEngineConfigurable ,k key.NodePublic ,lastHandshake time.Time ,
489576)<- chan struct {} {