status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/troubleshoot/validate/validate_test.go

368 lines
8.7 KiB
Go
Raw Normal View History

Copyright headers for missing files/folders (#16708) * copyright headers for agent folder
2023-03-28 22:48:58 +00:00
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
Copyright headers for missing files/folders (#16708) * copyright headers for agent folder
2023-03-28 22:48:58 +00:00
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
package validate
import (
"testing"
envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_aggregate_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3"
"github.com/hashicorp/consul/api"
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
"github.com/hashicorp/consul/envoyextensions/extensioncommon"
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/anypb"
)
func TestErrors(t *testing.T) {
cases := map[string]struct {
validate func() *Validate
endpointValidator EndpointValidator
err string
}{
"success": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"db-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"db-sni": {
required: true,
cluster: true,
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
r.endpoints = 1
},
},
"no clusters for listener or route": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"db-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"db-sni": {
required: false,
cluster: true,
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
r.endpoints = 1
},
troubleshoot: fixes and updated messages (#16294)
2023-02-17 15:43:05 +00:00
err: "No clusters found on route or listener",
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
},
"no healthy endpoints": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"db-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"db-sni": {
required: true,
cluster: true,
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
},
troubleshoot: fixes and updated messages (#16294)
2023-02-17 15:43:05 +00:00
err: "No healthy endpoints for cluster \"db-sni\" for upstream \"db\"",
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
},
"success: aggregate cluster with one target with endpoints": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"db-sni": {},
"db-fail-1-sni": {},
"db-fail-2-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"db-sni": {
required: true,
cluster: true,
aggregateCluster: true,
aggregateClusterChildren: []string{
"db-fail-1-sni",
"db-fail-2-sni",
},
},
"db-fail-1-sni": {
required: true,
cluster: true,
parentCluster: "db-sni",
// This doesn't usually get set here, but this tests that at least one child cluster has
// healthy endpoints case.
endpoints: 1,
},
"db-fail-2-sni": {
required: true,
cluster: true,
parentCluster: "db-sni",
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
},
},
"aggregate cluster no healthy endpoints": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"db-sni": {},
"db-fail-1-sni": {},
"db-fail-2-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"db-sni": {
required: true,
cluster: true,
aggregateCluster: true,
aggregateClusterChildren: []string{
"db-fail-1-sni",
"db-fail-2-sni",
},
},
"db-fail-1-sni": {
required: true,
cluster: true,
parentCluster: "db-sni",
},
"db-fail-2-sni": {
required: true,
cluster: true,
parentCluster: "db-sni",
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
r.endpoints = 0
},
troubleshoot: fixes and updated messages (#16294)
2023-02-17 15:43:05 +00:00
err: "No healthy endpoints for aggregate cluster \"db-sni\" for upstream \"db\"",
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
},
troubleshoot: handle tproxy dialed directly case (#16210)
2023-02-08 22:49:38 +00:00
"success: passthrough cluster doesn't error even though there are zero endpoints": {
validate: func() *Validate {
return &Validate{
envoyID: "db",
snis: map[string]struct{}{
"passthrough~db-sni": {},
},
listener: true,
usesRDS: true,
route: true,
resources: map[string]*resource{
"passthrough~db-sni": {
required: true,
cluster: true,
},
},
}
},
endpointValidator: func(r *resource, s string, clusters *envoy_admin_v3.Clusters) {
r.loadAssignment = true
},
},
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
}
for n, tc := range cases {
t.Run(n, func(t *testing.T) {
v := tc.validate()
troubleshoot: output messages for the troubleshoot proxy command (#16208)
2023-02-08 21:03:15 +00:00
messages := v.GetMessages(true, tc.endpointValidator, nil)
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
troubleshoot: output messages for the troubleshoot proxy command (#16208)
2023-02-08 21:03:15 +00:00
var outputErrors string
for _, msgError := range messages.Errors() {
outputErrors += msgError.Message
troubleshoot: fixes and updated messages (#16294)
2023-02-17 15:43:05 +00:00
for _, action := range msgError.PossibleActions {
outputErrors += action
}
troubleshoot: output messages for the troubleshoot proxy command (#16208)
2023-02-08 21:03:15 +00:00
}
if tc.err == "" {
require.True(t, messages.Success())
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
} else {
troubleshoot: output messages for the troubleshoot proxy command (#16208)
2023-02-08 21:03:15 +00:00
require.Contains(t, outputErrors, tc.err)
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
}
troubleshoot: output messages for the troubleshoot proxy command (#16208)
2023-02-08 21:03:15 +00:00
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
})
}
}
func TestIsAggregateCluster(t *testing.T) {
aggregateClusterConfig, err := anypb.New(&envoy_aggregate_cluster_v3.ClusterConfig{
Clusters: []string{"c1", "c2"},
})
require.NoError(t, err)
cases := map[string]struct {
input *envoy_cluster_v3.Cluster
expectedAggregateCluster *envoy_aggregate_cluster_v3.ClusterConfig
expectedOk bool
}{
"non-aggregate cluster": {
input: &envoy_cluster_v3.Cluster{
Name: "foo",
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS},
},
expectedOk: false,
},
"valid aggregate cluster": {
input: &envoy_cluster_v3.Cluster{
Name: "foo",
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_ClusterType{
ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{
Name: "foo",
TypedConfig: aggregateClusterConfig,
},
},
},
expectedOk: true,
expectedAggregateCluster: &envoy_aggregate_cluster_v3.ClusterConfig{Clusters: []string{"c1", "c2"}},
},
}
for n, tc := range cases {
t.Run(n, func(t *testing.T) {
ac, ok := isAggregateCluster(tc.input)
require.Equal(t, tc.expectedOk, ok)
if tc.expectedOk {
require.Equal(t, tc.expectedAggregateCluster.Clusters, ac.Clusters)
}
})
}
}
func TestMakeValidate(t *testing.T) {
cases := map[string]struct {
extensionName string
arguments map[string]interface{}
expected *Validate
snis map[string]struct{}
ok bool
}{
"with no arguments": {
arguments: nil,
ok: false,
},
"with an invalid name": {
arguments: map[string]interface{}{
"envoyID": "id",
},
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
snis: map[string]struct{}{
"sni1": {},
"sni2": {},
},
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
extensionName: "bad",
ok: false,
},
"empty envoy ID": {
arguments: map[string]interface{}{"envoyID": ""},
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
snis: map[string]struct{}{
"sni1": {},
"sni2": {},
},
ok: false,
},
"missing snis": {
arguments: map[string]interface{}{
"envoyID": "id",
},
expected: &Validate{
envoyID: "id",
resources: map[string]*resource{},
snis: map[string]struct{}{
"sni1": {},
"sni2": {},
},
},
ok: false,
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
},
"valid everything": {
arguments: map[string]interface{}{
"envoyID": "id",
},
snis: map[string]struct{}{
"sni1": {},
"sni2": {},
},
expected: &Validate{
envoyID: "id",
resources: map[string]*resource{},
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
snis: map[string]struct{}{
"sni1": {},
"sni2": {},
},
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
},
ok: true,
},
}
for n, tc := range cases {
t.Run(n, func(t *testing.T) {
Disable remote proxy patching except AWS Lambda (#17415) To avoid unintended tampering with remote downstreams via service config, refactor BasicEnvoyExtender and RuntimeConfig to disallow typical Envoy extensions from being applied to non-local proxies. Continue to allow this behavior for AWS Lambda and the read-only Validate builtin extensions. Addresses CVE-2023-2816.
2023-05-23 11:55:06 +00:00
extensionName := api.BuiltinValidateExtension
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
if tc.extensionName != "" {
extensionName = tc.extensionName
}
svc := api.CompoundServiceName{Name: "svc"}
Add extension validation on config save and refactor extensions. (#16110)
2023-01-30 21:35:26 +00:00
ext := extensioncommon.RuntimeConfig{
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
ServiceName: svc,
EnvoyExtension: api.EnvoyExtension{
Name: extensionName,
Arguments: tc.arguments,
},
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
Upstreams: map[api.CompoundServiceName]*extensioncommon.UpstreamData{
svc: {
Add Upstream Service Targeting to Property Override Extension (#17517) * add upstream service targeting to property override extension * Also add baseline goldens for service specific property override extension. * Refactor the extension framework to put more logic into the templates. * fix up the golden tests
2023-05-30 18:53:42 +00:00
SNIs: tc.snis,
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
},
},
troubleshoot: service to service validation (#16096) * Add Tproxy support to Envoy Extensions (this is needed for service to service validation) * Add validation for Envoy configuration for an upstream service * Use both /config_dump and /cluster to validate Envoy configuration This is because of a bug in Envoy where the EndpointsConfigDump does not include a cluster_name, making it impossible to match an endpoint to verify it exists. This removes endpoints support for builtin extensions since only the validate plugin was using it, and it is no longer used. It also removes test cases for endpoint validation. Endpoints validation now only occurs in the top level test from config_dump and clusters json files. Co-authored-by: Eric <eric@haberkorn.co>
2023-01-27 19:43:16 +00:00
}
patcher, err := MakeValidate(ext)
if tc.ok {
require.NoError(t, err)
require.Equal(t, tc.expected, patcher)
} else {
require.Error(t, err)
}
})
}
}