refactor(ci): simplify dns resources in ci (#3653)

Attempt at cleaning a couple things I missed in code review.

The old httpbin resource wasn't being used anyhow, so I just deduped
them and updated things in a couple other places that had drifted.

Hopefully this fixes the [flaky
CI](https://github.com/firezone/firezone/actions/runs/7918422653/job/21616835910)

.github/workflows/ci.yml

@@ -203,7 +203,7 @@ jobs:
       - name: Seed database
         run: docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.seed'
       - name: Start docker compose in the background
-        run: docker compose up -d api web client relay gateway
+        run: docker compose up -d api web client relay gateway dns.httpbin httpbin
 
       - run: ./scripts/tests/${{ matrix.test }}.sh
 

docker-compose.yml

@@ -130,12 +130,6 @@ services:
     depends_on:
       gateway:
         condition: "service_healthy"
-      httpbin:
-        condition: "service_healthy"
-      test.httpbin.docker.local:
-        condition: "service_healthy"
-      iperf3:
-        condition: "service_healthy"
       api:
         condition: "service_healthy"
     networks:
@@ -185,7 +179,8 @@ services:
       resources:
         ipv4_address: 172.20.0.100
 
-  test.httpbin.docker.local:
+
+  dns.httpbin:
     image: kennethreitz/httpbin
     healthcheck:
       test: ["CMD-SHELL", "ps -C gunicorn"]

elixir/apps/domain/priv/repo/seeds.exs

@@ -683,9 +683,9 @@ IO.puts("")
   Resources.create_resource(
     %{
       type: :dns,
-      name: "?.httpbin.docker.local",
-      address: "?.httpbin.docker.local",
-      address_description: "http://test.httpbin.docker.local/",
+      name: "?.httpbin",
+      address: "?.httpbin",
+      address_description: "http://httpbin/",
       connections: [%{gateway_group_id: gateway_group.id}],
       filters: [
         %{ports: ["80", "433"], protocol: :tcp},
@@ -696,19 +696,6 @@ IO.puts("")
     admin_subject
   )
 
-{:ok, dns_docker_resource} =
-  Resources.create_resource(
-    %{
-      type: :dns,
-      name: "*.docker.local",
-      address: "*.docker.local",
-      address_description: "*.docker.local/",
-      connections: [%{gateway_group_id: gateway_group.id}],
-      filters: [%{protocol: :all}]
-    },
-    admin_subject
-  )
-
 IO.puts("Created resources:")
 IO.puts("  #{dns_google_resource.address} - DNS - gateways: #{gateway_name}")
 IO.puts("  #{dns_gitlab_resource.address} - DNS - gateways: #{gateway_name}")
@@ -718,7 +705,6 @@ IO.puts("  #{example_dns.address} - DNS - gateways: #{gateway_name}")
 IO.puts("  #{ip_resource.address} - IP - gateways: #{gateway_name}")
 IO.puts("  #{cidr_resource.address} - CIDR - gateways: #{gateway_name}")
 IO.puts("  #{dns_httpbin_resource.address} - DNS - gateways: #{gateway_name}")
-IO.puts("  #{dns_docker_resource.address} - DNS - gateways: #{gateway_name}")
 IO.puts("")
 
 {:ok, _} =
@@ -794,23 +780,13 @@ IO.puts("")
 {:ok, _} =
   Policies.create_policy(
     %{
-      name: "All Access To httpbin.docker.local",
+      name: "All Access To dns.httpbin",
       actor_group_id: everyone_group.id,
       resource_id: dns_httpbin_resource.id
     },
     admin_subject
   )
 
-{:ok, _} =
-  Policies.create_policy(
-    %{
-      name: "All Access To httpbin.docker.local",
-      actor_group_id: everyone_group.id,
-      resource_id: dns_docker_resource.id
-    },
-    admin_subject
-  )
-
 IO.puts("Policies Created")
 IO.puts("")
 

scripts/tests/direct-ping-portal-down.sh

@@ -4,10 +4,10 @@ set -e
 
 source "./scripts/tests/lib.sh"
 
-client_ping_gateway
+client_ping_resource
 
 docker compose stop api relay # Stop portal & relay
 
 sleep 5 # Wait for client to disconnect
 
-client_ping_gateway
+client_ping_resource

scripts/tests/direct-ping-portal-relay-down.sh

@@ -4,10 +4,10 @@ set -e
 
 source "./scripts/tests/lib.sh"
 
-client_ping_gateway
+client_ping_resource
 
 docker compose stop api # Stop portal
 
 sleep 5 # Wait for client to disconnect
 
-client_ping_gateway
+client_ping_resource

scripts/tests/direct-ping-portal-restart.sh

@@ -4,10 +4,10 @@ set -e
 
 source "./scripts/tests/lib.sh"
 
-client_ping_gateway
+client_ping_resource
 
 docker compose restart api # Restart portal
 
 sleep 5 # Wait for client to reconnect
 
-client_ping_gateway
+client_ping_resource

scripts/tests/dns-etc-resolvconf.sh

@@ -5,7 +5,7 @@
 
 set -euo pipefail
 
-HTTPBIN=test.httpbin.docker.local
+HTTPBIN=dns.httpbin
 
 function client() {
     docker compose exec -it client "$@"
@@ -21,9 +21,6 @@ function gateway() {
     docker compose exec -it gateway "$@"
 }
 
-# Wait for client to ping httpbin (CIDR) resource through the gateway
-client timeout 60 sh -c "until ping -W 1 -c 10 172.20.0.100 &>/dev/null; do true; done"
-
 echo "# check original resolv.conf"
 client sh -c "cat /etc/resolv.conf.firezone-backup"
 

scripts/tests/lib.sh

@@ -10,6 +10,6 @@ function remove_iptables_drop_rules() {
     sudo iptables -D FORWARD -s 172.28.0.105 -d 172.28.0.100 -j DROP
 }
 
-function client_ping_gateway() {
+function client_ping_resource() {
     docker compose exec -it client timeout 60 sh -c 'until ping -W 1 -c 10 172.20.0.100 &>/dev/null; do true; done'
 }

scripts/tests/relayed-ping-portal-down.sh

@@ -7,10 +7,10 @@ source "./scripts/tests/lib.sh"
 install_iptables_drop_rules
 trap remove_iptables_drop_rules EXIT # Cleanup after us
 
-client_ping_gateway
+client_ping_resource
 
 docker compose stop api # Stop portal
 
 sleep 5 # Wait for client to disconnect
 
-client_ping_gateway
+client_ping_resource

scripts/tests/relayed-ping-portal-restart.sh

@@ -7,10 +7,10 @@ source "./scripts/tests/lib.sh"
 install_iptables_drop_rules
 trap remove_iptables_drop_rules EXIT # Cleanup after us
 
-client_ping_gateway
+client_ping_resource
 
 docker compose restart api # Restart portal
 
 sleep 5 # Wait for client to reconnect
 
-client_ping_gateway
+client_ping_resource