2023-11-02 19:25:48 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
|
|
|
|
package catalogv2
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1"
|
|
|
|
"github.com/hashicorp/consul/proto-public/pbresource"
|
|
|
|
libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
|
|
|
|
"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
|
|
|
|
"github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest"
|
|
|
|
"github.com/hashicorp/consul/testing/deployer/topology"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/test-integ/topoutil"
|
|
|
|
)
|
|
|
|
|
2023-11-02 21:13:16 +00:00
|
|
|
// TestBasicL4ExplicitDestinations sets up the following:
|
2023-11-02 19:25:48 +00:00
|
|
|
//
|
|
|
|
// - 1 cluster (no peering / no wanfed)
|
|
|
|
// - 3 servers in that cluster
|
|
|
|
// - v2 arch is activated
|
|
|
|
// - for each tenancy, only using v2 constructs:
|
|
|
|
// - a client with one explicit destination to a single port service
|
|
|
|
// - a client with multiple explicit destinations to multiple ports of the
|
|
|
|
// same multiport service
|
|
|
|
//
|
|
|
|
// When this test is executed in CE it will only use the default/default
|
|
|
|
// tenancy.
|
|
|
|
//
|
|
|
|
// When this test is executed in Enterprise it will additionally test the same
|
|
|
|
// things within these tenancies:
|
|
|
|
//
|
|
|
|
// - part1/default
|
|
|
|
// - default/nsa
|
|
|
|
// - part1/nsa
|
2023-11-02 21:13:16 +00:00
|
|
|
func TestBasicL4ExplicitDestinations(t *testing.T) {
|
2023-12-12 05:08:00 +00:00
|
|
|
|
|
|
|
tenancies := []*pbresource.Tenancy{
|
|
|
|
{
|
|
|
|
Partition: "default",
|
|
|
|
Namespace: "default",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
if utils.IsEnterprise() {
|
|
|
|
tenancies = append(tenancies, &pbresource.Tenancy{
|
|
|
|
Partition: "part1",
|
|
|
|
Namespace: "default",
|
|
|
|
})
|
|
|
|
tenancies = append(tenancies, &pbresource.Tenancy{
|
|
|
|
Partition: "part1",
|
|
|
|
Namespace: "nsa",
|
|
|
|
})
|
|
|
|
tenancies = append(tenancies, &pbresource.Tenancy{
|
|
|
|
Partition: "default",
|
|
|
|
Namespace: "nsa",
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
cfg := testBasicL4ExplicitDestinationsCreator{
|
|
|
|
tenancies: tenancies,
|
|
|
|
}.NewConfig(t)
|
2023-11-02 19:25:48 +00:00
|
|
|
|
|
|
|
sp := sprawltest.Launch(t, cfg)
|
|
|
|
|
|
|
|
var (
|
|
|
|
asserter = topoutil.NewAsserter(sp)
|
|
|
|
|
|
|
|
topo = sp.Topology()
|
|
|
|
cluster = topo.Clusters["dc1"]
|
|
|
|
|
|
|
|
ships = topo.ComputeRelationships()
|
|
|
|
)
|
|
|
|
|
|
|
|
clientV2 := sp.ResourceServiceClientForCluster(cluster.Name)
|
|
|
|
|
|
|
|
t.Log(topology.RenderRelationships(ships))
|
|
|
|
|
|
|
|
// Make sure things are in v2.
|
2023-12-12 05:08:00 +00:00
|
|
|
for _, ten := range tenancies {
|
|
|
|
for _, name := range []string{
|
|
|
|
"single-server",
|
|
|
|
"single-client",
|
|
|
|
"multi-server",
|
|
|
|
"multi-client",
|
|
|
|
} {
|
|
|
|
libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, name, ten, 1)
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check relationships
|
|
|
|
for _, ship := range ships {
|
|
|
|
t.Run("relationship: "+ship.String(), func(t *testing.T) {
|
|
|
|
var (
|
2023-11-10 19:22:06 +00:00
|
|
|
wrk = ship.Caller
|
|
|
|
dest = ship.Destination
|
2023-11-02 19:25:48 +00:00
|
|
|
)
|
|
|
|
|
2023-11-10 19:22:06 +00:00
|
|
|
clusterPrefix := clusterPrefixForDestination(dest)
|
2023-11-02 19:25:48 +00:00
|
|
|
|
2023-11-10 19:22:06 +00:00
|
|
|
asserter.DestinationEndpointStatus(t, wrk, clusterPrefix+".", "HEALTHY", 1)
|
|
|
|
asserter.HTTPServiceEchoes(t, wrk, dest.LocalPort, "")
|
|
|
|
asserter.FortioFetch2FortioName(t, wrk, dest, cluster.Name, dest.ID)
|
2023-11-02 19:25:48 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-12 05:08:00 +00:00
|
|
|
type testBasicL4ExplicitDestinationsCreator struct {
|
|
|
|
tenancies []*pbresource.Tenancy
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
|
2023-11-02 21:13:16 +00:00
|
|
|
func (c testBasicL4ExplicitDestinationsCreator) NewConfig(t *testing.T) *topology.Config {
|
2023-11-02 19:25:48 +00:00
|
|
|
const clusterName = "dc1"
|
|
|
|
|
|
|
|
servers := topoutil.NewTopologyServerSet(clusterName+"-server", 3, []string{clusterName, "wan"}, nil)
|
|
|
|
|
|
|
|
cluster := &topology.Cluster{
|
|
|
|
Enterprise: utils.IsEnterprise(),
|
|
|
|
Name: clusterName,
|
|
|
|
Nodes: servers,
|
|
|
|
}
|
|
|
|
|
|
|
|
lastNode := 0
|
|
|
|
nodeName := func() string {
|
|
|
|
lastNode++
|
|
|
|
return fmt.Sprintf("%s-box%d", clusterName, lastNode)
|
|
|
|
}
|
|
|
|
|
2023-12-12 05:08:00 +00:00
|
|
|
for _, ten := range c.tenancies {
|
|
|
|
c.topologyConfigAddNodes(t, cluster, nodeName, ten)
|
2023-11-02 19:25:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return &topology.Config{
|
2023-11-07 19:15:40 +00:00
|
|
|
Images: utils.TargetImages(),
|
2023-11-02 19:25:48 +00:00
|
|
|
Networks: []*topology.Network{
|
|
|
|
{Name: clusterName},
|
|
|
|
{Name: "wan", Type: "wan"},
|
|
|
|
},
|
|
|
|
Clusters: []*topology.Cluster{
|
|
|
|
cluster,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-02 21:13:16 +00:00
|
|
|
func (c testBasicL4ExplicitDestinationsCreator) topologyConfigAddNodes(
|
2023-11-02 19:25:48 +00:00
|
|
|
t *testing.T,
|
|
|
|
cluster *topology.Cluster,
|
|
|
|
nodeName func() string,
|
2023-12-12 05:08:00 +00:00
|
|
|
tenancy *pbresource.Tenancy,
|
2023-11-02 19:25:48 +00:00
|
|
|
) {
|
|
|
|
clusterName := cluster.Name
|
|
|
|
|
2023-12-12 05:08:00 +00:00
|
|
|
newID := func(name string, tenancy *pbresource.Tenancy) topology.ID {
|
2023-11-10 19:22:06 +00:00
|
|
|
return topology.ID{
|
2023-12-12 05:08:00 +00:00
|
|
|
Partition: tenancy.Partition,
|
|
|
|
Namespace: tenancy.Namespace,
|
2023-11-02 19:25:48 +00:00
|
|
|
Name: name,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
singleportServerNode := &topology.Node{
|
|
|
|
Kind: topology.NodeKindDataplane,
|
|
|
|
Version: topology.NodeVersionV2,
|
2023-12-12 05:08:00 +00:00
|
|
|
Partition: tenancy.Partition,
|
2023-11-02 19:25:48 +00:00
|
|
|
Name: nodeName(),
|
2023-11-10 19:22:06 +00:00
|
|
|
Workloads: []*topology.Workload{
|
|
|
|
topoutil.NewFortioWorkloadWithDefaults(
|
2023-11-02 19:25:48 +00:00
|
|
|
clusterName,
|
2023-12-12 05:08:00 +00:00
|
|
|
newID("single-server", tenancy),
|
2023-11-02 19:25:48 +00:00
|
|
|
topology.NodeVersionV2,
|
2023-11-15 16:26:26 +00:00
|
|
|
func(wrk *topology.Workload) {
|
|
|
|
wrk.WorkloadIdentity = "single-server-identity"
|
|
|
|
},
|
2023-11-02 19:25:48 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
}
|
2023-12-12 05:08:00 +00:00
|
|
|
var singleportDestinations []*topology.Destination
|
|
|
|
for i, ten := range c.tenancies {
|
|
|
|
singleportDestinations = append(singleportDestinations, &topology.Destination{
|
|
|
|
ID: newID("single-server", ten),
|
|
|
|
PortName: "http",
|
|
|
|
LocalAddress: "0.0.0.0", // needed for an assertion
|
|
|
|
LocalPort: 5000 + i,
|
|
|
|
})
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
singleportClientNode := &topology.Node{
|
|
|
|
Kind: topology.NodeKindDataplane,
|
|
|
|
Version: topology.NodeVersionV2,
|
2023-12-12 05:08:00 +00:00
|
|
|
Partition: tenancy.Partition,
|
2023-11-02 19:25:48 +00:00
|
|
|
Name: nodeName(),
|
2023-11-10 19:22:06 +00:00
|
|
|
Workloads: []*topology.Workload{
|
|
|
|
topoutil.NewFortioWorkloadWithDefaults(
|
2023-11-02 19:25:48 +00:00
|
|
|
clusterName,
|
2023-12-12 05:08:00 +00:00
|
|
|
newID("single-client", tenancy),
|
2023-11-02 19:25:48 +00:00
|
|
|
topology.NodeVersionV2,
|
2023-11-10 19:22:06 +00:00
|
|
|
func(wrk *topology.Workload) {
|
|
|
|
delete(wrk.Ports, "grpc") // v2 mode turns this on, so turn it off
|
|
|
|
delete(wrk.Ports, "http2") // v2 mode turns this on, so turn it off
|
2023-11-15 16:26:26 +00:00
|
|
|
wrk.WorkloadIdentity = "single-client-identity"
|
2023-12-12 05:08:00 +00:00
|
|
|
wrk.Destinations = singleportDestinations
|
2023-11-02 19:25:48 +00:00
|
|
|
},
|
|
|
|
),
|
|
|
|
},
|
|
|
|
}
|
2023-12-12 05:08:00 +00:00
|
|
|
var sources []*pbauth.Source
|
|
|
|
for _, ten := range c.tenancies {
|
|
|
|
sources = append(sources, &pbauth.Source{
|
|
|
|
IdentityName: "single-client-identity",
|
|
|
|
Namespace: ten.Namespace,
|
|
|
|
Partition: ten.Partition,
|
|
|
|
})
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
singleportTrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{
|
|
|
|
Id: &pbresource.ID{
|
|
|
|
Type: pbauth.TrafficPermissionsType,
|
|
|
|
Name: "single-server-perms",
|
|
|
|
Tenancy: tenancy,
|
|
|
|
},
|
|
|
|
}, &pbauth.TrafficPermissions{
|
|
|
|
Destination: &pbauth.Destination{
|
2023-11-15 16:26:26 +00:00
|
|
|
IdentityName: "single-server-identity",
|
2023-11-02 19:25:48 +00:00
|
|
|
},
|
|
|
|
Action: pbauth.Action_ACTION_ALLOW,
|
|
|
|
Permissions: []*pbauth.Permission{{
|
2023-12-12 05:08:00 +00:00
|
|
|
Sources: sources,
|
2023-11-02 19:25:48 +00:00
|
|
|
}},
|
|
|
|
})
|
|
|
|
|
|
|
|
multiportServerNode := &topology.Node{
|
|
|
|
Kind: topology.NodeKindDataplane,
|
|
|
|
Version: topology.NodeVersionV2,
|
2023-12-12 05:08:00 +00:00
|
|
|
Partition: tenancy.Partition,
|
2023-11-02 19:25:48 +00:00
|
|
|
Name: nodeName(),
|
2023-11-10 19:22:06 +00:00
|
|
|
Workloads: []*topology.Workload{
|
|
|
|
topoutil.NewFortioWorkloadWithDefaults(
|
2023-11-02 19:25:48 +00:00
|
|
|
clusterName,
|
2023-12-12 05:08:00 +00:00
|
|
|
newID("multi-server", tenancy),
|
2023-11-02 19:25:48 +00:00
|
|
|
topology.NodeVersionV2,
|
2023-11-15 16:26:26 +00:00
|
|
|
func(wrk *topology.Workload) {
|
|
|
|
wrk.WorkloadIdentity = "multi-server-identity"
|
|
|
|
},
|
2023-11-02 19:25:48 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
}
|
2023-12-12 05:08:00 +00:00
|
|
|
var multiportDestinations []*topology.Destination
|
|
|
|
for i, ten := range c.tenancies {
|
|
|
|
multiportDestinations = append(multiportDestinations, &topology.Destination{
|
|
|
|
ID: newID("multi-server", ten),
|
|
|
|
PortName: "http",
|
|
|
|
LocalAddress: "0.0.0.0", // needed for an assertion
|
|
|
|
LocalPort: 5000 + 2*i,
|
|
|
|
})
|
|
|
|
multiportDestinations = append(multiportDestinations, &topology.Destination{
|
|
|
|
ID: newID("multi-server", ten),
|
|
|
|
PortName: "http2",
|
|
|
|
LocalAddress: "0.0.0.0", // needed for an assertion
|
|
|
|
LocalPort: 5000 + 2*i + 1,
|
|
|
|
})
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
multiportClientNode := &topology.Node{
|
|
|
|
Kind: topology.NodeKindDataplane,
|
|
|
|
Version: topology.NodeVersionV2,
|
2023-12-12 05:08:00 +00:00
|
|
|
Partition: tenancy.Partition,
|
2023-11-02 19:25:48 +00:00
|
|
|
Name: nodeName(),
|
2023-11-10 19:22:06 +00:00
|
|
|
Workloads: []*topology.Workload{
|
|
|
|
topoutil.NewFortioWorkloadWithDefaults(
|
2023-11-02 19:25:48 +00:00
|
|
|
clusterName,
|
2023-12-12 05:08:00 +00:00
|
|
|
newID("multi-client", tenancy),
|
2023-11-02 19:25:48 +00:00
|
|
|
topology.NodeVersionV2,
|
2023-11-10 19:22:06 +00:00
|
|
|
func(wrk *topology.Workload) {
|
2023-11-15 16:26:26 +00:00
|
|
|
wrk.WorkloadIdentity = "multi-client-identity"
|
2023-12-12 05:08:00 +00:00
|
|
|
wrk.Destinations = multiportDestinations
|
2023-11-02 19:25:48 +00:00
|
|
|
},
|
|
|
|
),
|
|
|
|
},
|
|
|
|
}
|
2023-12-12 05:08:00 +00:00
|
|
|
|
|
|
|
var multiportSources []*pbauth.Source
|
|
|
|
for _, ten := range c.tenancies {
|
|
|
|
multiportSources = append(multiportSources, &pbauth.Source{
|
|
|
|
IdentityName: "multi-client-identity",
|
|
|
|
Namespace: ten.Namespace,
|
|
|
|
Partition: ten.Partition,
|
|
|
|
})
|
|
|
|
}
|
2023-11-02 19:25:48 +00:00
|
|
|
multiportTrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{
|
|
|
|
Id: &pbresource.ID{
|
|
|
|
Type: pbauth.TrafficPermissionsType,
|
|
|
|
Name: "multi-server-perms",
|
|
|
|
Tenancy: tenancy,
|
|
|
|
},
|
|
|
|
}, &pbauth.TrafficPermissions{
|
|
|
|
Destination: &pbauth.Destination{
|
2023-11-15 16:26:26 +00:00
|
|
|
IdentityName: "multi-server-identity",
|
2023-11-02 19:25:48 +00:00
|
|
|
},
|
|
|
|
Action: pbauth.Action_ACTION_ALLOW,
|
|
|
|
Permissions: []*pbauth.Permission{{
|
2023-12-12 05:08:00 +00:00
|
|
|
Sources: multiportSources,
|
2023-11-02 19:25:48 +00:00
|
|
|
}},
|
|
|
|
})
|
|
|
|
|
|
|
|
cluster.Nodes = append(cluster.Nodes,
|
|
|
|
singleportClientNode,
|
|
|
|
singleportServerNode,
|
|
|
|
multiportClientNode,
|
|
|
|
multiportServerNode,
|
|
|
|
)
|
|
|
|
|
|
|
|
cluster.InitialResources = append(cluster.InitialResources,
|
|
|
|
singleportTrafficPerms,
|
|
|
|
multiportTrafficPerms,
|
|
|
|
)
|
|
|
|
}
|