mirror of
https://github.com/status-im/consul.git
synced 2025-01-18 17:52:17 +00:00
091925bcb7
* Move hcp client to subpackage hcpclient (#16800) * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * [HCP Observability] OTELExporter (#17128) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * [HCP Observability] OTELSink (#17159) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Initialize OTELSink with sync.Map for all the instrument stores. * Moved PeriodicReader init to NewOtelReader function. This allows us to use a ManualReader for tests. * Switch to mutex instead of sync.Map to avoid type assertion * Add gauge store * Clarify comments * return concrete sink type * Fix lint errors * Move gauge store to be within sink * Use context.TODO,rebase and clenaup opts handling * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Fix imports * Update to latest stable version by rebasing on cc-4933, fix import, remove mutex init, fix opts error messages and use logger from ctx * Add lots of documentation to the OTELSink * Fix gauge store comment and check ok * Add select and ctx.Done() check to gauge callback * use require.Equal for attributes * Fixed import naming * Remove float64 calls and add a NewGaugeStore method * Change name Store to Set in gaugeStore, add concurrency tests in both OTELSink and gauge store * Generate 100 gauge operations * Seperate the labels into goroutines in sink test * Generate kv store for the test case keys to avoid using uuid * Added a race test with 300 samples for OTELSink * Do not pass in waitgroup and use error channel instead. * Using SHA 7dea2225a218872e86d2f580e82c089b321617b0 to avoid build failures in otel * Fix nits * [HCP Observability] Init OTELSink in Telemetry (#17162) * Move hcp client to subpackage hcpclient (#16800) * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Initialize OTELSink with sync.Map for all the instrument stores. * Moved PeriodicReader init to NewOtelReader function. This allows us to use a ManualReader for tests. * Switch to mutex instead of sync.Map to avoid type assertion * Add gauge store * Clarify comments * return concrete sink type * Fix lint errors * Move gauge store to be within sink * Use context.TODO,rebase and clenaup opts handling * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Fix imports * Update to latest stable version by rebasing on cc-4933, fix import, remove mutex init, fix opts error messages and use logger from ctx * Add lots of documentation to the OTELSink * Fix gauge store comment and check ok * Add select and ctx.Done() check to gauge callback * use require.Equal for attributes * Fixed import naming * Remove float64 calls and add a NewGaugeStore method * Change name Store to Set in gaugeStore, add concurrency tests in both OTELSink and gauge store * Generate 100 gauge operations * Seperate the labels into goroutines in sink test * Generate kv store for the test case keys to avoid using uuid * Added a race test with 300 samples for OTELSink * [HCP Observability] OTELExporter (#17128) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Do not pass in waitgroup and use error channel instead. * Using SHA 7dea2225a218872e86d2f580e82c089b321617b0 to avoid build failures in otel * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Initialize OTELSink with sync.Map for all the instrument stores. * Added telemetry agent to client and init sink in deps * Fixed client * Initalize sink in deps * init sink in telemetry library * Init deps before telemetry * Use concrete telemetry.OtelSink type * add /v1/metrics * Avoid returning err for telemetry init * move sink init within the IsCloudEnabled() * Use HCPSinkOpts in deps instead * update golden test for configuration file * Switch to using extra sinks in the telemetry library * keep name MetricsConfig * fix log in verifyCCMRegistration * Set logger in context * pass around MetricSink in deps * Fix imports * Rebased onto otel sink pr * Fix URL in test * [HCP Observability] OTELSink (#17159) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Initialize OTELSink with sync.Map for all the instrument stores. * Moved PeriodicReader init to NewOtelReader function. This allows us to use a ManualReader for tests. * Switch to mutex instead of sync.Map to avoid type assertion * Add gauge store * Clarify comments * return concrete sink type * Fix lint errors * Move gauge store to be within sink * Use context.TODO,rebase and clenaup opts handling * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Fix imports * Update to latest stable version by rebasing on cc-4933, fix import, remove mutex init, fix opts error messages and use logger from ctx * Add lots of documentation to the OTELSink * Fix gauge store comment and check ok * Add select and ctx.Done() check to gauge callback * use require.Equal for attributes * Fixed import naming * Remove float64 calls and add a NewGaugeStore method * Change name Store to Set in gaugeStore, add concurrency tests in both OTELSink and gauge store * Generate 100 gauge operations * Seperate the labels into goroutines in sink test * Generate kv store for the test case keys to avoid using uuid * Added a race test with 300 samples for OTELSink * Do not pass in waitgroup and use error channel instead. * Using SHA 7dea2225a218872e86d2f580e82c089b321617b0 to avoid build failures in otel * Fix nits * pass extraSinks as function param instead * Add default interval as package export * remove verifyCCM func * Add clusterID * Fix import and add t.Parallel() for missing tests * Kick Vercel CI * Remove scheme from endpoint path, and fix error logging * return metrics.MetricSink for sink method * Update SDK * [HCP Observability] Metrics filtering and Labels in Go Metrics sink (#17184) * Move hcp client to subpackage hcpclient (#16800) * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * [HCP Observability] New MetricsClient (#17100) * Client configured with TLS using HCP config and retry/throttle * Add tests and godoc for metrics client * close body after request * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * remove clone * Extract CloudConfig and mock for future PR * Switch to hclog.FromContext * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Initialize OTELSink with sync.Map for all the instrument stores. * Moved PeriodicReader init to NewOtelReader function. This allows us to use a ManualReader for tests. * Switch to mutex instead of sync.Map to avoid type assertion * Add gauge store * Clarify comments * return concrete sink type * Fix lint errors * Move gauge store to be within sink * Use context.TODO,rebase and clenaup opts handling * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Fix imports * Update to latest stable version by rebasing on cc-4933, fix import, remove mutex init, fix opts error messages and use logger from ctx * Add lots of documentation to the OTELSink * Fix gauge store comment and check ok * Add select and ctx.Done() check to gauge callback * use require.Equal for attributes * Fixed import naming * Remove float64 calls and add a NewGaugeStore method * Change name Store to Set in gaugeStore, add concurrency tests in both OTELSink and gauge store * Generate 100 gauge operations * Seperate the labels into goroutines in sink test * Generate kv store for the test case keys to avoid using uuid * Added a race test with 300 samples for OTELSink * [HCP Observability] OTELExporter (#17128) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Do not pass in waitgroup and use error channel instead. * Using SHA 7dea2225a218872e86d2f580e82c089b321617b0 to avoid build failures in otel * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Initialize OTELSink with sync.Map for all the instrument stores. * Added telemetry agent to client and init sink in deps * Fixed client * Initalize sink in deps * init sink in telemetry library * Init deps before telemetry * Use concrete telemetry.OtelSink type * add /v1/metrics * Avoid returning err for telemetry init * move sink init within the IsCloudEnabled() * Use HCPSinkOpts in deps instead * update golden test for configuration file * Switch to using extra sinks in the telemetry library * keep name MetricsConfig * fix log in verifyCCMRegistration * Set logger in context * pass around MetricSink in deps * Fix imports * Rebased onto otel sink pr * Fix URL in test * [HCP Observability] OTELSink (#17159) * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Create new OTELExporter which uses the MetricsClient Add transform because the conversion is in an /internal package * Fix lint error * early return when there are no metrics * Add NewOTELExporter() function * Downgrade to metrics SDK version: v1.15.0-rc.1 * Fix imports * fix small nits with comments and url.URL * Fix tests by asserting actual error for context cancellation, fix parallel, and make mock more versatile * Cleanup error handling and clarify empty metrics case * Fix input/expected naming in otel_transform_test.go * add comment for metric tracking * Add a general isEmpty method * Add clear error types * update to latest version 1.15.0 of OTEL * Client configured with TLS using HCP config and retry/throttle * run go mod tidy * Remove one abstraction to use the config from deps * Address PR feedback * Initialize OTELSink with sync.Map for all the instrument stores. * Moved PeriodicReader init to NewOtelReader function. This allows us to use a ManualReader for tests. * Switch to mutex instead of sync.Map to avoid type assertion * Add gauge store * Clarify comments * return concrete sink type * Fix lint errors * Move gauge store to be within sink * Use context.TODO,rebase and clenaup opts handling * Rebase onto otl exporter to downgrade metrics API to v1.15.0-rc.1 * Fix imports * Update to latest stable version by rebasing on cc-4933, fix import, remove mutex init, fix opts error messages and use logger from ctx * Add lots of documentation to the OTELSink * Fix gauge store comment and check ok * Add select and ctx.Done() check to gauge callback * use require.Equal for attributes * Fixed import naming * Remove float64 calls and add a NewGaugeStore method * Change name Store to Set in gaugeStore, add concurrency tests in both OTELSink and gauge store * Generate 100 gauge operations * Seperate the labels into goroutines in sink test * Generate kv store for the test case keys to avoid using uuid * Added a race test with 300 samples for OTELSink * Do not pass in waitgroup and use error channel instead. * Using SHA 7dea2225a218872e86d2f580e82c089b321617b0 to avoid build failures in otel * Fix nits * pass extraSinks as function param instead * Add default interval as package export * remove verifyCCM func * Add clusterID * Fix import and add t.Parallel() for missing tests * Kick Vercel CI * Remove scheme from endpoint path, and fix error logging * return metrics.MetricSink for sink method * Update SDK * Added telemetry agent to client and init sink in deps * Add node_id and __replica__ default labels * add function for default labels and set x-hcp-resource-id * Fix labels tests * Commit suggestion for getDefaultLabels Co-authored-by: Joshua Timmons <joshua.timmons1@gmail.com> * Fixed server.id, and t.Parallel() * Make defaultLabels a method on the TelemetryConfig object * Rename FilterList to lowercase filterList * Cleanup filter implemetation by combining regex into a single one, and making the type lowercase * Fix append * use regex directly for filters * Fix x-resource-id test to use mocked value * Fix log.Error formats * Forgot the len(opts.Label) optimization) * Use cfg.NodeID instead --------- Co-authored-by: Joshua Timmons <joshua.timmons1@gmail.com> * remove replic tag (#17484) * [HCP Observability] Add custom metrics for OTEL sink, improve logging, upgrade modules and cleanup metrics client (#17455) * Add custom metrics for Exporter and transform operations * Improve deps logging Run go mod tidy * Upgrade SDK and OTEL * Remove the partial success implemetation and check for HTTP status code in metrics client * Add x-channel * cleanup logs in deps.go based on PR feedback * Change to debug log and lowercase * address test operation feedback * use GetHumanVersion on version * Fix error wrapping * Fix metric names * [HCP Observability] Turn off retries for now until dynamically configurable (#17496) * Remove retries for now until dynamic configuration is possible * Clarify comment * Update changelog * improve changelog --------- Co-authored-by: Joshua Timmons <joshua.timmons1@gmail.com>
469 lines
14 KiB
Go
469 lines
14 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/consul/agent/config"
|
|
"github.com/hashicorp/consul/agent/hcp"
|
|
hcpclient "github.com/hashicorp/consul/agent/hcp/client"
|
|
"github.com/hashicorp/consul/lib"
|
|
"github.com/hashicorp/consul/tlsutil"
|
|
"github.com/hashicorp/go-uuid"
|
|
"github.com/mitchellh/cli"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestBootstrapConfigLoader(t *testing.T) {
|
|
baseLoader := func(source config.Source) (config.LoadResult, error) {
|
|
return config.Load(config.LoadOpts{
|
|
DefaultConfig: source,
|
|
HCL: []string{
|
|
`server = true`,
|
|
`bind_addr = "127.0.0.1"`,
|
|
`data_dir = "/tmp/consul-data"`,
|
|
},
|
|
})
|
|
}
|
|
|
|
bootstrapLoader := func(source config.Source) (config.LoadResult, error) {
|
|
return bootstrapConfigLoader(baseLoader, &RawBootstrapConfig{
|
|
ConfigJSON: `{"bootstrap_expect": 8}`,
|
|
ManagementToken: "test-token",
|
|
})(source)
|
|
}
|
|
|
|
result, err := bootstrapLoader(nil)
|
|
require.NoError(t, err)
|
|
|
|
// bootstrap_expect and management token are injected from bootstrap config received from HCP.
|
|
require.Equal(t, 8, result.RuntimeConfig.BootstrapExpect)
|
|
require.Equal(t, "test-token", result.RuntimeConfig.Cloud.ManagementToken)
|
|
|
|
// Response header is always injected from a constant.
|
|
require.Equal(t, "x-consul-default-acl-policy", result.RuntimeConfig.HTTPResponseHeaders[accessControlHeaderName])
|
|
}
|
|
|
|
func Test_finalizeRuntimeConfig(t *testing.T) {
|
|
type testCase struct {
|
|
rc *config.RuntimeConfig
|
|
cfg *RawBootstrapConfig
|
|
verifyFn func(t *testing.T, rc *config.RuntimeConfig)
|
|
}
|
|
run := func(t *testing.T, tc testCase) {
|
|
finalizeRuntimeConfig(tc.rc, tc.cfg)
|
|
tc.verifyFn(t, tc.rc)
|
|
}
|
|
|
|
tt := map[string]testCase{
|
|
"set header if not present": {
|
|
rc: &config.RuntimeConfig{},
|
|
cfg: &RawBootstrapConfig{
|
|
ManagementToken: "test-token",
|
|
},
|
|
verifyFn: func(t *testing.T, rc *config.RuntimeConfig) {
|
|
require.Equal(t, "test-token", rc.Cloud.ManagementToken)
|
|
require.Equal(t, "x-consul-default-acl-policy", rc.HTTPResponseHeaders[accessControlHeaderName])
|
|
},
|
|
},
|
|
"append to header if present": {
|
|
rc: &config.RuntimeConfig{
|
|
HTTPResponseHeaders: map[string]string{
|
|
accessControlHeaderName: "Content-Encoding",
|
|
},
|
|
},
|
|
cfg: &RawBootstrapConfig{
|
|
ManagementToken: "test-token",
|
|
},
|
|
verifyFn: func(t *testing.T, rc *config.RuntimeConfig) {
|
|
require.Equal(t, "test-token", rc.Cloud.ManagementToken)
|
|
require.Equal(t, "Content-Encoding,x-consul-default-acl-policy", rc.HTTPResponseHeaders[accessControlHeaderName])
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tc := range tt {
|
|
t.Run(name, func(t *testing.T) {
|
|
run(t, tc)
|
|
})
|
|
}
|
|
}
|
|
|
|
func boolPtr(value bool) *bool {
|
|
return &value
|
|
}
|
|
|
|
func TestLoadConfig_Persistence(t *testing.T) {
|
|
type testCase struct {
|
|
// resourceID is the HCP resource ID. If set, a server is considered to be cloud-enabled.
|
|
resourceID string
|
|
|
|
// devMode indicates whether the loader should not have a data directory.
|
|
devMode bool
|
|
|
|
// verifyFn issues case-specific assertions.
|
|
verifyFn func(t *testing.T, rc *config.RuntimeConfig)
|
|
}
|
|
|
|
run := func(t *testing.T, tc testCase) {
|
|
dir, err := os.MkdirTemp(os.TempDir(), "bootstrap-test-")
|
|
require.NoError(t, err)
|
|
t.Cleanup(func() { os.RemoveAll(dir) })
|
|
|
|
s := hcp.NewMockHCPServer()
|
|
s.AddEndpoint(TestEndpoint())
|
|
|
|
// Use an HTTPS server since that's what the HCP SDK expects for auth.
|
|
srv := httptest.NewTLSServer(s)
|
|
defer srv.Close()
|
|
|
|
caCert, err := x509.ParseCertificate(srv.TLS.Certificates[0].Certificate[0])
|
|
require.NoError(t, err)
|
|
|
|
pool := x509.NewCertPool()
|
|
pool.AddCert(caCert)
|
|
clientTLS := &tls.Config{RootCAs: pool}
|
|
|
|
baseOpts := config.LoadOpts{
|
|
HCL: []string{
|
|
`server = true`,
|
|
`bind_addr = "127.0.0.1"`,
|
|
fmt.Sprintf(`http_config = { response_headers = { %s = "Content-Encoding" } }`, accessControlHeaderName),
|
|
fmt.Sprintf(`cloud { client_id="test" client_secret="test" hostname=%q auth_url=%q resource_id=%q }`,
|
|
srv.Listener.Addr().String(), srv.URL, tc.resourceID),
|
|
},
|
|
}
|
|
if tc.devMode {
|
|
baseOpts.DevMode = boolPtr(true)
|
|
} else {
|
|
baseOpts.HCL = append(baseOpts.HCL, fmt.Sprintf(`data_dir = %q`, dir))
|
|
}
|
|
|
|
baseLoader := func(source config.Source) (config.LoadResult, error) {
|
|
baseOpts.DefaultConfig = source
|
|
return config.Load(baseOpts)
|
|
}
|
|
|
|
ui := cli.NewMockUi()
|
|
|
|
// Load initial config to check whether bootstrapping from HCP is enabled.
|
|
initial, err := baseLoader(nil)
|
|
require.NoError(t, err)
|
|
|
|
// Override the client TLS config so that the test server can be trusted.
|
|
initial.RuntimeConfig.Cloud.WithTLSConfig(clientTLS)
|
|
client, err := hcpclient.NewClient(initial.RuntimeConfig.Cloud)
|
|
require.NoError(t, err)
|
|
|
|
loader, err := LoadConfig(context.Background(), client, initial.RuntimeConfig.DataDir, baseLoader, ui)
|
|
require.NoError(t, err)
|
|
|
|
// Load the agent config with the potentially wrapped loader.
|
|
fromRemote, err := loader(nil)
|
|
require.NoError(t, err)
|
|
|
|
// HCP-enabled cases should fetch from HCP on the first run of LoadConfig.
|
|
require.Contains(t, ui.OutputWriter.String(), "Fetching configuration from HCP")
|
|
|
|
// Run case-specific verification.
|
|
tc.verifyFn(t, fromRemote.RuntimeConfig)
|
|
|
|
require.Empty(t, fromRemote.RuntimeConfig.ACLInitialManagementToken,
|
|
"initial_management token should have been sanitized")
|
|
|
|
if tc.devMode {
|
|
// Re-running the bootstrap func below isn't relevant to dev mode
|
|
// since they don't have a data directory to load data from.
|
|
return
|
|
}
|
|
|
|
// Run LoadConfig again to exercise the logic of loading config from disk.
|
|
loader, err = LoadConfig(context.Background(), client, initial.RuntimeConfig.DataDir, baseLoader, ui)
|
|
require.NoError(t, err)
|
|
|
|
fromDisk, err := loader(nil)
|
|
require.NoError(t, err)
|
|
|
|
// HCP-enabled cases should fetch from disk on the second run.
|
|
require.Contains(t, ui.OutputWriter.String(), "Loaded HCP configuration from local disk")
|
|
|
|
// Config loaded from disk should be the same as the one that was initially fetched from the HCP servers.
|
|
require.Equal(t, fromRemote.RuntimeConfig, fromDisk.RuntimeConfig)
|
|
}
|
|
|
|
tt := map[string]testCase{
|
|
"dev mode": {
|
|
devMode: true,
|
|
|
|
resourceID: "organization/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"project/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"consul.cluster/new-cluster-id",
|
|
|
|
verifyFn: func(t *testing.T, rc *config.RuntimeConfig) {
|
|
require.Empty(t, rc.DataDir)
|
|
|
|
// Dev mode should have persisted certs since they can't be inlined.
|
|
require.NotEmpty(t, rc.TLS.HTTPS.CertFile)
|
|
require.NotEmpty(t, rc.TLS.HTTPS.KeyFile)
|
|
require.NotEmpty(t, rc.TLS.HTTPS.CAFile)
|
|
|
|
// Find the temporary directory they got stored in.
|
|
dir := filepath.Dir(rc.TLS.HTTPS.CertFile)
|
|
|
|
// Ensure we only stored the TLS materials.
|
|
entries, err := os.ReadDir(dir)
|
|
require.NoError(t, err)
|
|
require.Len(t, entries, 3)
|
|
|
|
haveFiles := make([]string, 3)
|
|
for i, entry := range entries {
|
|
haveFiles[i] = entry.Name()
|
|
}
|
|
|
|
wantFiles := []string{caFileName, certFileName, keyFileName}
|
|
require.ElementsMatch(t, wantFiles, haveFiles)
|
|
},
|
|
},
|
|
"new cluster": {
|
|
resourceID: "organization/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"project/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"consul.cluster/new-cluster-id",
|
|
|
|
// New clusters should have received and persisted the whole suite of config.
|
|
verifyFn: func(t *testing.T, rc *config.RuntimeConfig) {
|
|
dir := filepath.Join(rc.DataDir, subDir)
|
|
|
|
entries, err := os.ReadDir(dir)
|
|
require.NoError(t, err)
|
|
require.Len(t, entries, 6)
|
|
|
|
files := []string{
|
|
filepath.Join(dir, configFileName),
|
|
filepath.Join(dir, caFileName),
|
|
filepath.Join(dir, certFileName),
|
|
filepath.Join(dir, keyFileName),
|
|
filepath.Join(dir, tokenFileName),
|
|
filepath.Join(dir, successFileName),
|
|
}
|
|
for _, name := range files {
|
|
_, err := os.Stat(name)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
require.Equal(t, filepath.Join(dir, certFileName), rc.TLS.HTTPS.CertFile)
|
|
require.Equal(t, filepath.Join(dir, keyFileName), rc.TLS.HTTPS.KeyFile)
|
|
require.Equal(t, filepath.Join(dir, caFileName), rc.TLS.HTTPS.CAFile)
|
|
|
|
cert, key, caCerts, err := loadCerts(dir)
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, validateTLSCerts(cert, key, caCerts))
|
|
},
|
|
},
|
|
"existing cluster": {
|
|
resourceID: "organization/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"project/0b9de9a3-8403-4ca6-aba8-fca752f42100/" +
|
|
"consul.cluster/" + TestExistingClusterID,
|
|
|
|
// Existing clusters should have only received and persisted the management token.
|
|
verifyFn: func(t *testing.T, rc *config.RuntimeConfig) {
|
|
dir := filepath.Join(rc.DataDir, subDir)
|
|
|
|
entries, err := os.ReadDir(dir)
|
|
require.NoError(t, err)
|
|
require.Len(t, entries, 3)
|
|
|
|
files := []string{
|
|
filepath.Join(dir, tokenFileName),
|
|
filepath.Join(dir, successFileName),
|
|
filepath.Join(dir, configFileName),
|
|
}
|
|
for _, name := range files {
|
|
_, err := os.Stat(name)
|
|
require.NoError(t, err)
|
|
}
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tc := range tt {
|
|
t.Run(name, func(t *testing.T) {
|
|
run(t, tc)
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_loadPersistedBootstrapConfig(t *testing.T) {
|
|
type expect struct {
|
|
loaded bool
|
|
warning string
|
|
}
|
|
type testCase struct {
|
|
existingCluster bool
|
|
mutateFn func(t *testing.T, dir string)
|
|
expect expect
|
|
}
|
|
|
|
run := func(t *testing.T, tc testCase) {
|
|
dataDir, err := os.MkdirTemp(os.TempDir(), "load-bootstrap-test-")
|
|
require.NoError(t, err)
|
|
t.Cleanup(func() { os.RemoveAll(dataDir) })
|
|
|
|
dir := filepath.Join(dataDir, subDir)
|
|
|
|
// Do some common setup as if we received config from HCP and persisted it to disk.
|
|
require.NoError(t, lib.EnsurePath(dir, true))
|
|
require.NoError(t, persistSucessMarker(dir))
|
|
|
|
if !tc.existingCluster {
|
|
caCert, caKey, err := tlsutil.GenerateCA(tlsutil.CAOpts{})
|
|
require.NoError(t, err)
|
|
|
|
serverCert, serverKey, err := testLeaf(caCert, caKey)
|
|
require.NoError(t, err)
|
|
require.NoError(t, persistTLSCerts(dir, serverCert, serverKey, []string{caCert}))
|
|
|
|
cfgJSON := `{"bootstrap_expect": 8}`
|
|
require.NoError(t, persistBootstrapConfig(dir, cfgJSON))
|
|
}
|
|
|
|
token, err := uuid.GenerateUUID()
|
|
require.NoError(t, err)
|
|
require.NoError(t, persistManagementToken(dir, token))
|
|
|
|
// Optionally mutate the persisted data to trigger errors while loading.
|
|
if tc.mutateFn != nil {
|
|
tc.mutateFn(t, dir)
|
|
}
|
|
|
|
ui := cli.NewMockUi()
|
|
cfg, loaded := loadPersistedBootstrapConfig(dataDir, ui)
|
|
require.Equal(t, tc.expect.loaded, loaded, ui.ErrorWriter.String())
|
|
if loaded {
|
|
require.Equal(t, token, cfg.ManagementToken)
|
|
require.Empty(t, ui.ErrorWriter.String())
|
|
|
|
} else {
|
|
require.Nil(t, cfg)
|
|
require.Contains(t, ui.ErrorWriter.String(), tc.expect.warning)
|
|
}
|
|
}
|
|
|
|
tt := map[string]testCase{
|
|
"existing cluster with valid files": {
|
|
existingCluster: true,
|
|
// Don't mutate, files from setup are valid.
|
|
mutateFn: nil,
|
|
expect: expect{
|
|
loaded: true,
|
|
warning: "",
|
|
},
|
|
},
|
|
"existing cluster missing token": {
|
|
existingCluster: true,
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
// Remove the token file while leaving the existing cluster marker.
|
|
require.NoError(t, os.Remove(filepath.Join(dir, tokenFileName)))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "configuration files on disk are incomplete",
|
|
},
|
|
},
|
|
"existing cluster no files": {
|
|
existingCluster: true,
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
// Remove all files
|
|
require.NoError(t, os.RemoveAll(dir))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
// No warnings since we assume we need to fetch config from HCP for the first time.
|
|
warning: "",
|
|
},
|
|
},
|
|
"new cluster with valid files": {
|
|
// Don't mutate, files from setup are valid.
|
|
mutateFn: nil,
|
|
expect: expect{
|
|
loaded: true,
|
|
warning: "",
|
|
},
|
|
},
|
|
"new cluster some files": {
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
// Remove one of the required files
|
|
require.NoError(t, os.Remove(filepath.Join(dir, certFileName)))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "configuration files on disk are incomplete",
|
|
},
|
|
},
|
|
"new cluster no files": {
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
// Remove all files
|
|
require.NoError(t, os.RemoveAll(dir))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
// No warnings since we assume we need to fetch config from HCP for the first time.
|
|
warning: "",
|
|
},
|
|
},
|
|
"new cluster invalid cert": {
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
name := filepath.Join(dir, certFileName)
|
|
require.NoError(t, os.WriteFile(name, []byte("not-a-cert"), 0600))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "invalid server certificate",
|
|
},
|
|
},
|
|
"new cluster invalid CA": {
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
name := filepath.Join(dir, caFileName)
|
|
require.NoError(t, os.WriteFile(name, []byte("not-a-ca-cert"), 0600))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "invalid CA certificate",
|
|
},
|
|
},
|
|
"new cluster invalid config flag": {
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
name := filepath.Join(dir, configFileName)
|
|
require.NoError(t, os.WriteFile(name, []byte(`{"not_a_consul_agent_config_field" = "zap"}`), 0600))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "failed to parse local bootstrap config",
|
|
},
|
|
},
|
|
"existing cluster invalid token": {
|
|
existingCluster: true,
|
|
mutateFn: func(t *testing.T, dir string) {
|
|
name := filepath.Join(dir, tokenFileName)
|
|
require.NoError(t, os.WriteFile(name, []byte("not-a-uuid"), 0600))
|
|
},
|
|
expect: expect{
|
|
loaded: false,
|
|
warning: "is not a valid UUID",
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tc := range tt {
|
|
t.Run(name, func(t *testing.T) {
|
|
run(t, tc)
|
|
})
|
|
}
|
|
}
|