status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

add enterprise xds tests (#16738)

This commit is contained in:
Eric Haberkorn 2023-03-22 14:56:18 -04:00 committed by GitHub
parent 3c5c53aa80
commit 495ad4c7ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 810 additions and 697 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/agent_endpoint_test.go
View File

@ -186,7 +186,7 @@ func TestAgent_Services_ExternalConnectProxy(t *testing.T) {
Port: 5000, Port: 5000,
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "db", DestinationServiceName: "db",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
} }
a.State.AddServiceWithChecks(srv1, nil, "", false) a.State.AddServiceWithChecks(srv1, nil, "", false)
@ -226,7 +226,7 @@ func TestAgent_Services_Sidecar(t *testing.T) {
LocallyRegisteredAsSidecar: true, LocallyRegisteredAsSidecar: true,
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "db", DestinationServiceName: "db",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
Mode: structs.ProxyModeTransparent, Mode: structs.ProxyModeTransparent,
TransparentProxy: structs.TransparentProxyConfig{ TransparentProxy: structs.TransparentProxyConfig{
OutboundListenerPort: 10101, OutboundListenerPort: 10101,

2
agent/proxycfg/manager_test.go
View File

@ -95,7 +95,7 @@ func TestManager_BasicLifecycle(t *testing.T) {
}) })
} }
upstreams := structs.TestUpstreams(t) upstreams := structs.TestUpstreams(t, false)
for i := range upstreams { for i := range upstreams {
upstreams[i].DestinationNamespace = structs.IntentionDefaultNamespace upstreams[i].DestinationNamespace = structs.IntentionDefaultNamespace
upstreams[i].DestinationPartition = api.PartitionDefaultName upstreams[i].DestinationPartition = api.PartitionDefaultName

14
agent/proxycfg/testing.go
View File

@ -552,7 +552,7 @@ func TestGatewayServiceGroupBarDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "bar", DestinationServiceName: "bar",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -573,7 +573,7 @@ func TestGatewayServiceGroupBarDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "bar", DestinationServiceName: "bar",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -594,7 +594,7 @@ func TestGatewayServiceGroupBarDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "bar", DestinationServiceName: "bar",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -620,7 +620,7 @@ func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "foo", DestinationServiceName: "foo",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -641,7 +641,7 @@ func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "foo", DestinationServiceName: "foo",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -662,7 +662,7 @@ func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "foo", DestinationServiceName: "foo",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -683,7 +683,7 @@ func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes {
}, },
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "foo", DestinationServiceName: "foo",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
Checks: structs.HealthChecks{ Checks: structs.HealthChecks{

2
agent/proxycfg/testing_api_gateway.go
View File

@ -105,7 +105,7 @@ func TestConfigSnapshotAPIGateway(
}) })
} }
upstreams := structs.TestUpstreams(t) upstreams := structs.TestUpstreams(t, false)
baseEvents = testSpliceEvents(baseEvents, setupTestVariationConfigEntriesAndSnapshot( baseEvents = testSpliceEvents(baseEvents, setupTestVariationConfigEntriesAndSnapshot(
t, variation, upstreams, additionalEntries..., t, variation, upstreams, additionalEntries...,

14
agent/proxycfg/testing_connect_proxy.go
View File

@ -7,6 +7,7 @@ import (
"github.com/mitchellh/go-testing-interface" "github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/consul/discoverychain"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
@ -23,7 +24,7 @@ func TestConfigSnapshot(t testing.T, nsFn func(ns *structs.NodeService), extraUp
assert.True(t, dbChain.Default) assert.True(t, dbChain.Default)
var ( var (
upstreams = structs.TestUpstreams(t) upstreams = structs.TestUpstreams(t, false)
dbUpstream = upstreams[0] dbUpstream = upstreams[0]
geoUpstream = upstreams[1] geoUpstream = upstreams[1]
@ -93,19 +94,25 @@ func TestConfigSnapshot(t testing.T, nsFn func(ns *structs.NodeService), extraUp
func TestConfigSnapshotDiscoveryChain( func TestConfigSnapshotDiscoveryChain(
t testing.T, t testing.T,
variation string, variation string,
enterprise bool,
nsFn func(ns *structs.NodeService), nsFn func(ns *structs.NodeService),
extraUpdates []UpdateEvent, extraUpdates []UpdateEvent,
additionalEntries ...structs.ConfigEntry, additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot { ) *ConfigSnapshot {
roots, leaf := TestCerts(t) roots, leaf := TestCerts(t)
var entMeta acl.EnterpriseMeta
if enterprise {
entMeta = acl.NewEnterpriseMetaWithPartition("ap1", "ns1")
}
var ( var (
upstreams = structs.TestUpstreams(t) upstreams = structs.TestUpstreams(t, enterprise)
geoUpstream = upstreams[1] geoUpstream = upstreams[1]
geoUID = NewUpstreamID(&geoUpstream) geoUID = NewUpstreamID(&geoUpstream)
webSN = structs.ServiceIDString("web", nil) webSN = structs.ServiceIDString("web", &entMeta)
) )
baseEvents := testSpliceEvents([]UpdateEvent{ baseEvents := testSpliceEvents([]UpdateEvent{
@ -157,6 +164,7 @@ func TestConfigSnapshotDiscoveryChain(
}, },
Meta: nil, Meta: nil,
TaggedAddresses: nil, TaggedAddresses: nil,
EnterpriseMeta: entMeta,
}, nsFn, nil, testSpliceEvents(baseEvents, extraUpdates)) }, nsFn, nil, testSpliceEvents(baseEvents, extraUpdates))
} }

2
agent/proxycfg/testing_ingress_gateway.go
View File

@ -84,7 +84,7 @@ func TestConfigSnapshotIngressGateway(
}, },
}}) }})
upstreams := structs.TestUpstreams(t) upstreams := structs.TestUpstreams(t, false)
upstreams = structs.Upstreams{upstreams[0]} // just keep 'db' upstreams = structs.Upstreams{upstreams[0]} // just keep 'db'
baseEvents = testSpliceEvents(baseEvents, setupTestVariationConfigEntriesAndSnapshot( baseEvents = testSpliceEvents(baseEvents, setupTestVariationConfigEntriesAndSnapshot(

243
agent/proxycfg/testing_upstreams.go
View File

@ -5,6 +5,7 @@ import (
"github.com/mitchellh/go-testing-interface" "github.com/mitchellh/go-testing-interface"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/consul/discoverychain"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
@ -23,7 +24,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
dbUID = NewUpstreamID(&dbUpstream) dbUID = NewUpstreamID(&dbUpstream)
) )
dbChain := setupTestVariationDiscoveryChain(t, variation, additionalEntries...) dbChain := setupTestVariationDiscoveryChain(t, variation, dbUID.EnterpriseMeta, additionalEntries...)
nodes := TestUpstreamNodes(t, "db") nodes := TestUpstreamNodes(t, "db")
if variation == "register-to-terminating-gateway" { if variation == "register-to-terminating-gateway" {
@ -46,29 +47,42 @@ func setupTestVariationConfigEntriesAndSnapshot(
}, },
} }
dbOpts := structs.DiscoveryTargetOpts{
Service: dbUID.Name,
Namespace: dbUID.NamespaceOrDefault(),
Partition: dbUID.PartitionOrDefault(),
Datacenter: "dc1",
}
dbChainID := structs.ChainID(dbOpts)
makeChainID := func(opts structs.DiscoveryTargetOpts) string {
return structs.ChainID(structs.MergeDiscoveryTargetOpts(dbOpts, opts))
}
switch variation { switch variation {
case "default": case "default":
case "simple-with-overrides": case "simple-with-overrides":
case "simple": case "simple":
case "external-sni": case "external-sni":
case "failover": case "failover":
chainID := makeChainID(structs.DiscoveryTargetOpts{Service: "fail"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:fail.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + chainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesAlternate(t), Nodes: TestUpstreamNodesAlternate(t),
}, },
}) })
case "failover-through-remote-gateway-triggered": case "failover-through-remote-gateway-triggered":
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + dbChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatus(t, "critical"), Nodes: TestUpstreamNodesInStatus(t, "critical"),
}, },
}) })
fallthrough fallthrough
case "failover-through-remote-gateway": case "failover-through-remote-gateway":
chainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc2"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc2:" + dbUID.String(), CorrelationID: "upstream-target:" + chainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesDC2(t), Nodes: TestUpstreamNodesDC2(t),
}, },
@ -91,8 +105,13 @@ func setupTestVariationConfigEntriesAndSnapshot(
}, },
}, },
}) })
uid := UpstreamID{
Name: "db",
Peer: "cluster-01",
EnterpriseMeta: acl.NewEnterpriseMetaWithPartition(dbUID.PartitionOrDefault(), ""),
}
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-peer:db?peer=cluster-01", CorrelationID: "upstream-peer:" + uid.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: structs.CheckServiceNodes{structs.TestCheckNodeServiceWithNameInPeer(t, "db", "dc1", "cluster-01", "10.40.1.1", false)}, Nodes: structs.CheckServiceNodes{structs.TestCheckNodeServiceWithNameInPeer(t, "db", "dc1", "cluster-01", "10.40.1.1", false)},
}, },
@ -109,83 +128,93 @@ func setupTestVariationConfigEntriesAndSnapshot(
}, },
}, },
}) })
uid := UpstreamID{
Name: "db",
Peer: "cluster-01",
EnterpriseMeta: acl.NewEnterpriseMetaWithPartition(dbUID.PartitionOrDefault(), ""),
}
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-peer:db?peer=cluster-01", CorrelationID: "upstream-peer:" + uid.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: structs.CheckServiceNodes{structs.TestCheckNodeServiceWithNameInPeer(t, "db", "dc2", "cluster-01", "10.40.1.1", false)}, Nodes: structs.CheckServiceNodes{structs.TestCheckNodeServiceWithNameInPeer(t, "db", "dc2", "cluster-01", "10.40.1.1", false)},
}, },
}) })
case "failover-through-double-remote-gateway-triggered": case "failover-through-double-remote-gateway-triggered":
chainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc2"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + dbChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatus(t, "critical"), Nodes: TestUpstreamNodesInStatus(t, "critical"),
}, },
}) },
events = append(events, UpdateEvent{ UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc2:" + dbUID.String(), CorrelationID: "upstream-target:" + chainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatusDC2(t, "critical"), Nodes: TestUpstreamNodesInStatusDC2(t, "critical"),
}, },
}) })
fallthrough fallthrough
case "failover-through-double-remote-gateway": case "failover-through-double-remote-gateway":
chainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc3"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc3:" + dbUID.String(), CorrelationID: "upstream-target:" + chainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesDC2(t), Nodes: TestUpstreamNodesDC2(t),
}, },
}) },
events = append(events, UpdateEvent{ UpdateEvent{
CorrelationID: "mesh-gateway:dc2:" + dbUID.String(), CorrelationID: "mesh-gateway:dc2:" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestGatewayNodesDC2(t), Nodes: TestGatewayNodesDC2(t),
},
}, },
}) UpdateEvent{
events = append(events, UpdateEvent{ CorrelationID: "mesh-gateway:dc3:" + dbUID.String(),
CorrelationID: "mesh-gateway:dc3:" + dbUID.String(), Result: &structs.IndexedCheckServiceNodes{
Result: &structs.IndexedCheckServiceNodes{ Nodes: TestGatewayNodesDC3(t),
Nodes: TestGatewayNodesDC3(t), },
}, })
})
case "failover-through-local-gateway-triggered": case "failover-through-local-gateway-triggered":
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + dbChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatus(t, "critical"), Nodes: TestUpstreamNodesInStatus(t, "critical"),
}, },
}) })
fallthrough fallthrough
case "failover-through-local-gateway": case "failover-through-local-gateway":
chainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc2"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc2:" + dbUID.String(), CorrelationID: "upstream-target:" + chainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesDC2(t), Nodes: TestUpstreamNodesDC2(t),
}, },
}) },
events = append(events, UpdateEvent{ UpdateEvent{
CorrelationID: "mesh-gateway:dc1:" + dbUID.String(), CorrelationID: "mesh-gateway:dc1:" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestGatewayNodesDC1(t), Nodes: TestGatewayNodesDC1(t),
}, },
}) })
case "failover-through-double-local-gateway-triggered": case "failover-through-double-local-gateway-triggered":
db2ChainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc2"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + dbChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatus(t, "critical"), Nodes: TestUpstreamNodesInStatus(t, "critical"),
}, },
}) },
events = append(events, UpdateEvent{ UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc2:" + dbUID.String(), CorrelationID: "upstream-target:" + db2ChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesInStatusDC2(t, "critical"), Nodes: TestUpstreamNodesInStatusDC2(t, "critical"),
}, },
}) })
fallthrough fallthrough
case "failover-through-double-local-gateway": case "failover-through-double-local-gateway":
db3ChainID := makeChainID(structs.DiscoveryTargetOpts{Datacenter: "dc3"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:db.default.default.dc3:" + dbUID.String(), CorrelationID: "upstream-target:" + db3ChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesDC2(t), Nodes: TestUpstreamNodesDC2(t),
}, },
@ -197,14 +226,16 @@ func setupTestVariationConfigEntriesAndSnapshot(
}, },
}) })
case "splitter-with-resolver-redirect-multidc": case "splitter-with-resolver-redirect-multidc":
v1ChainID := makeChainID(structs.DiscoveryTargetOpts{ServiceSubset: "v1"})
v2ChainID := makeChainID(structs.DiscoveryTargetOpts{ServiceSubset: "v2", Datacenter: "dc2"})
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:v1.db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:" + v1ChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodes(t, "db"), Nodes: TestUpstreamNodes(t, "db"),
}, },
}) })
events = append(events, UpdateEvent{ events = append(events, UpdateEvent{
CorrelationID: "upstream-target:v2.db.default.default.dc2:" + dbUID.String(), CorrelationID: "upstream-target:" + v2ChainID + ":" + dbUID.String(),
Result: &structs.IndexedCheckServiceNodes{ Result: &structs.IndexedCheckServiceNodes{
Nodes: TestUpstreamNodesDC2(t), Nodes: TestUpstreamNodesDC2(t),
}, },
@ -225,6 +256,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
func setupTestVariationDiscoveryChain( func setupTestVariationDiscoveryChain(
t testing.T, t testing.T,
variation string, variation string,
entMeta acl.EnterpriseMeta,
additionalEntries ...structs.ConfigEntry, additionalEntries ...structs.ConfigEntry,
) *structs.CompiledDiscoveryChain { ) *structs.CompiledDiscoveryChain {
// Compile a chain. // Compile a chain.
@ -249,6 +281,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
}, },
@ -256,13 +289,15 @@ func setupTestVariationDiscoveryChain(
case "external-sni": case "external-sni":
entries = append(entries, entries = append(entries,
&structs.ServiceConfigEntry{ &structs.ServiceConfigEntry{
Kind: structs.ServiceDefaults, Kind: structs.ServiceDefaults,
Name: "db", Name: "db",
ExternalSNI: "db.some.other.service.mesh", EnterpriseMeta: entMeta,
ExternalSNI: "db.some.other.service.mesh",
}, },
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
}, },
@ -272,6 +307,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -286,8 +322,9 @@ func setupTestVariationDiscoveryChain(
case "failover-through-remote-gateway": case "failover-through-remote-gateway":
entries = append(entries, entries = append(entries,
&structs.ServiceConfigEntry{ &structs.ServiceConfigEntry{
Kind: structs.ServiceDefaults, Kind: structs.ServiceDefaults,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
MeshGateway: structs.MeshGatewayConfig{ MeshGateway: structs.MeshGatewayConfig{
Mode: structs.MeshGatewayModeRemote, Mode: structs.MeshGatewayModeRemote,
}, },
@ -295,6 +332,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -309,6 +347,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -325,6 +364,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Redirect: &structs.ServiceResolverRedirect{ Redirect: &structs.ServiceResolverRedirect{
@ -337,8 +377,9 @@ func setupTestVariationDiscoveryChain(
case "failover-through-double-remote-gateway": case "failover-through-double-remote-gateway":
entries = append(entries, entries = append(entries,
&structs.ServiceConfigEntry{ &structs.ServiceConfigEntry{
Kind: structs.ServiceDefaults, Kind: structs.ServiceDefaults,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
MeshGateway: structs.MeshGatewayConfig{ MeshGateway: structs.MeshGatewayConfig{
Mode: structs.MeshGatewayModeRemote, Mode: structs.MeshGatewayModeRemote,
}, },
@ -346,6 +387,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -360,8 +402,9 @@ func setupTestVariationDiscoveryChain(
case "failover-through-local-gateway": case "failover-through-local-gateway":
entries = append(entries, entries = append(entries,
&structs.ServiceConfigEntry{ &structs.ServiceConfigEntry{
Kind: structs.ServiceDefaults, Kind: structs.ServiceDefaults,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
MeshGateway: structs.MeshGatewayConfig{ MeshGateway: structs.MeshGatewayConfig{
Mode: structs.MeshGatewayModeLocal, Mode: structs.MeshGatewayModeLocal,
}, },
@ -369,6 +412,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -383,8 +427,9 @@ func setupTestVariationDiscoveryChain(
case "failover-through-double-local-gateway": case "failover-through-double-local-gateway":
entries = append(entries, entries = append(entries,
&structs.ServiceConfigEntry{ &structs.ServiceConfigEntry{
Kind: structs.ServiceDefaults, Kind: structs.ServiceDefaults,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
MeshGateway: structs.MeshGatewayConfig{ MeshGateway: structs.MeshGatewayConfig{
Mode: structs.MeshGatewayModeLocal, Mode: structs.MeshGatewayModeLocal,
}, },
@ -392,6 +437,7 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
Failover: map[string]structs.ServiceResolverFailover{ Failover: map[string]structs.ServiceResolverFailover{
@ -402,25 +448,29 @@ func setupTestVariationDiscoveryChain(
}, },
) )
case "splitter-with-resolver-redirect-multidc": case "splitter-with-resolver-redirect-multidc":
em := acl.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), acl.NamespaceOrDefault(""))
entries = append(entries, entries = append(entries,
&structs.ProxyConfigEntry{ &structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults, Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal, Name: structs.ProxyConfigGlobal,
EnterpriseMeta: em,
Config: map[string]interface{}{ Config: map[string]interface{}{
"protocol": "http", "protocol": "http",
}, },
}, },
&structs.ServiceSplitterConfigEntry{ &structs.ServiceSplitterConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Splits: []structs.ServiceSplit{ Splits: []structs.ServiceSplit{
{Weight: 50, Service: "db-dc1"}, {Weight: 50, Service: "db-dc1"},
{Weight: 50, Service: "db-dc2"}, {Weight: 50, Service: "db-dc2"},
}, },
}, },
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db-dc1", Name: "db-dc1",
EnterpriseMeta: entMeta,
Redirect: &structs.ServiceResolverRedirect{ Redirect: &structs.ServiceResolverRedirect{
Service: "db", Service: "db",
ServiceSubset: "v1", ServiceSubset: "v1",
@ -428,8 +478,9 @@ func setupTestVariationDiscoveryChain(
}, },
}, },
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db-dc2", Name: "db-dc2",
EnterpriseMeta: entMeta,
Redirect: &structs.ServiceResolverRedirect{ Redirect: &structs.ServiceResolverRedirect{
Service: "db", Service: "db",
ServiceSubset: "v2", ServiceSubset: "v2",
@ -437,8 +488,9 @@ func setupTestVariationDiscoveryChain(
}, },
}, },
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Subsets: map[string]structs.ServiceResolverSubset{ Subsets: map[string]structs.ServiceResolverSubset{
"v1": { "v1": {
Filter: "Service.Meta.version == v1", Filter: "Service.Meta.version == v1",
@ -454,19 +506,22 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
}, },
&structs.ProxyConfigEntry{ &structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults, Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal, Name: structs.ProxyConfigGlobal,
EnterpriseMeta: entMeta,
Config: map[string]interface{}{ Config: map[string]interface{}{
"protocol": "http", "protocol": "http",
}, },
}, },
&structs.ServiceSplitterConfigEntry{ &structs.ServiceSplitterConfigEntry{
Kind: structs.ServiceSplitter, Kind: structs.ServiceSplitter,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Splits: []structs.ServiceSplit{ Splits: []structs.ServiceSplit{
{ {
Weight: 95.5, Weight: 95.5,
@ -506,19 +561,22 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
}, },
&structs.ProxyConfigEntry{ &structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults, Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal, Name: structs.ProxyConfigGlobal,
EnterpriseMeta: entMeta,
Config: map[string]interface{}{ Config: map[string]interface{}{
"protocol": "grpc", "protocol": "grpc",
}, },
}, },
&structs.ServiceRouterConfigEntry{ &structs.ServiceRouterConfigEntry{
Kind: structs.ServiceRouter, Kind: structs.ServiceRouter,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Routes: []structs.ServiceRoute{ Routes: []structs.ServiceRoute{
{ {
Match: &structs.ServiceRouteMatch{ Match: &structs.ServiceRouteMatch{
@ -538,19 +596,22 @@ func setupTestVariationDiscoveryChain(
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
ConnectTimeout: 33 * time.Second, ConnectTimeout: 33 * time.Second,
RequestTimeout: 33 * time.Second, RequestTimeout: 33 * time.Second,
}, },
&structs.ProxyConfigEntry{ &structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults, Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal, Name: structs.ProxyConfigGlobal,
EnterpriseMeta: entMeta,
Config: map[string]interface{}{ Config: map[string]interface{}{
"protocol": "http", "protocol": "http",
}, },
}, },
&structs.ServiceSplitterConfigEntry{ &structs.ServiceSplitterConfigEntry{
Kind: structs.ServiceSplitter, Kind: structs.ServiceSplitter,
Name: "split-3-ways", Name: "split-3-ways",
EnterpriseMeta: entMeta,
Splits: []structs.ServiceSplit{ Splits: []structs.ServiceSplit{
{Weight: 95.5, Service: "big-side"}, {Weight: 95.5, Service: "big-side"},
{Weight: 4, Service: "goldilocks-side"}, {Weight: 4, Service: "goldilocks-side"},
@ -558,8 +619,9 @@ func setupTestVariationDiscoveryChain(
}, },
}, },
&structs.ServiceRouterConfigEntry{ &structs.ServiceRouterConfigEntry{
Kind: structs.ServiceRouter, Kind: structs.ServiceRouter,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Routes: []structs.ServiceRoute{ Routes: []structs.ServiceRoute{
{ {
Match: httpMatch(&structs.ServiceRouteHTTPMatch{ Match: httpMatch(&structs.ServiceRouteHTTPMatch{
@ -790,23 +852,26 @@ func setupTestVariationDiscoveryChain(
case "lb-resolver": case "lb-resolver":
entries = append(entries, entries = append(entries,
&structs.ProxyConfigEntry{ &structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults, Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal, Name: structs.ProxyConfigGlobal,
EnterpriseMeta: entMeta,
Config: map[string]interface{}{ Config: map[string]interface{}{
"protocol": "http", "protocol": "http",
}, },
}, },
&structs.ServiceSplitterConfigEntry{ &structs.ServiceSplitterConfigEntry{
Kind: structs.ServiceSplitter, Kind: structs.ServiceSplitter,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
Splits: []structs.ServiceSplit{ Splits: []structs.ServiceSplit{
{Weight: 95.5, Service: "something-else"}, {Weight: 95.5, Service: "something-else"},
{Weight: 4.5, Service: "db"}, {Weight: 4.5, Service: "db"},
}, },
}, },
&structs.ServiceResolverConfigEntry{ &structs.ServiceResolverConfigEntry{
Kind: structs.ServiceResolver, Kind: structs.ServiceResolver,
Name: "db", Name: "db",
EnterpriseMeta: entMeta,
LoadBalancer: &structs.LoadBalancer{ LoadBalancer: &structs.LoadBalancer{
Policy: "ring_hash", Policy: "ring_hash",
RingHashConfig: &structs.RingHashConfig{ RingHashConfig: &structs.RingHashConfig{
@ -845,7 +910,7 @@ func setupTestVariationDiscoveryChain(
entries = append(entries, additionalEntries...) entries = append(entries, additionalEntries...)
} }
return discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", compileSetup, entries...) return discoverychain.TestCompileConfigEntries(t, "db", entMeta.NamespaceOrDefault(), entMeta.PartitionOrDefault(), "dc1", connect.TestClusterID+".consul", compileSetup, entries...)
} }
func httpMatch(http *structs.ServiceRouteHTTPMatch) *structs.ServiceRouteMatch { func httpMatch(http *structs.ServiceRouteHTTPMatch) *structs.ServiceRouteMatch {

2
agent/proxycfg_test.go
View File

@ -41,7 +41,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
LocallyRegisteredAsSidecar: true, LocallyRegisteredAsSidecar: true,
Proxy: structs.ConnectProxyConfig{ Proxy: structs.ConnectProxyConfig{
DestinationServiceName: "db", DestinationServiceName: "db",
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
} }

4
agent/sidecar_service_test.go
View File

@ -93,7 +93,7 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
LocalServiceAddress: "127.0.127.0", LocalServiceAddress: "127.0.127.0",
LocalServicePort: 9999, LocalServicePort: 9999,
Config: map[string]interface{}{"baz": "qux"}, Config: map[string]interface{}{"baz": "qux"},
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
}, },
}, },
}, },
@ -118,7 +118,7 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
LocalServiceAddress: "127.0.127.0", LocalServiceAddress: "127.0.127.0",
LocalServicePort: 9999, LocalServicePort: 9999,
Config: map[string]interface{}{"baz": "qux"}, Config: map[string]interface{}{"baz": "qux"},
Upstreams: structs.TestAddDefaultsToUpstreams(t, structs.TestUpstreams(t), Upstreams: structs.TestAddDefaultsToUpstreams(t, structs.TestUpstreams(t, false),
*structs.DefaultEnterpriseMetaInDefaultPartition()), *structs.DefaultEnterpriseMetaInDefaultPartition()),
}, },
}, },

6
agent/structs/discovery_chain.go
View File

@ -59,7 +59,7 @@ type CompiledDiscoveryChain struct {
// ID returns an ID that encodes the service, namespace, partition, and datacenter. // ID returns an ID that encodes the service, namespace, partition, and datacenter.
// This ID allows us to compare a discovery chain target to the chain upstream itself. // This ID allows us to compare a discovery chain target to the chain upstream itself.
func (c *CompiledDiscoveryChain) ID() string { func (c *CompiledDiscoveryChain) ID() string {
return chainID(DiscoveryTargetOpts{ return ChainID(DiscoveryTargetOpts{
Service: c.ServiceName, Service: c.ServiceName,
Namespace: c.Namespace, Namespace: c.Namespace,
Partition: c.Partition, Partition: c.Partition,
@ -314,7 +314,7 @@ func (t *DiscoveryTarget) ToDiscoveryTargetOpts() DiscoveryTargetOpts {
} }
} }
func chainID(opts DiscoveryTargetOpts) string { func ChainID(opts DiscoveryTargetOpts) string {
// NOTE: this format is similar to the SNI syntax for simplicity // NOTE: this format is similar to the SNI syntax for simplicity
if opts.Peer != "" { if opts.Peer != "" {
return fmt.Sprintf("%s.%s.default.external.%s", opts.Service, opts.Namespace, opts.Peer) return fmt.Sprintf("%s.%s.default.external.%s", opts.Service, opts.Namespace, opts.Peer)
@ -326,7 +326,7 @@ func chainID(opts DiscoveryTargetOpts) string {
} }
func (t *DiscoveryTarget) setID() { func (t *DiscoveryTarget) setID() {
t.ID = chainID(t.ToDiscoveryTargetOpts()) t.ID = ChainID(t.ToDiscoveryTargetOpts())
} }
func (t *DiscoveryTarget) String() string { func (t *DiscoveryTarget) String() string {

57
agent/structs/testing_connect_proxy_config.go
View File

@ -11,37 +11,46 @@ import (
func TestConnectProxyConfig(t testing.T) ConnectProxyConfig { func TestConnectProxyConfig(t testing.T) ConnectProxyConfig {
return ConnectProxyConfig{ return ConnectProxyConfig{
DestinationServiceName: "web", DestinationServiceName: "web",
Upstreams: TestUpstreams(t), Upstreams: TestUpstreams(t, false),
} }
} }
// TestUpstreams returns a set of upstreams to be used in tests exercising most // TestUpstreams returns a set of upstreams to be used in tests exercising most
// important configuration patterns. // important configuration patterns.
func TestUpstreams(t testing.T) Upstreams { func TestUpstreams(t testing.T, enterprise bool) Upstreams {
return Upstreams{ db := Upstream{
{ // We rely on this one having default type in a few tests...
// We rely on this one having default type in a few tests... DestinationName: "db",
DestinationName: "db", LocalBindPort: 9191,
LocalBindPort: 9191, Config: map[string]interface{}{
Config: map[string]interface{}{ // Float because this is how it is decoded by JSON decoder so this
// Float because this is how it is decoded by JSON decoder so this // enables the value returned to be compared directly to a decoded JSON
// enables the value returned to be compared directly to a decoded JSON // response without spurious type loss.
// response without spurious type loss. "connect_timeout_ms": float64(1000),
"connect_timeout_ms": float64(1000),
},
},
{
DestinationType: UpstreamDestTypePreparedQuery,
DestinationName: "geo-cache",
LocalBindPort: 8181,
LocalBindAddress: "127.10.10.10",
},
{
DestinationName: "upstream_socket",
LocalBindSocketPath: "/tmp/upstream.sock",
LocalBindSocketMode: "0700",
}, },
} }
geoCache := Upstream{
DestinationType: UpstreamDestTypePreparedQuery,
DestinationName: "geo-cache",
LocalBindPort: 8181,
LocalBindAddress: "127.10.10.10",
}
if enterprise {
db.DestinationNamespace = "foo"
db.DestinationPartition = "bar"
geoCache.DestinationNamespace = "baz"
geoCache.DestinationPartition = "qux"
}
return Upstreams{db, geoCache, {
DestinationName: "upstream_socket",
LocalBindSocketPath: "/tmp/upstream.sock",
LocalBindSocketMode: "0700",
},
}
} }
// TestAddDefaultsToUpstreams takes an array of upstreams (such as that from // TestAddDefaultsToUpstreams takes an array of upstreams (such as that from

209
agent/xds/clusters_test.go
View File

@ -21,6 +21,112 @@ import (
"github.com/hashicorp/consul/types" "github.com/hashicorp/consul/types"
) )
type clusterTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}
func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
return []clusterTestCase{
{
name: "custom-upstream-default-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) {
ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
customAppClusterJSON(t, customClusterJSONOptions{
Name: "myservice",
})
}, nil)
},
},
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-failover",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
},
},
{
name: "connect-proxy-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
},
},
}
}
func TestClustersFromSnapshot(t *testing.T) { func TestClustersFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot // TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input, // eventually to test all of the xDS types at once with the same input,
@ -29,11 +135,7 @@ func TestClustersFromSnapshot(t *testing.T) {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
tests := []struct { tests := []clusterTestCase{
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}{
{ {
name: "connect-proxy-with-tls-outgoing-min-version-auto", name: "connect-proxy-with-tls-outgoing-min-version-auto",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -135,17 +237,6 @@ func TestClustersFromSnapshot(t *testing.T) {
}, nil) }, nil)
}, },
}, },
{
name: "custom-upstream-default-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", func(ns *structs.NodeService) {
ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
customAppClusterJSON(t, customClusterJSONOptions{
Name: "myservice",
})
}, nil)
},
},
{ {
name: "custom-upstream-ignores-tls", name: "custom-upstream-ignores-tls",
overrideGoldenName: "custom-upstream", // should be the same overrideGoldenName: "custom-upstream", // should be the same
@ -245,90 +336,6 @@ func TestClustersFromSnapshot(t *testing.T) {
}, nil) }, nil)
}, },
}, },
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-failover",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", nil, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", nil, nil)
},
},
{
name: "connect-proxy-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", nil, nil)
},
},
{ {
name: "expose-paths-local-app-paths", name: "expose-paths-local-app-paths",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -767,6 +774,8 @@ func TestClustersFromSnapshot(t *testing.T) {
}, },
} }
tests = append(tests, makeClusterDiscoChainTests(false)...)
latestEnvoyVersion := xdscommon.EnvoyVersions[0] latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions { for _, envoyVersion := range xdscommon.EnvoyVersions {
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)

14
agent/xds/delta_envoy_extender_oss_test.go
View File

@ -92,7 +92,7 @@ end`,
{ {
name: "lambda-connect-proxy", name: "lambda-connect-proxy",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, makeLambdaServiceDefaults(false)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, makeLambdaServiceDefaults(false))
}, },
}, },
{ {
@ -107,13 +107,13 @@ end`,
{ {
name: "lambda-connect-proxy-with-terminating-gateway-upstream", name: "lambda-connect-proxy-with-terminating-gateway-upstream",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", nil, nil, makeLambdaServiceDefaults(false)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", false, nil, nil, makeLambdaServiceDefaults(false))
}, },
}, },
{ {
name: "lambda-connect-proxy-opposite-meta", name: "lambda-connect-proxy-opposite-meta",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, makeLambdaServiceDefaults(true)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, makeLambdaServiceDefaults(true))
}, },
}, },
{ {
@ -129,13 +129,13 @@ end`,
{ {
name: "lua-outbound-applies-to-upstreams", name: "lua-outbound-applies-to-upstreams",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, makeLuaServiceDefaults(false)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, makeLuaServiceDefaults(false))
}, },
}, },
{ {
name: "lua-inbound-doesnt-applies-to-upstreams", name: "lua-inbound-doesnt-applies-to-upstreams",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, makeLuaServiceDefaults(true)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, makeLuaServiceDefaults(true))
}, },
}, },
{ {
@ -183,7 +183,7 @@ end`,
{ {
name: "lua-connect-proxy-with-terminating-gateway-upstream", name: "lua-connect-proxy-with-terminating-gateway-upstream",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", nil, nil, makeLambdaServiceDefaults(false)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", false, nil, nil, makeLambdaServiceDefaults(false))
}, },
}, },
{ {
@ -205,7 +205,7 @@ end`,
}, },
} }
} }
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nsFunc, nil, makeLambdaServiceDefaults(true)) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nsFunc, nil, makeLambdaServiceDefaults(true))
}, },
}, },
{ {

197
agent/xds/endpoints_test.go
View File

@ -217,6 +217,106 @@ func Test_makeLoadAssignment(t *testing.T) {
} }
} }
type endpointTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}
func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
return []endpointTestCase{
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-failover",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-default-chain-and-custom-cluster",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) {
ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
customAppClusterJSON(t, customClusterJSONOptions{
Name: "myservice",
})
}, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
},
},
}
}
func TestEndpointsFromSnapshot(t *testing.T) { func TestEndpointsFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot // TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input, // eventually to test all of the xDS types at once with the same input,
@ -225,11 +325,7 @@ func TestEndpointsFromSnapshot(t *testing.T) {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
tests := []struct { tests := []endpointTestCase{
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}{
{ {
name: "mesh-gateway", name: "mesh-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -260,95 +356,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
}, },
}, },
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-failover",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", nil, nil)
},
},
{
name: "connect-proxy-with-default-chain-and-custom-cluster",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", func(ns *structs.NodeService) {
ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
customAppClusterJSON(t, customClusterJSONOptions{
Name: "myservice",
})
}, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", nil, nil)
},
},
{ {
name: "mesh-gateway-service-subsets", name: "mesh-gateway-service-subsets",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -498,6 +505,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
}, },
} }
tests = append(tests, makeEndpointDiscoChainTests(false)...)
latestEnvoyVersion := xdscommon.EnvoyVersions[0] latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions { for _, envoyVersion := range xdscommon.EnvoyVersions {
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)

6
agent/xds/extensionruntime/runtime_config_oss_test.go
View File

@ -130,11 +130,11 @@ func TestGetRuntimeConfigurations_ConnectProxy(t *testing.T) {
} }
// Setup a snapshot where the db upstream is on a connect proxy. // Setup a snapshot where the db upstream is on a connect proxy.
snapConnect := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, serviceDefaults) snapConnect := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, serviceDefaults)
// Setup a snapshot where the db upstream is on a terminating gateway. // Setup a snapshot where the db upstream is on a terminating gateway.
snapTermGw := proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", nil, nil, serviceDefaults) snapTermGw := proxycfg.TestConfigSnapshotDiscoveryChain(t, "register-to-terminating-gateway", false, nil, nil, serviceDefaults)
// Setup a snapshot with the local service web has extensions. // Setup a snapshot with the local service web has extensions.
snapWebConnect := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", func(ns *structs.NodeService) { snapWebConnect := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, func(ns *structs.NodeService) {
ns.Proxy.EnvoyExtensions = envoyExtensions ns.Proxy.EnvoyExtensions = envoyExtensions
}, nil) }, nil)

232
agent/xds/listeners_test.go
View File

@ -21,6 +21,121 @@ import (
"github.com/hashicorp/consul/types" "github.com/hashicorp/consul/types"
) )
type listenerTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
// Setup is called before the test starts. It is passed the snapshot from
// TestConfigSnapshot and is allowed to modify it in any way to setup the
// test input.
overrideGoldenName string
generatorSetup func(*ResourceGenerator)
}
func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
return []listenerTestCase{
{
name: "custom-upstream-ignored-with-disco-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, func(ns *structs.NodeService) {
for i := range ns.Proxy.Upstreams {
if ns.Proxy.Upstreams[i].DestinationName != "db" {
continue // only tweak the db upstream
}
if ns.Proxy.Upstreams[i].Config == nil {
ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
}
uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
ns.Proxy.Upstreams[i].Config["envoy_listener_json"] =
customListenerJSON(t, customListenerJSONOptions{
Name: uid.EnvoyID() + ":custom-upstream",
})
}
}, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-http-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "http",
},
},
)
},
},
{
name: "connect-proxy-with-http2-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "http2",
},
},
)
},
},
{
name: "connect-proxy-with-grpc-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "grpc",
},
},
)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
},
},
}
}
func TestListenersFromSnapshot(t *testing.T) { func TestListenersFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot // TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input, // eventually to test all of the xDS types at once with the same input,
@ -29,16 +144,7 @@ func TestListenersFromSnapshot(t *testing.T) {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
tests := []struct { tests := []listenerTestCase{
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
// Setup is called before the test starts. It is passed the snapshot from
// TestConfigSnapshot and is allowed to modify it in any way to setup the
// test input.
setup func(snap *proxycfg.ConfigSnapshot)
overrideGoldenName string
generatorSetup func(*ResourceGenerator)
}{
{ {
name: "connect-proxy-with-tls-outgoing-min-version-auto", name: "connect-proxy-with-tls-outgoing-min-version-auto",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -326,106 +432,6 @@ func TestListenersFromSnapshot(t *testing.T) {
}, nil) }, nil)
}, },
}, },
{
name: "custom-upstream-ignored-with-disco-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", func(ns *structs.NodeService) {
for i := range ns.Proxy.Upstreams {
if ns.Proxy.Upstreams[i].DestinationName != "db" {
continue // only tweak the db upstream
}
if ns.Proxy.Upstreams[i].Config == nil {
ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
}
uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
ns.Proxy.Upstreams[i].Config["envoy_listener_json"] =
customListenerJSON(t, customListenerJSONOptions{
Name: uid.EnvoyID() + ":custom-upstream",
})
}
}, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil)
},
},
{
name: "connect-proxy-with-http-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "http",
},
},
)
},
},
{
name: "connect-proxy-with-http2-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "http2",
},
},
)
},
},
{
name: "connect-proxy-with-grpc-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil,
&structs.ProxyConfigEntry{
Kind: structs.ProxyDefaults,
Name: structs.ProxyConfigGlobal,
Config: map[string]interface{}{
"protocol": "grpc",
},
},
)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", nil, nil)
},
},
{
name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", nil, nil)
},
},
{ {
name: "connect-proxy-upstream-defaults", name: "connect-proxy-upstream-defaults",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@ -1092,6 +1098,8 @@ func TestListenersFromSnapshot(t *testing.T) {
}, },
} }
tests = append(tests, makeListenerDiscoChainTests(false)...)
latestEnvoyVersion := xdscommon.EnvoyVersions[0] latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions { for _, envoyVersion := range xdscommon.EnvoyVersions {
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)
@ -1110,10 +1118,6 @@ func TestListenersFromSnapshot(t *testing.T) {
// golder files for every test case and so not be any use! // golder files for every test case and so not be any use!
testcommon.SetupTLSRootsAndLeaf(t, snap) testcommon.SetupTLSRootsAndLeaf(t, snap)
if tt.setup != nil {
tt.setup(snap)
}
// Need server just for logger dependency // Need server just for logger dependency
g := NewResourceGenerator(testutil.Logger(t), nil, false) g := NewResourceGenerator(testutil.Logger(t), nil, false)
g.ProxyFeatures = sf g.ProxyFeatures = sf

18
agent/xds/resources_test.go
View File

@ -175,7 +175,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
} }
tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...) tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...)
tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...) tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...)
tests = append(tests, getTrafficControlPeeringGoldenTestCases()...) tests = append(tests, getTrafficControlPeeringGoldenTestCases(false)...)
tests = append(tests, getEnterpriseGoldenTestCases()...) tests = append(tests, getEnterpriseGoldenTestCases()...)
tests = append(tests, getAPIGatewayGoldenTestCases(t)...) tests = append(tests, getAPIGatewayGoldenTestCases(t)...)
@ -253,21 +253,29 @@ func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase {
} }
} }
func getTrafficControlPeeringGoldenTestCases() []goldenTestCase { func getTrafficControlPeeringGoldenTestCases(enterprise bool) []goldenTestCase {
return []goldenTestCase{ cases := []goldenTestCase{
{ {
name: "connect-proxy-with-chain-and-failover-to-cluster-peer", name: "connect-proxy-with-chain-and-failover-to-cluster-peer",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", enterprise, nil, nil)
}, },
}, },
{ {
name: "connect-proxy-with-chain-and-redirect-to-cluster-peer", name: "connect-proxy-with-chain-and-redirect-to-cluster-peer",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", enterprise, nil, nil)
}, },
}, },
} }
if enterprise {
for i := range cases {
cases[i].name = "enterprise-" + cases[i].name
}
}
return cases
} }
const ( const (

115
agent/xds/routes_test.go
View File

@ -19,6 +19,65 @@ import (
"github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil"
) )
type routeTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}
func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
return []routeTestCase{
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-splitter",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-grpc-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil)
},
},
{
name: "connect-proxy-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
},
},
}
}
func TestRoutesFromSnapshot(t *testing.T) { func TestRoutesFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot // TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input, // eventually to test all of the xDS types at once with the same input,
@ -27,59 +86,7 @@ func TestRoutesFromSnapshot(t *testing.T) {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
tests := []struct { tests := []routeTestCase{
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}{
{
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", nil, nil)
},
},
{
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", nil, nil)
},
},
{
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-splitter",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", nil, nil)
},
},
{
name: "connect-proxy-with-grpc-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", nil, nil)
},
},
{
name: "connect-proxy-with-chain-and-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", nil, nil)
},
},
{
name: "connect-proxy-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", nil, nil)
},
},
// TODO(rb): test match stanza skipped for grpc // TODO(rb): test match stanza skipped for grpc
// Start ingress gateway test cases // Start ingress gateway test cases
{ {
@ -188,6 +195,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
}, },
} }
tests = append(tests, makeRouteDiscoChainTests(false)...)
latestEnvoyVersion := xdscommon.EnvoyVersions[0] latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions { for _, envoyVersion := range xdscommon.EnvoyVersions {
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)

66
agent/xds/testdata/endpoints/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden vendored
View File

@ -1,63 +1,63 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"clusterName": "db.default.cluster-01.external.peer1.domain", "clusterName": "db.default.cluster-01.external.peer1.domain",
"endpoints": [ "endpoints": [
{ {
"lbEndpoints": [ "lbEndpoints": [
{ {
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.40.1.1", "address": "10.40.1.1",
"portValue": 8080 "portValue": 8080
} }
} }
}, },
"healthStatus": "HEALTHY", "healthStatus": "HEALTHY",
"loadBalancingWeight": 1 "loadBalancingWeight": 1
} }
] ]
} }
] ]
}, },
{ {
"@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
"endpoints": [ "endpoints": [
{ {
"lbEndpoints": [ "lbEndpoints": [
{ {
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.1", "address": "10.10.1.1",
"portValue": 8080 "portValue": 8080
} }
} }
}, },
"healthStatus": "HEALTHY", "healthStatus": "HEALTHY",
"loadBalancingWeight": 1 "loadBalancingWeight": 1
}, },
{ {
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.20.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }
}, },
"healthStatus": "HEALTHY", "healthStatus": "HEALTHY",
"loadBalancingWeight": 1 "loadBalancingWeight": 1
} }
] ]
} }
] ]
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"nonce": "00000001" "nonce": "00000001"
} }

136
agent/xds/testdata/listeners/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden vendored
View File

@ -1,119 +1,115 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
"statPrefix": "connect_authz"
},
"statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
"tlsCertificates": [
},
"tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

136
agent/xds/testdata/listeners/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden vendored
View File

@ -1,119 +1,115 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.cluster-01.external.peer1.domain" "cluster": "db.default.cluster-01.external.peer1.domain"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
"statPrefix": "connect_authz"
},
"statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
"tlsCertificates": [
},
"tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

18
agent/xds/validateupstream-test/validateupstream_test.go
View File

@ -43,13 +43,13 @@ func TestValidateUpstreams(t *testing.T) {
{ {
name: "tcp-success", name: "tcp-success",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil)
}, },
}, },
{ {
name: "tcp-missing-listener", name: "tcp-missing-listener",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil)
}, },
patcher: func(ir *xdscommon.IndexedResources) *xdscommon.IndexedResources { patcher: func(ir *xdscommon.IndexedResources) *xdscommon.IndexedResources {
delete(ir.Index[xdscommon.ListenerType], listenerName) delete(ir.Index[xdscommon.ListenerType], listenerName)
@ -60,7 +60,7 @@ func TestValidateUpstreams(t *testing.T) {
{ {
name: "tcp-missing-cluster", name: "tcp-missing-cluster",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil)
}, },
patcher: func(ir *xdscommon.IndexedResources) *xdscommon.IndexedResources { patcher: func(ir *xdscommon.IndexedResources) *xdscommon.IndexedResources {
delete(ir.Index[xdscommon.ClusterType], sni) delete(ir.Index[xdscommon.ClusterType], sni)
@ -71,7 +71,7 @@ func TestValidateUpstreams(t *testing.T) {
{ {
name: "http-success", name: "http-success",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, httpServiceDefaults) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, httpServiceDefaults)
}, },
}, },
{ {
@ -79,7 +79,7 @@ func TestValidateUpstreams(t *testing.T) {
// RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain, so we // RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain, so we
// need to use the test snapshot and add L7 config entries. // need to use the test snapshot and add L7 config entries.
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, []proxycfg.UpdateEvent{ return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, []proxycfg.UpdateEvent{
// The events ensure there are endpoints for the v1 and v2 subsets. // The events ensure there are endpoints for the v1 and v2 subsets.
{ {
CorrelationID: "upstream-target:v1.db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:v1.db.default.default.dc1:" + dbUID.String(),
@ -104,7 +104,7 @@ func TestValidateUpstreams(t *testing.T) {
// RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain, so we // RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain, so we
// need to use the test snapshot and add L7 config entries. // need to use the test snapshot and add L7 config entries.
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, []proxycfg.UpdateEvent{ return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, []proxycfg.UpdateEvent{
// The events ensure there are endpoints for the v1 and v2 subsets. // The events ensure there are endpoints for the v1 and v2 subsets.
{ {
CorrelationID: "upstream-target:v1.db.default.default.dc1:" + dbUID.String(), CorrelationID: "upstream-target:v1.db.default.default.dc1:" + dbUID.String(),
@ -129,19 +129,19 @@ func TestValidateUpstreams(t *testing.T) {
{ {
name: "redirect", name: "redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", false, nil, nil)
}, },
}, },
{ {
name: "failover", name: "failover",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", false, nil, nil)
}, },
}, },
{ {
name: "failover-to-cluster-peer", name: "failover-to-cluster-peer",
create: func(t testinf.T) *proxycfg.ConfigSnapshot { create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", nil, nil) return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", false, nil, nil)
}, },
}, },
{ {

2
agent/xds/xds_protocol_helpers_test.go
View File

@ -47,7 +47,7 @@ func newTestSnapshot(
dbServiceProtocol string, dbServiceProtocol string,
additionalEntries ...structs.ConfigEntry, additionalEntries ...structs.ConfigEntry,
) *proxycfg.ConfigSnapshot { ) *proxycfg.ConfigSnapshot {
snap := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", nil, nil, additionalEntries...) snap := proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nil, nil, additionalEntries...)
snap.ConnectProxy.PreparedQueryEndpoints = map[proxycfg.UpstreamID]structs.CheckServiceNodes{ snap.ConnectProxy.PreparedQueryEndpoints = map[proxycfg.UpstreamID]structs.CheckServiceNodes{
UID("prepared_query:geo-cache"): proxycfg.TestPreparedQueryNodes(t, "geo-cache"), UID("prepared_query:geo-cache"): proxycfg.TestPreparedQueryNodes(t, "geo-cache"),
} }

8
command/services/config_test.go
View File

@ -137,7 +137,7 @@ func TestStructsToAgentService(t *testing.T) {
DestinationServiceName: "web", DestinationServiceName: "web",
LocalServiceAddress: "127.0.0.1", LocalServiceAddress: "127.0.0.1",
LocalServicePort: 8181, LocalServicePort: 8181,
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
Mode: structs.ProxyModeTransparent, Mode: structs.ProxyModeTransparent,
Config: map[string]interface{}{ Config: map[string]interface{}{
"foo": "bar", "foo": "bar",
@ -154,7 +154,7 @@ func TestStructsToAgentService(t *testing.T) {
DestinationServiceName: "web", DestinationServiceName: "web",
LocalServiceAddress: "127.0.0.1", LocalServiceAddress: "127.0.0.1",
LocalServicePort: 8181, LocalServicePort: 8181,
Upstreams: structs.TestUpstreams(t).ToAPI(), Upstreams: structs.TestUpstreams(t, false).ToAPI(),
Mode: api.ProxyModeTransparent, Mode: api.ProxyModeTransparent,
Config: map[string]interface{}{ Config: map[string]interface{}{
"foo": "bar", "foo": "bar",
@ -174,7 +174,7 @@ func TestStructsToAgentService(t *testing.T) {
DestinationServiceName: "web", DestinationServiceName: "web",
LocalServiceAddress: "127.0.0.1", LocalServiceAddress: "127.0.0.1",
LocalServicePort: 8181, LocalServicePort: 8181,
Upstreams: structs.TestUpstreams(t), Upstreams: structs.TestUpstreams(t, false),
Mode: structs.ProxyModeTransparent, Mode: structs.ProxyModeTransparent,
TransparentProxy: structs.TransparentProxyConfig{ TransparentProxy: structs.TransparentProxyConfig{
OutboundListenerPort: 808, OutboundListenerPort: 808,
@ -201,7 +201,7 @@ func TestStructsToAgentService(t *testing.T) {
DestinationServiceName: "web", DestinationServiceName: "web",
LocalServiceAddress: "127.0.0.1", LocalServiceAddress: "127.0.0.1",
LocalServicePort: 8181, LocalServicePort: 8181,
Upstreams: structs.TestUpstreams(t).ToAPI(), Upstreams: structs.TestUpstreams(t, false).ToAPI(),
Mode: api.ProxyModeTransparent, Mode: api.ProxyModeTransparent,
TransparentProxy: &api.TransparentProxyConfig{ TransparentProxy: &api.TransparentProxyConfig{
OutboundListenerPort: 808, OutboundListenerPort: 808,