2019-04-29 16:27:57 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# retry based on
|
|
|
|
# https://github.com/fernandoacorreia/azure-docker-registry/blob/master/tools/scripts/create-registry-server
|
|
|
|
# under MIT license.
|
|
|
|
function retry {
|
|
|
|
local n=1
|
|
|
|
local max=$1
|
|
|
|
shift
|
|
|
|
local delay=$1
|
|
|
|
shift
|
|
|
|
while true; do
|
|
|
|
"$@" && break || {
|
|
|
|
exit=$?
|
|
|
|
if [[ $n -lt $max ]]; then
|
|
|
|
((n++))
|
|
|
|
echo "Command failed. Attempt $n/$max:"
|
|
|
|
sleep $delay;
|
|
|
|
else
|
|
|
|
echo "The command has failed after $n attempts." >&2
|
|
|
|
return $exit
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
function retry_default {
|
|
|
|
retry 5 1 $@
|
|
|
|
}
|
|
|
|
|
|
|
|
function echored {
|
|
|
|
tput setaf 1
|
|
|
|
tput bold
|
|
|
|
echo $@
|
|
|
|
tput sgr0
|
|
|
|
}
|
|
|
|
|
|
|
|
function echogreen {
|
|
|
|
tput setaf 2
|
|
|
|
tput bold
|
|
|
|
echo $@
|
|
|
|
tput sgr0
|
|
|
|
}
|
|
|
|
|
2019-05-02 11:53:06 +00:00
|
|
|
function echoyellow {
|
|
|
|
tput setaf 3
|
|
|
|
tput bold
|
|
|
|
echo $@
|
|
|
|
tput sgr0
|
|
|
|
}
|
|
|
|
|
|
|
|
function echoblue {
|
|
|
|
tput setaf 4
|
|
|
|
tput bold
|
|
|
|
echo $@
|
|
|
|
tput sgr0
|
|
|
|
}
|
|
|
|
|
2019-04-29 16:27:57 +00:00
|
|
|
function get_cert {
|
|
|
|
local HOSTPORT=$1
|
|
|
|
openssl s_client -connect $HOSTPORT \
|
|
|
|
-showcerts 2>/dev/null \
|
|
|
|
| openssl x509 -noout -text
|
|
|
|
}
|
|
|
|
|
|
|
|
function assert_proxy_presents_cert_uri {
|
|
|
|
local HOSTPORT=$1
|
|
|
|
local SERVICENAME=$2
|
|
|
|
|
|
|
|
CERT=$(retry_default get_cert $HOSTPORT)
|
|
|
|
|
|
|
|
echo "WANT SERVICE: $SERVICENAME"
|
|
|
|
echo "GOT CERT:"
|
|
|
|
echo "$CERT"
|
|
|
|
|
|
|
|
echo "$CERT" | grep -Eo "URI:spiffe://([a-zA-Z0-9-]+).consul/ns/default/dc/dc1/svc/$SERVICENAME"
|
|
|
|
}
|
|
|
|
|
|
|
|
function get_envoy_listener_filters {
|
|
|
|
local HOSTPORT=$1
|
|
|
|
run retry_default curl -s -f $HOSTPORT/config_dump
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
echo "$output" | jq --raw-output '.configs[2].dynamic_active_listeners[].listener | "\(.name) \( .filter_chains[0].filters | map(.name) | join(","))"'
|
|
|
|
}
|
|
|
|
|
|
|
|
function get_envoy_stats_flush_interval {
|
|
|
|
local HOSTPORT=$1
|
|
|
|
run retry_default curl -s -f $HOSTPORT/config_dump
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
#echo "$output" > /workdir/s1_envoy_dump.json
|
|
|
|
echo "$output" | jq --raw-output '.configs[0].bootstrap.stats_flush_interval'
|
|
|
|
}
|
|
|
|
|
|
|
|
function docker_consul {
|
2019-05-07 14:13:07 +00:00
|
|
|
docker run -ti --rm --network container:envoy_consul_1 consul-dev $@
|
2019-04-29 16:27:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function must_match_in_statsd_logs {
|
|
|
|
run cat /workdir/statsd/statsd.log
|
|
|
|
COUNT=$( echo "$output" | grep -Ec $1 )
|
|
|
|
|
|
|
|
echo "COUNT of '$1' matches: $COUNT"
|
|
|
|
|
|
|
|
[ "$status" == 0 ]
|
|
|
|
[ "$COUNT" -gt "0" ]
|
|
|
|
}
|
|
|
|
|
|
|
|
function must_match_in_prometheus_response {
|
|
|
|
run curl -f -s $1/metrics
|
|
|
|
COUNT=$( echo "$output" | grep -Ec $2 )
|
|
|
|
|
2019-05-01 23:39:31 +00:00
|
|
|
echo "OUTPUT head -n 10"
|
|
|
|
echo "$output" | head -n 10
|
2019-04-29 16:27:57 +00:00
|
|
|
echo "COUNT of '$2' matches: $COUNT"
|
|
|
|
|
|
|
|
[ "$status" == 0 ]
|
|
|
|
[ "$COUNT" -gt "0" ]
|
|
|
|
}
|
|
|
|
|
|
|
|
# must_fail_tcp_connection checks that a request made through an upstream fails,
|
|
|
|
# probably due to authz being denied if all other tests passed already. Although
|
|
|
|
# we are using curl, this only works as expected for TCP upstreams as we are
|
|
|
|
# checking TCP-level errors. HTTP upstreams will return a valid 503 generated by
|
|
|
|
# Envoy rather than a connection-level error.
|
|
|
|
function must_fail_tcp_connection {
|
|
|
|
# Attempt to curl through upstream
|
|
|
|
run curl -s -v -f -d hello $1
|
|
|
|
|
|
|
|
echo "OUTPUT $output"
|
|
|
|
|
|
|
|
# Should fail during handshake and return "got nothing" error
|
|
|
|
[ "$status" == "52" ]
|
|
|
|
|
|
|
|
# Verbose output should enclude empty reply
|
|
|
|
echo "$output" | grep 'Empty reply from server'
|
|
|
|
}
|
|
|
|
|
|
|
|
# must_fail_http_connection see must_fail_tcp_connection but this expects Envoy
|
|
|
|
# to generate a 503 response since the upstreams have refused connection.
|
|
|
|
function must_fail_http_connection {
|
|
|
|
# Attempt to curl through upstream
|
|
|
|
run curl -s -i -d hello $1
|
|
|
|
|
|
|
|
echo "OUTPUT $output"
|
|
|
|
|
|
|
|
# Should fail request with 503
|
|
|
|
echo "$output" | grep '503 Service Unavailable'
|
2019-05-01 23:39:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function gen_envoy_bootstrap {
|
|
|
|
SERVICE=$1
|
|
|
|
ADMIN_PORT=$2
|
|
|
|
|
|
|
|
if output=$(docker_consul connect envoy -bootstrap \
|
|
|
|
-proxy-id $SERVICE-sidecar-proxy \
|
|
|
|
-admin-bind 0.0.0.0:$ADMIN_PORT 2>&1); then
|
|
|
|
|
|
|
|
# All OK, write config to file
|
|
|
|
echo "$output" > workdir/envoy/$SERVICE-bootstrap.json
|
|
|
|
else
|
|
|
|
status=$?
|
|
|
|
# Command failed, instead of swallowing error (printed on stdout by docker
|
|
|
|
# it seems) by writing it to file, echo it
|
|
|
|
echo "$output"
|
|
|
|
return $status
|
|
|
|
fi
|
2019-05-07 14:13:07 +00:00
|
|
|
}
|