2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 13:12:13 +00:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 18:39:22 +00:00
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
package catalog
|
|
|
|
|
|
|
|
import (
|
2023-08-29 15:15:34 +00:00
|
|
|
"context"
|
2022-05-27 11:38:52 +00:00
|
|
|
"errors"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/stretchr/testify/mock"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
2023-01-18 18:33:21 +00:00
|
|
|
"github.com/hashicorp/consul/agent/grpc-external/limiter"
|
2022-05-27 11:38:52 +00:00
|
|
|
"github.com/hashicorp/consul/agent/local"
|
|
|
|
"github.com/hashicorp/consul/agent/proxycfg"
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
"github.com/hashicorp/consul/agent/token"
|
2023-08-24 22:44:14 +00:00
|
|
|
"github.com/hashicorp/consul/internal/mesh"
|
2023-08-29 21:39:29 +00:00
|
|
|
proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
|
|
|
|
rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
|
2022-05-27 11:38:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestConfigSource_Success(t *testing.T) {
|
|
|
|
serviceID := structs.NewServiceID("web-sidecar-proxy-1", nil)
|
|
|
|
nodeName := "node-name"
|
|
|
|
token := "token"
|
|
|
|
|
|
|
|
store := testStateStore(t)
|
|
|
|
|
|
|
|
// Register the proxy in the catalog/state store at port 9999.
|
|
|
|
require.NoError(t, store.EnsureRegistration(0, &structs.RegisterRequest{
|
|
|
|
Node: nodeName,
|
|
|
|
Service: &structs.NodeService{
|
|
|
|
ID: serviceID.ID,
|
|
|
|
Service: "web-sidecar-proxy",
|
|
|
|
Port: 9999,
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
2022-10-13 11:04:59 +00:00
|
|
|
Proxy: structs.ConnectProxyConfig{
|
|
|
|
Config: map[string]any{
|
|
|
|
"local_connect_timeout_ms": 123,
|
|
|
|
},
|
|
|
|
},
|
2022-05-27 11:38:52 +00:00
|
|
|
},
|
|
|
|
}))
|
|
|
|
|
|
|
|
// testConfigManager builds a ConfigManager that emits a ConfigSnapshot whenever
|
|
|
|
// Register is called, and closes the watch channel when Deregister is called.
|
|
|
|
//
|
|
|
|
// Though a little odd, this allows us to make assertions on the sync goroutine's
|
|
|
|
// behavior without sleeping which leads to slow/racy tests.
|
|
|
|
cfgMgr := testConfigManager(t, serviceID, nodeName, token)
|
|
|
|
|
2023-01-18 18:33:21 +00:00
|
|
|
lim := NewMockSessionLimiter(t)
|
|
|
|
|
|
|
|
session1 := newMockSession(t)
|
|
|
|
session1TermCh := make(limiter.SessionTerminatedChan)
|
|
|
|
session1.On("Terminated").Return(session1TermCh)
|
|
|
|
session1.On("End").Return()
|
|
|
|
|
|
|
|
session2 := newMockSession(t)
|
|
|
|
session2TermCh := make(limiter.SessionTerminatedChan)
|
|
|
|
session2.On("Terminated").Return(session2TermCh)
|
|
|
|
session2.On("End").Return()
|
|
|
|
|
|
|
|
lim.On("BeginSession").Return(session1, nil).Once()
|
|
|
|
lim.On("BeginSession").Return(session2, nil).Once()
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
mgr := NewConfigSource(Config{
|
2023-01-18 18:33:21 +00:00
|
|
|
Manager: cfgMgr,
|
|
|
|
LocalState: testLocalState(t),
|
|
|
|
Logger: hclog.NewNullLogger(),
|
|
|
|
GetStore: func() Store { return store },
|
|
|
|
SessionLimiter: lim,
|
2022-05-27 11:38:52 +00:00
|
|
|
})
|
|
|
|
t.Cleanup(mgr.Shutdown)
|
|
|
|
|
2023-08-24 22:44:14 +00:00
|
|
|
snapCh, termCh, cancelWatch1, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, err)
|
2023-01-18 18:33:21 +00:00
|
|
|
require.Equal(t, session1TermCh, termCh)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
// Expect Register to have been called with the proxy's inital port.
|
|
|
|
select {
|
|
|
|
case snap := <-snapCh:
|
2023-08-24 22:44:14 +00:00
|
|
|
require.Equal(t, 9999, snap.(*proxycfg.ConfigSnapshot).Port)
|
|
|
|
require.Equal(t, token, snap.(*proxycfg.ConfigSnapshot).ProxyID.Token)
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
t.Fatal("timeout waiting for snapshot")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update the proxy's port to 8888.
|
|
|
|
require.NoError(t, store.EnsureRegistration(0, &structs.RegisterRequest{
|
|
|
|
Node: nodeName,
|
|
|
|
Service: &structs.NodeService{
|
|
|
|
ID: serviceID.ID,
|
|
|
|
Service: "web-sidecar-proxy",
|
|
|
|
Port: 8888,
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
2022-10-13 11:04:59 +00:00
|
|
|
Proxy: structs.ConnectProxyConfig{
|
|
|
|
Config: map[string]any{
|
|
|
|
"local_connect_timeout_ms": 123,
|
|
|
|
},
|
|
|
|
},
|
2022-05-27 11:38:52 +00:00
|
|
|
},
|
|
|
|
}))
|
|
|
|
|
|
|
|
// Expect Register to have been called again with the proxy's new port.
|
|
|
|
select {
|
|
|
|
case snap := <-snapCh:
|
2023-08-24 22:44:14 +00:00
|
|
|
require.Equal(t, 8888, snap.(*proxycfg.ConfigSnapshot).Port)
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
t.Fatal("timeout waiting for snapshot")
|
|
|
|
}
|
|
|
|
|
2022-10-13 11:04:59 +00:00
|
|
|
// Update proxy-defaults.
|
|
|
|
require.NoError(t, store.EnsureConfigEntry(1, &structs.ProxyConfigEntry{
|
|
|
|
Name: structs.ProxyConfigGlobal,
|
|
|
|
Config: map[string]any{
|
|
|
|
"max_inbound_connections": 321,
|
|
|
|
},
|
|
|
|
}))
|
|
|
|
|
|
|
|
// Expect Register to have been called again with the new merged config.
|
|
|
|
select {
|
|
|
|
case snap := <-snapCh:
|
|
|
|
require.Equal(t, map[string]any{
|
|
|
|
"local_connect_timeout_ms": 123,
|
|
|
|
"max_inbound_connections": 321,
|
2023-08-24 22:44:14 +00:00
|
|
|
}, snap.(*proxycfg.ConfigSnapshot).Proxy.Config)
|
2022-10-13 11:04:59 +00:00
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
t.Fatal("timeout waiting for snapshot")
|
|
|
|
}
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
// Start another watch.
|
2023-08-24 22:44:14 +00:00
|
|
|
_, termCh2, cancelWatch2, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, err)
|
2023-01-18 18:33:21 +00:00
|
|
|
require.Equal(t, session2TermCh, termCh2)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
// Expect the service to have not been re-registered by the second watch.
|
|
|
|
select {
|
|
|
|
case <-snapCh:
|
|
|
|
t.Fatal("service shouldn't have been re-registered")
|
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
}
|
|
|
|
|
|
|
|
// Expect cancelling the first watch to *not* de-register the service.
|
|
|
|
cancelWatch1()
|
|
|
|
select {
|
|
|
|
case <-snapCh:
|
|
|
|
t.Fatal("service shouldn't have been de-registered until other watch went away")
|
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
}
|
|
|
|
|
|
|
|
// Expect cancelling the other watch to de-register the service.
|
|
|
|
cancelWatch2()
|
|
|
|
select {
|
|
|
|
case _, ok := <-snapCh:
|
|
|
|
require.False(t, ok, "channel should've been closed")
|
|
|
|
case <-time.After(100 * time.Millisecond):
|
|
|
|
t.Fatal("timeout waiting for service to be de-registered")
|
|
|
|
}
|
2023-01-18 18:33:21 +00:00
|
|
|
|
|
|
|
session1.AssertCalled(t, "End")
|
|
|
|
session2.AssertCalled(t, "End")
|
2022-05-27 11:38:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigSource_LocallyManagedService(t *testing.T) {
|
|
|
|
serviceID := structs.NewServiceID("web-sidecar-proxy-1", nil)
|
2023-08-24 22:44:14 +00:00
|
|
|
proxyID := rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID()
|
2022-05-27 11:38:52 +00:00
|
|
|
nodeName := "node-1"
|
|
|
|
token := "token"
|
|
|
|
|
|
|
|
localState := testLocalState(t)
|
2023-01-10 16:24:02 +00:00
|
|
|
localState.AddServiceWithChecks(&structs.NodeService{ID: serviceID.ID}, nil, "", false)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
localWatcher := NewMockWatcher(t)
|
2023-08-24 22:44:14 +00:00
|
|
|
localWatcher.On("Watch", proxyID, nodeName, token).
|
2023-08-29 15:15:34 +00:00
|
|
|
Return(make(<-chan proxysnapshot.ProxySnapshot), nil, proxysnapshot.CancelFunc(func() {}), nil)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
mgr := NewConfigSource(Config{
|
|
|
|
NodeName: nodeName,
|
|
|
|
LocalState: localState,
|
|
|
|
LocalConfigSource: localWatcher,
|
|
|
|
Logger: hclog.NewNullLogger(),
|
|
|
|
GetStore: func() Store { panic("state store shouldn't have been used") },
|
2023-01-18 18:33:21 +00:00
|
|
|
SessionLimiter: nullSessionLimiter{},
|
2022-05-27 11:38:52 +00:00
|
|
|
})
|
|
|
|
t.Cleanup(mgr.Shutdown)
|
|
|
|
|
2023-08-24 22:44:14 +00:00
|
|
|
_, _, _, err := mgr.Watch(proxyID, nodeName, token)
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigSource_ErrorRegisteringService(t *testing.T) {
|
|
|
|
serviceID := structs.NewServiceID("web-sidecar-proxy-1", nil)
|
|
|
|
nodeName := "node-name"
|
|
|
|
token := "token"
|
|
|
|
|
|
|
|
store := testStateStore(t)
|
|
|
|
|
|
|
|
require.NoError(t, store.EnsureRegistration(0, &structs.RegisterRequest{
|
|
|
|
Node: nodeName,
|
|
|
|
Service: &structs.NodeService{
|
|
|
|
ID: serviceID.ID,
|
|
|
|
Service: "web-sidecar-proxy",
|
|
|
|
Port: 9999,
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
|
|
|
},
|
|
|
|
}))
|
|
|
|
|
|
|
|
var canceledWatch bool
|
2023-08-29 15:15:34 +00:00
|
|
|
cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
cfgMgr := NewMockConfigManager(t)
|
|
|
|
|
|
|
|
cfgMgr.On("Watch", mock.Anything).
|
2023-08-29 15:15:34 +00:00
|
|
|
Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
cfgMgr.On("Register", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).
|
|
|
|
Return(errors.New("KABOOM"))
|
|
|
|
|
2023-01-18 18:33:21 +00:00
|
|
|
session := newMockSession(t)
|
|
|
|
session.On("End").Return()
|
|
|
|
|
|
|
|
lim := NewMockSessionLimiter(t)
|
|
|
|
lim.On("BeginSession").Return(session, nil)
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
mgr := NewConfigSource(Config{
|
2023-01-18 18:33:21 +00:00
|
|
|
Manager: cfgMgr,
|
|
|
|
LocalState: testLocalState(t),
|
|
|
|
Logger: hclog.NewNullLogger(),
|
|
|
|
GetStore: func() Store { return store },
|
|
|
|
SessionLimiter: lim,
|
2022-05-27 11:38:52 +00:00
|
|
|
})
|
|
|
|
t.Cleanup(mgr.Shutdown)
|
|
|
|
|
2023-08-24 22:44:14 +00:00
|
|
|
_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
|
2022-05-27 11:38:52 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.True(t, canceledWatch, "watch should've been canceled")
|
2023-01-18 18:33:21 +00:00
|
|
|
|
|
|
|
session.AssertCalled(t, "End")
|
2022-05-27 11:38:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigSource_NotProxyService(t *testing.T) {
|
|
|
|
serviceID := structs.NewServiceID("web", nil)
|
|
|
|
nodeName := "node-name"
|
|
|
|
token := "token"
|
|
|
|
|
|
|
|
store := testStateStore(t)
|
|
|
|
|
|
|
|
require.NoError(t, store.EnsureRegistration(0, &structs.RegisterRequest{
|
|
|
|
Node: nodeName,
|
|
|
|
Service: &structs.NodeService{
|
|
|
|
ID: serviceID.ID,
|
|
|
|
Service: "web",
|
|
|
|
Port: 9999,
|
|
|
|
Kind: structs.ServiceKindTypical,
|
|
|
|
},
|
|
|
|
}))
|
|
|
|
|
|
|
|
var canceledWatch bool
|
2023-08-29 15:15:34 +00:00
|
|
|
cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
cfgMgr := NewMockConfigManager(t)
|
|
|
|
|
|
|
|
cfgMgr.On("Watch", mock.Anything).
|
2023-08-29 15:15:34 +00:00
|
|
|
Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
mgr := NewConfigSource(Config{
|
2023-01-18 18:33:21 +00:00
|
|
|
Manager: cfgMgr,
|
|
|
|
LocalState: testLocalState(t),
|
|
|
|
Logger: hclog.NewNullLogger(),
|
|
|
|
GetStore: func() Store { return store },
|
|
|
|
SessionLimiter: nullSessionLimiter{},
|
2022-05-27 11:38:52 +00:00
|
|
|
})
|
|
|
|
t.Cleanup(mgr.Shutdown)
|
|
|
|
|
2023-08-24 22:44:14 +00:00
|
|
|
_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
|
2022-05-27 11:38:52 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Contains(t, err.Error(), "must be a sidecar proxy or gateway")
|
|
|
|
require.True(t, canceledWatch, "watch should've been canceled")
|
|
|
|
}
|
|
|
|
|
2023-01-18 18:33:21 +00:00
|
|
|
func TestConfigSource_SessionLimiterError(t *testing.T) {
|
|
|
|
lim := NewMockSessionLimiter(t)
|
|
|
|
lim.On("BeginSession").Return(nil, limiter.ErrCapacityReached)
|
|
|
|
|
|
|
|
src := NewConfigSource(Config{
|
|
|
|
LocalState: testLocalState(t),
|
|
|
|
SessionLimiter: lim,
|
|
|
|
})
|
|
|
|
t.Cleanup(src.Shutdown)
|
|
|
|
|
|
|
|
_, _, _, err := src.Watch(
|
2023-08-24 22:44:14 +00:00
|
|
|
rtest.Resource(mesh.ProxyConfigurationType, "web-sidecar-proxy-1").ID(),
|
2023-01-18 18:33:21 +00:00
|
|
|
"node-name",
|
|
|
|
"token",
|
|
|
|
)
|
|
|
|
require.Equal(t, limiter.ErrCapacityReached, err)
|
|
|
|
}
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
func testConfigManager(t *testing.T, serviceID structs.ServiceID, nodeName string, token string) ConfigManager {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
cfgMgr := NewMockConfigManager(t)
|
|
|
|
|
|
|
|
proxyID := proxycfg.ProxyID{
|
|
|
|
ServiceID: serviceID,
|
|
|
|
NodeName: nodeName,
|
|
|
|
Token: token,
|
|
|
|
}
|
|
|
|
|
2023-08-29 15:15:34 +00:00
|
|
|
snapCh := make(chan proxysnapshot.ProxySnapshot, 1)
|
2022-05-27 11:38:52 +00:00
|
|
|
cfgMgr.On("Watch", proxyID).
|
2023-08-29 15:15:34 +00:00
|
|
|
Return((<-chan proxysnapshot.ProxySnapshot)(snapCh), proxysnapshot.CancelFunc(func() {}), nil)
|
2022-05-27 11:38:52 +00:00
|
|
|
|
|
|
|
cfgMgr.On("Register", mock.Anything, mock.Anything, source, token, false).
|
|
|
|
Run(func(args mock.Arguments) {
|
|
|
|
id := args.Get(0).(proxycfg.ProxyID)
|
|
|
|
ns := args.Get(1).(*structs.NodeService)
|
|
|
|
|
|
|
|
snapCh <- &proxycfg.ConfigSnapshot{
|
|
|
|
ProxyID: id,
|
|
|
|
Port: ns.Port,
|
2022-10-13 11:04:59 +00:00
|
|
|
Proxy: ns.Proxy,
|
2022-05-27 11:38:52 +00:00
|
|
|
}
|
|
|
|
}).
|
|
|
|
Return(nil)
|
|
|
|
|
|
|
|
cfgMgr.On("Deregister", proxyID, source).
|
|
|
|
Run(func(mock.Arguments) { close(snapCh) }).
|
|
|
|
Return()
|
|
|
|
|
|
|
|
return cfgMgr
|
|
|
|
}
|
|
|
|
|
|
|
|
func testStateStore(t *testing.T) *state.Store {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
gc, err := state.NewTombstoneGC(time.Second, time.Millisecond)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return state.NewStateStoreWithEventPublisher(gc, stream.NoOpEventPublisher{})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testLocalState(t *testing.T) *local.State {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
l := local.NewState(local.Config{}, hclog.NewNullLogger(), &token.Store{})
|
|
|
|
l.TriggerSyncChanges = func() {}
|
|
|
|
return l
|
|
|
|
}
|
2023-01-18 18:33:21 +00:00
|
|
|
|
|
|
|
type nullSessionLimiter struct{}
|
|
|
|
|
|
|
|
func (nullSessionLimiter) BeginSession() (limiter.Session, error) {
|
|
|
|
return nullSession{}, nil
|
|
|
|
}
|
|
|
|
|
2023-08-29 15:15:34 +00:00
|
|
|
func (nullSessionLimiter) Run(ctx context.Context) {}
|
|
|
|
|
2023-01-18 18:33:21 +00:00
|
|
|
type nullSession struct{}
|
|
|
|
|
|
|
|
func (nullSession) End() {}
|
|
|
|
|
|
|
|
func (nullSession) Terminated() limiter.SessionTerminatedChan { return nil }
|
|
|
|
|
|
|
|
type mockSession struct {
|
|
|
|
mock.Mock
|
|
|
|
}
|
|
|
|
|
|
|
|
func newMockSession(t *testing.T) *mockSession {
|
|
|
|
m := &mockSession{}
|
|
|
|
m.Mock.Test(t)
|
|
|
|
|
|
|
|
t.Cleanup(func() { m.AssertExpectations(t) })
|
|
|
|
|
|
|
|
return m
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockSession) End() { m.Called() }
|
|
|
|
|
|
|
|
func (m *mockSession) Terminated() limiter.SessionTerminatedChan {
|
|
|
|
return m.Called().Get(0).(limiter.SessionTerminatedChan)
|
|
|
|
}
|