2023-03-28 19:39:22 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 09:12:13 -04:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 19:39:22 +01:00
|
|
|
|
2022-12-13 15:01:56 +00:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"net"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/mock"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/credentials/insecure"
|
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
pbacl "github.com/hashicorp/consul/proto-public/pbacl"
|
|
|
|
|
2022-12-13 15:01:56 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/agent/consul/rate"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestServerRateLimiterMiddleware_Integration(t *testing.T) {
|
2022-12-13 13:09:55 -07:00
|
|
|
limiter := rate.NewMockRequestLimitsHandler(t)
|
2022-12-13 15:01:56 +00:00
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
logger := hclog.NewNullLogger()
|
2022-12-13 15:01:56 +00:00
|
|
|
server := grpc.NewServer(
|
2023-01-04 16:07:02 +00:00
|
|
|
grpc.InTapHandle(ServerRateLimiterMiddleware(limiter, NewPanicHandler(logger), logger)),
|
2022-12-13 15:01:56 +00:00
|
|
|
)
|
2023-01-04 16:07:02 +00:00
|
|
|
pbacl.RegisterACLServiceServer(server, mockACLServer{})
|
2022-12-13 15:01:56 +00:00
|
|
|
|
|
|
|
lis, err := net.Listen("tcp", "127.0.0.1:0")
|
|
|
|
require.NoError(t, err)
|
|
|
|
t.Cleanup(func() {
|
|
|
|
if err := lis.Close(); err != nil {
|
|
|
|
t.Logf("failed to close listener: %v", err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
go server.Serve(lis)
|
|
|
|
t.Cleanup(server.Stop)
|
|
|
|
|
|
|
|
conn, err := grpc.Dial(
|
|
|
|
lis.Addr().String(),
|
|
|
|
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
|
|
|
t.Cleanup(func() {
|
|
|
|
if err := conn.Close(); err != nil {
|
|
|
|
t.Logf("failed to close client connection: %v", err)
|
|
|
|
}
|
|
|
|
})
|
2023-01-04 16:07:02 +00:00
|
|
|
client := pbacl.NewACLServiceClient(conn)
|
2022-12-13 15:01:56 +00:00
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
t.Cleanup(cancel)
|
|
|
|
|
|
|
|
t.Run("ErrRetryElsewhere = ResourceExhausted", func(t *testing.T) {
|
|
|
|
limiter.On("Allow", mock.Anything).
|
|
|
|
Run(func(args mock.Arguments) {
|
|
|
|
op := args.Get(0).(rate.Operation)
|
2023-01-04 16:07:02 +00:00
|
|
|
require.Equal(t, "/hashicorp.consul.acl.ACLService/Login", op.Name)
|
2022-12-13 15:01:56 +00:00
|
|
|
|
|
|
|
addr := op.SourceAddr.(*net.TCPAddr)
|
|
|
|
require.True(t, addr.IP.IsLoopback())
|
|
|
|
}).
|
|
|
|
Return(rate.ErrRetryElsewhere).
|
|
|
|
Once()
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
_, err = client.Login(ctx, &pbacl.LoginRequest{})
|
2022-12-13 15:01:56 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.ResourceExhausted.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("ErrRetryLater = Unavailable", func(t *testing.T) {
|
|
|
|
limiter.On("Allow", mock.Anything).
|
|
|
|
Return(rate.ErrRetryLater).
|
|
|
|
Once()
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
_, err = client.Login(ctx, &pbacl.LoginRequest{})
|
2022-12-13 15:01:56 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.Unavailable.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("unexpected error", func(t *testing.T) {
|
|
|
|
limiter.On("Allow", mock.Anything).
|
|
|
|
Return(errors.New("uh oh")).
|
|
|
|
Once()
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
_, err = client.Login(ctx, &pbacl.LoginRequest{})
|
2022-12-13 15:01:56 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.Internal.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("operation allowed", func(t *testing.T) {
|
|
|
|
limiter.On("Allow", mock.Anything).
|
|
|
|
Return(nil).
|
|
|
|
Once()
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
_, err = client.Login(ctx, &pbacl.LoginRequest{})
|
2022-12-13 15:01:56 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("Allow panics", func(t *testing.T) {
|
|
|
|
limiter.On("Allow", mock.Anything).
|
|
|
|
Panic("uh oh").
|
|
|
|
Once()
|
|
|
|
|
2023-01-04 16:07:02 +00:00
|
|
|
_, err = client.Login(ctx, &pbacl.LoginRequest{})
|
2022-12-13 15:01:56 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.Internal.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
}
|
2023-01-04 16:07:02 +00:00
|
|
|
|
|
|
|
type mockACLServer struct {
|
|
|
|
pbacl.ACLServiceServer
|
|
|
|
}
|
|
|
|
|
|
|
|
func (mockACLServer) Login(context.Context, *pbacl.LoginRequest) (*pbacl.LoginResponse, error) {
|
|
|
|
return &pbacl.LoginResponse{}, nil
|
|
|
|
}
|