status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-12 14:55:02 +00:00
Code Issues Projects Releases Wiki Activity

NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167)

Browse Source 
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2

* WIP

* WIP

* everything matching except leafCerts.  need to mock those

* single port destinations working except mixed destinations

* golden test input to xds controller tests for destinations

* proposed fix for failover group naming errors

* clean up test to use helper.

* clean up test to use helper.

* fix test file

* add docstring for test function.

* add docstring for test function.

* fix linting error

* fixing test after route fix merged into main
This commit is contained in:
John Murret 2023-10-24 09:33:23 -06:00 committed by GitHub
parent 12ef115b61
commit 9775758d0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 2534 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go
View File

@ -290,7 +290,6 @@ func (b *Builder) buildDestination(
clusterName := fmt.Sprintf("%s.%s", portName, sni)
egName := ""
if details.FailoverConfig != nil {
egName = fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, 0, clusterName)
}

159
internal/mesh/internal/controllers/xds/controller_test.go
View File

@ -7,10 +7,14 @@ import (
"context"
"crypto/x509"
"encoding/pem"
"fmt"
"strings"
"testing"
"github.com/hashicorp/consul/internal/testing/golden"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
"google.golang.org/protobuf/encoding/protojson"
svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
"github.com/hashicorp/consul/agent/leafcert"
@ -998,3 +1002,158 @@ func (suite *xdsControllerTestSuite) TestReconcile_prevWatchesToCancel() {
func TestXdsController(t *testing.T) {
suite.Run(t, new(xdsControllerTestSuite))
}
// TestReconcile_SidecarProxyGoldenFileInputs tests the Reconcile() by using
// the golden test output/expected files from the sidecar proxy tests as inputs
// to the XDS controller reconciliation.
// XDS controller reconciles the full ProxyStateTemplate object. The fields
// that things that it focuses on are leaf certs, endpoints, and trust bundles,
// which is just a subset of the ProxyStateTemplate struct. Prior to XDS controller
// reconciliation, the sidecar proxy controller will have reconciled the other parts
// of the ProxyStateTemplate.
// Since the XDS controller does act on the ProxyStateTemplate, the tests
// utilize that entire object rather than just the parts that XDS controller
// internals reconciles. Namely, by using checking the full ProxyStateTemplate
// rather than just endpoints, leaf certs, and trust bundles, the test also ensures
// side effects or change in scope to XDS controller are not introduce mistakenly.
func (suite *xdsControllerTestSuite) TestReconcile_SidecarProxyGoldenFileInputs() {
path := "../sidecarproxy/builder/testdata"
cases := []string{
// destinations
"destination/l4-single-destination-ip-port-bind-address",
"destination/l4-single-destination-unix-socket-bind-address",
"destination/l4-single-implicit-destination-tproxy",
"destination/l4-multi-destination",
"destination/l4-multiple-implicit-destinations-tproxy",
"destination/l4-implicit-and-explicit-destinations-tproxy",
"destination/mixed-multi-destination",
"destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy",
"destination/multiport-l4-and-l7-single-implicit-destination-tproxy",
"destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy",
//sources
}
for _, name := range cases {
suite.Run(name, func() {
// Create ProxyStateTemplate from the golden file.
pst := JSONToProxyTemplate(suite.T(),
golden.GetBytesAtFilePath(suite.T(), fmt.Sprintf("%s/%s.golden", path, name)))
// Destinations will need endpoint refs set up.
if strings.Split(name, "/")[0] == "destination" && len(pst.ProxyState.Endpoints) == 0 {
suite.addRequiredEndpointsAndRefs(pst)
}
// Store the initial ProxyStateTemplate.
proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test").
WithData(suite.T(), pst).
Write(suite.T(), suite.client)
// Check with resource service that it exists.
retry.Run(suite.T(), func(r *retry.R) {
suite.client.RequireResourceExists(r, proxyStateTemplate.Id)
})
// Track it in the mapper.
suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{})
// Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion.
err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
ID: proxyStateTemplate.Id,
})
require.NoError(suite.T(), err)
require.NotNil(suite.T(), proxyStateTemplate)
// Get the reconciled proxyStateTemplate to check the reconcile results.
reconciledPS := suite.updater.Get(proxyStateTemplate.Id.Name)
// Verify leaf cert contents then hard code them for comparison
// and downstream tests since they change from test run to test run.
require.NotEmpty(suite.T(), reconciledPS.LeafCertificates)
reconciledPS.LeafCertificates = map[string]*pbproxystate.LeafCertificate{
"test-identity": {
Cert: "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
Key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n",
},
}
// Compare actual vs expected.
actual := prototest.ProtoToJSON(suite.T(), reconciledPS)
expected := golden.Get(suite.T(), actual, name+".golden")
require.JSONEq(suite.T(), expected, actual)
})
}
}
func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.ProxyStateTemplate) {
//get service data
serviceData := &pbcatalog.Service{}
var vp uint32 = 7000
requiredEps := make(map[string]*pbproxystate.EndpointRef)
// iterate through clusters and set up endpoints for cluster/mesh port.
for clusterName := range pst.ProxyState.Clusters {
if clusterName == "null_route_cluster" || clusterName == "original-destination" {
continue
}
//increment the random port number.
vp++
clusterNameSplit := strings.Split(clusterName, ".")
port := clusterNameSplit[0]
svcName := clusterNameSplit[1]
// set up service data with port info.
serviceData.Ports = append(serviceData.Ports, &pbcatalog.ServicePort{
TargetPort: port,
VirtualPort: vp,
Protocol: pbcatalog.Protocol_PROTOCOL_TCP,
})
// create service.
svc := resourcetest.Resource(pbcatalog.ServiceType, svcName).
WithData(suite.T(), &pbcatalog.Service{}).
Write(suite.T(), suite.client)
// create endpoints with svc as owner.
eps := resourcetest.Resource(pbcatalog.ServiceEndpointsType, svcName).
WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
{
Ports: map[string]*pbcatalog.WorkloadPort{
"mesh": {
Port: 20000,
Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
},
},
Addresses: []*pbcatalog.WorkloadAddress{
{
Host: "10.1.1.1",
Ports: []string{"mesh"},
},
},
},
}}).
WithOwner(svc.Id).
Write(suite.T(), suite.client)
// add to working list of required endpoints.
requiredEps[clusterName] = &pbproxystate.EndpointRef{
Id: eps.Id,
Port: "mesh",
}
}
// set working list of required endpoints as proxy state's RequiredEndpoints.
pst.RequiredEndpoints = requiredEps
}
func JSONToProxyTemplate(t *testing.T, json []byte) *pbmesh.ProxyStateTemplate {
t.Helper()
proxyTemplate := &pbmesh.ProxyStateTemplate{}
m := protojson.UnmarshalOptions{}
err := m.Unmarshal(json, proxyTemplate)
require.NoError(t, err)
return proxyTemplate
}

182
internal/mesh/internal/controllers/xds/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden vendored Normal file
View File

@ -0,0 +1,182 @@
{
"clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 1234
},
"name": "default/local/default/api-1:tcp:1.1.1.1:1234",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-1.default.default.dc1"
}
}
]
},
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-2.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "2.2.2.2",
"prefixLen": 32
},
{
"addressPrefix": "3.3.3.3",
"prefixLen": 32
}
]
}
}
]
}
],
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

296
internal/mesh/internal/controllers/xds/testdata/destination/l4-multi-destination.golden vendored Normal file
View File

@ -0,0 +1,296 @@
{
"clusters": {
"null_route_cluster": {
"endpointGroup": {
"static": {
"config": {
"connectTimeout": "10s"
}
}
},
"name": "null_route_cluster"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"tcp2.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-1.default.dc1.internal.foo.consul"
},
"tcp2.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 1234
},
"name": "default/local/default/api-1:tcp:1.1.1.1:1234",
"routers": [
{
"l4": {
"statPrefix": "upstream.tcp.api-1.default.default.dc1",
"weightedClusters": {
"clusters": [
{
"name": "tcp.api-2.default.dc1.internal.foo.consul",
"weight": 60
},
{
"name": "tcp.api-1.default.dc1.internal.foo.consul",
"weight": 40
},
{
"name": "null_route_cluster",
"weight": 10
}
]
}
}
}
]
},
{
"direction": "DIRECTION_OUTBOUND",
"name": "default/local/default/api-2:tcp:/path/to/socket",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-2.default.default.dc1"
}
}
],
"unixSocket": {
"mode": "0666",
"path": "/path/to/socket"
}
},
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 2345
},
"name": "default/local/default/api-1:tcp2:1.1.1.1:2345",
"routers": [
{
"l4": {
"statPrefix": "upstream.tcp2.api-1.default.default.dc1",
"weightedClusters": {
"clusters": [
{
"name": "tcp2.api-2.default.dc1.internal.foo.consul",
"weight": 60
},
{
"name": "tcp2.api-1.default.dc1.internal.foo.consul",
"weight": 40
},
{
"name": "null_route_cluster",
"weight": 10
}
]
}
}
}
]
},
{
"direction": "DIRECTION_OUTBOUND",
"name": "default/local/default/api-2:tcp2:/path/to/socket",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp2.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp2.api-2.default.default.dc1"
}
}
],
"unixSocket": {
"mode": "0666",
"path": "/path/to/socket"
}
}
],
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

181
internal/mesh/internal/controllers/xds/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden vendored Normal file
View File

@ -0,0 +1,181 @@
{
"clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-1.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-2.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "2.2.2.2",
"prefixLen": 32
},
{
"addressPrefix": "3.3.3.3",
"prefixLen": 32
}
]
}
}
]
}
],
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

153
internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-ip-port-bind-address.golden vendored Normal file
View File

@ -0,0 +1,153 @@
{
"clusters": {
"null_route_cluster": {
"endpointGroup": {
"static": {
"config": {
"connectTimeout": "10s"
}
}
},
"name": "null_route_cluster"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 1234
},
"name": "default/local/default/api-1:tcp:1.1.1.1:1234",
"routers": [
{
"l4": {
"statPrefix": "upstream.tcp.api-1.default.default.dc1",
"weightedClusters": {
"clusters": [
{
"name": "tcp.api-2.default.dc1.internal.foo.consul",
"weight": 60
},
{
"name": "tcp.api-1.default.dc1.internal.foo.consul",
"weight": 40
},
{
"name": "null_route_cluster",
"weight": 10
}
]
}
}
}
]
}
],
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

92
internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-unix-socket-bind-address.golden vendored Normal file
View File

@ -0,0 +1,92 @@
{
"clusters": {
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"direction": "DIRECTION_OUTBOUND",
"name": "default/local/default/api-2:tcp:/path/to/socket",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-2.default.default.dc1"
}
}
],
"unixSocket": {
"mode": "0666",
"path": "/path/to/socket"
}
}
],
"endpoints": {
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

122
internal/mesh/internal/controllers/xds/testdata/destination/l4-single-implicit-destination-tproxy.golden vendored Normal file
View File

@ -0,0 +1,122 @@
{
"clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-1.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
}
]
}
],
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

373
internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden vendored Normal file
View File

@ -0,0 +1,373 @@
{
"clusters": {
"http.api-1.default.dc1.internal.foo.consul": {
"altStatName": "http.api-1.default.dc1.internal.foo.consul",
"failoverGroup": {
"config": {
"connectTimeout": "55s",
"useAltStatName": true
},
"endpointGroups": [
{
"dynamic": {
"config": {
"connectTimeout": "55s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
},
"name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul"
},
{
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "backup-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
},
"name": "failover-target~1~http.api-1.default.dc1.internal.foo.consul"
}
]
},
"name": "http.api-1.default.dc1.internal.foo.consul"
},
"http.api-2.default.dc1.internal.foo.consul": {
"altStatName": "http.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "http.api-2.default.dc1.internal.foo.consul"
},
"null_route_cluster": {
"endpointGroup": {
"static": {
"config": {
"connectTimeout": "10s"
}
}
},
"name": "null_route_cluster"
},
"tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-1.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api1-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-1.default.dc1.internal.foo.consul"
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 1234
},
"name": "default/local/default/api-1:tcp:1.1.1.1:1234",
"routers": [
{
"l4": {
"statPrefix": "upstream.tcp.api-1.default.default.dc1",
"weightedClusters": {
"clusters": [
{
"name": "tcp.api-2.default.dc1.internal.foo.consul",
"weight": 60
},
{
"name": "tcp.api-1.default.dc1.internal.foo.consul",
"weight": 40
},
{
"name": "null_route_cluster",
"weight": 10
}
]
}
}
}
]
},
{
"direction": "DIRECTION_OUTBOUND",
"name": "default/local/default/api-2:tcp:/path/to/socket",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-2.default.default.dc1"
}
}
],
"unixSocket": {
"mode": "0666",
"path": "/path/to/socket"
}
},
{
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "1.1.1.1",
"port": 1234
},
"name": "default/local/default/api-1:http:1.1.1.1:1234",
"routers": [
{
"l7": {
"route": {
"name": "default/local/default/api-1:http:1.1.1.1:1234"
},
"statPrefix": "upstream."
}
}
]
}
],
"routes": {
"default/local/default/api-1:http:1.1.1.1:1234": {
"virtualHosts": [
{
"domains": ["*"],
"name": "default/local/default/api-1:http:1.1.1.1:1234",
"routeRules": [
{
"destination": {
"destinationConfiguration": {
"timeoutConfig": {
"timeout": "77s"
}
},
"weightedClusters": {
"clusters": [
{
"name": "http.api-2.default.dc1.internal.foo.consul",
"weight": 60
},
{
"name": "http.api-1.default.dc1.internal.foo.consul",
"weight": 40
},
{
"name": "null_route_cluster",
"weight": 10
}
]
}
},
"match": {
"pathMatch": {
"prefix": "/split"
}
}
},
{
"destination": {
"cluster": {
"name": "http.api-1.default.dc1.internal.foo.consul"
},
"destinationConfiguration": {
"retryPolicy": {
"numRetries": 4,
"retryOn": "connect-failure"
},
"timeoutConfig": {
"timeout": "606s"
}
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
},
{
"destination": {
"cluster": {
"name": "null_route_cluster"
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
}
]
}
]
}
},
"endpoints": {
"tcp.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-1.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

455
internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden vendored Normal file
View File

@ -0,0 +1,455 @@
{
"clusters": {
"http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "http.api-app.default.dc1.internal.foo.consul"
},
"http.api-app2.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "http.api-app2.default.dc1.internal.foo.consul"
},
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"tcp.api-app2.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-app2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-app2.default.dc1.internal.foo.consul"
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
},
"tcp2.api-app2.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app2.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-app2.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-app.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp.api-app2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-app2.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "2.2.2.2",
"prefixLen": 32
},
{
"addressPrefix": "3.3.3.3",
"prefixLen": 32
}
]
}
},
{
"l7": {
"route": {
"name": "default/local/default/api-app:http"
},
"statPrefix": "upstream."
},
"match": {
"destinationPort": 8080,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l7": {
"route": {
"name": "default/local/default/api-app2:http"
},
"statPrefix": "upstream."
},
"match": {
"destinationPort": 8080,
"prefixRanges": [
{
"addressPrefix": "2.2.2.2",
"prefixLen": 32
},
{
"addressPrefix": "3.3.3.3",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp2.api-app.default.default.dc1"
},
"match": {
"destinationPort": 8081,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp2.api-app2.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp2.api-app2.default.default.dc1"
},
"match": {
"destinationPort": 8081,
"prefixRanges": [
{
"addressPrefix": "2.2.2.2",
"prefixLen": 32
},
{
"addressPrefix": "3.3.3.3",
"prefixLen": 32
}
]
}
}
]
}
],
"routes": {
"default/local/default/api-app:http": {
"virtualHosts": [
{
"domains": ["*"],
"name": "default/local/default/api-app:http",
"routeRules": [
{
"destination": {
"cluster": {
"name": "http.api-app.default.dc1.internal.foo.consul"
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
}
]
}
]
},
"default/local/default/api-app2:http": {
"virtualHosts": [
{
"domains": ["*"],
"name": "default/local/default/api-app2:http",
"routeRules": [
{
"destination": {
"cluster": {
"name": "http.api-app2.default.dc1.internal.foo.consul"
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
}
]
}
]
}
},
"endpoints": {
"tcp.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp.api-app2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-app2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-app2.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

256
internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden vendored Normal file
View File

@ -0,0 +1,256 @@
{
"clusters": {
"http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "http.api-app.default.dc1.internal.foo.consul"
},
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-app.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l7": {
"route": {
"name": "default/local/default/api-app:http"
},
"statPrefix": "upstream."
},
"match": {
"destinationPort": 8080,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp2.api-app.default.default.dc1"
},
"match": {
"destinationPort": 8081,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
}
]
}
],
"routes": {
"default/local/default/api-app:http": {
"virtualHosts": [
{
"domains": ["*"],
"name": "default/local/default/api-app:http",
"routeRules": [
{
"destination": {
"cluster": {
"name": "http.api-app.default.dc1.internal.foo.consul"
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
}
]
}
]
}
},
"endpoints": {
"tcp.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

256
internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden vendored Normal file
View File

@ -0,0 +1,256 @@
{
"clusters": {
"http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~http"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "http.api-app.default.dc1.internal.foo.consul"
},
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"altStatName": "tcp2.api-app.default.dc1.internal.foo.consul",
"endpointGroup": {
"dynamic": {
"config": {
"connectTimeout": "5s",
"disablePanicThreshold": true
},
"outboundTls": {
"alpnProtocols": [
"consul~tcp2"
],
"outboundMesh": {
"identityKey": "test-identity",
"sni": "api-app.default.dc1.internal.foo.consul",
"validationContext": {
"spiffeIds": [
"spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity"
],
"trustBundlePeerNameKey": "local"
}
}
}
}
},
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
}
},
"identity": {
"name": "test-identity",
"tenancy": {
"namespace": "default",
"partition": "default",
"peerName": "local"
},
"type": {
"group": "auth",
"groupVersion": "v2beta1",
"kind": "WorkloadIdentity"
}
},
"listeners": [
{
"capabilities": [
"CAPABILITY_TRANSPARENT"
],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND",
"hostPort": {
"host": "127.0.0.1",
"port": 15001
},
"name": "outbound_listener",
"routers": [
{
"l4": {
"cluster": {
"name": "tcp.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp.api-app.default.default.dc1"
},
"match": {
"destinationPort": 7070,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l7": {
"route": {
"name": "default/local/default/api-app:http"
},
"statPrefix": "upstream."
},
"match": {
"destinationPort": 8080,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
},
{
"l4": {
"cluster": {
"name": "tcp2.api-app.default.dc1.internal.foo.consul"
},
"statPrefix": "upstream.tcp2.api-app.default.default.dc1"
},
"match": {
"destinationPort": 8081,
"prefixRanges": [
{
"addressPrefix": "1.1.1.1",
"prefixLen": 32
}
]
}
}
]
}
],
"routes": {
"default/local/default/api-app:http": {
"virtualHosts": [
{
"domains": ["*"],
"name": "default/local/default/api-app:http",
"routeRules": [
{
"destination": {
"cluster": {
"name": "http.api-app.default.dc1.internal.foo.consul"
}
},
"match": {
"pathMatch": {
"prefix": "/"
}
}
}
]
}
]
}
},
"endpoints": {
"tcp.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"tcp2.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
},
"http.api-app.default.dc1.internal.foo.consul": {
"endpoints": [
{
"healthStatus": "HEALTH_STATUS_HEALTHY",
"hostPort": {
"host": "10.1.1.1",
"port": 20000
}
}
]
}
},
"trustBundles": {
"local": {
"roots": [
"some-root",
"some-other-root"
],
"trustDomain": "some-trust-domain"
}
},
"leafCertificates": {
"test-identity": {
"cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
}
}
}

10
internal/testing/golden/golden.go
View File

@ -42,7 +42,15 @@ func GetBytes(t *testing.T, actual, filename string) []byte {
require.NoError(t, err)
}
expected, err := os.ReadFile(path)
return GetBytesAtFilePath(t, path)
}
// GetBytes reads the expected value from the file at filepath and returns the
// value as a byte array. filepath is relative to the ./testdata directory.
func GetBytesAtFilePath(t *testing.T, filepath string) []byte {
t.Helper()
expected, err := os.ReadFile(filepath)
require.NoError(t, err)
return expected
}