mirror of
https://github.com/status-im/consul.git
synced 2025-01-24 20:51:10 +00:00
fdd10dd8b8
Fixes: #5396 This PR adds a proxy configuration stanza called expose. These flags register listeners in Connect sidecar proxies to allow requests to specific HTTP paths from outside of the node. This allows services to protect themselves by only listening on the loopback interface, while still accepting traffic from non Connect-enabled services. Under expose there is a boolean checks flag that would automatically expose all registered HTTP and gRPC check paths. This stanza also accepts a paths list to expose individual paths. The primary use case for this functionality would be to expose paths for third parties like Prometheus or the kubelet. Listeners for requests to exposed paths are be configured dynamically at run time. Any time a proxy, or check can be registered, a listener can also be created. In this initial implementation requests to these paths are not authenticated/encrypted.
1612 lines
36 KiB
Go
1612 lines
36 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/http/httputil"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/hashicorp/consul/sdk/testutil"
|
|
"github.com/hashicorp/consul/sdk/testutil/retry"
|
|
"github.com/hashicorp/serf/serf"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestAPI_AgentSelf(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
info, err := agent.Self()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
name := info["Config"]["NodeName"].(string)
|
|
if name == "" {
|
|
t.Fatalf("bad: %v", info)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentMetrics(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
|
|
timer := &retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}
|
|
retry.RunWith(timer, t, func(r *retry.R) {
|
|
metrics, err := agent.Metrics()
|
|
if err != nil {
|
|
r.Fatalf("err: %v", err)
|
|
}
|
|
for _, g := range metrics.Gauges {
|
|
if g.Name == "consul.runtime.alloc_bytes" {
|
|
return
|
|
}
|
|
}
|
|
r.Fatalf("missing runtime metrics")
|
|
})
|
|
}
|
|
|
|
func TestAPI_AgentHost(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
timer := &retry.Timer{}
|
|
retry.RunWith(timer, t, func(r *retry.R) {
|
|
host, err := agent.Host()
|
|
if err != nil {
|
|
r.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// CollectionTime should exist on all responses
|
|
if host["CollectionTime"] == nil {
|
|
r.Fatalf("missing host response")
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestAPI_AgentReload(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Create our initial empty config file, to be overwritten later
|
|
cfgDir := testutil.TempDir(t, "consul-config")
|
|
defer os.RemoveAll(cfgDir)
|
|
|
|
cfgFilePath := filepath.Join(cfgDir, "reload.json")
|
|
configFile, err := os.Create(cfgFilePath)
|
|
if err != nil {
|
|
t.Fatalf("Unable to create file %v, got error:%v", cfgFilePath, err)
|
|
}
|
|
|
|
c, s := makeClientWithConfig(t, nil, func(conf *testutil.TestServerConfig) {
|
|
conf.Args = []string{"-config-file", configFile.Name()}
|
|
})
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// Update the config file with a service definition
|
|
config := `{"service":{"name":"redis", "port":1234, "Meta": {"some": "meta"}}}`
|
|
err = ioutil.WriteFile(configFile.Name(), []byte(config), 0644)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if err = agent.Reload(); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
service, ok := services["redis"]
|
|
if !ok {
|
|
t.Fatalf("bad: %v", ok)
|
|
}
|
|
if service.Port != 1234 {
|
|
t.Fatalf("bad: %v", service.Port)
|
|
}
|
|
if service.Meta["some"] != "meta" {
|
|
t.Fatalf("Missing metadata some:=meta in %v", service)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentMembersOpts(t *testing.T) {
|
|
t.Parallel()
|
|
c, s1 := makeClient(t)
|
|
_, s2 := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) {
|
|
c.Datacenter = "dc2"
|
|
})
|
|
defer s1.Stop()
|
|
defer s2.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
s2.JoinWAN(t, s1.WANAddr)
|
|
|
|
members, err := agent.MembersOpts(MembersOpts{WAN: true})
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if len(members) != 2 {
|
|
t.Fatalf("bad: %v", members)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentMembers(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
members, err := agent.Members(false)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if len(members) != 1 {
|
|
t.Fatalf("bad: %v", members)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
ID: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
TaggedAddresses: map[string]ServiceAddress{
|
|
"lan": ServiceAddress{
|
|
Address: "198.18.0.1",
|
|
Port: 80,
|
|
},
|
|
},
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["foo"]; !ok {
|
|
t.Fatalf("missing service: %#v", services)
|
|
}
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
chk, ok := checks["service:foo"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
|
|
// Checks should default to critical
|
|
if chk.Status != HealthCritical {
|
|
t.Fatalf("Bad: %#v", chk)
|
|
}
|
|
|
|
state, out, err := agent.AgentHealthServiceByID("foo2")
|
|
require.Nil(t, err)
|
|
require.Nil(t, out)
|
|
require.Equal(t, HealthCritical, state)
|
|
|
|
state, out, err = agent.AgentHealthServiceByID("foo")
|
|
require.Nil(t, err)
|
|
require.NotNil(t, out)
|
|
require.Equal(t, HealthCritical, state)
|
|
require.Equal(t, 8000, out.Service.Port)
|
|
|
|
state, outs, err := agent.AgentHealthServiceByName("foo")
|
|
require.Nil(t, err)
|
|
require.NotNil(t, outs)
|
|
require.Equal(t, HealthCritical, state)
|
|
require.Equal(t, 8000, out.Service.Port)
|
|
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServicesWithFilter(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
ID: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
require.NoError(t, agent.ServiceRegister(reg))
|
|
|
|
reg = &AgentServiceRegistration{
|
|
Name: "foo",
|
|
ID: "foo2",
|
|
Tags: []string{"foo", "baz"},
|
|
Port: 8001,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
require.NoError(t, agent.ServiceRegister(reg))
|
|
|
|
services, err := agent.ServicesWithFilter("foo in Tags")
|
|
require.NoError(t, err)
|
|
require.Len(t, services, 1)
|
|
_, ok := services["foo2"]
|
|
require.True(t, ok)
|
|
}
|
|
|
|
func TestAPI_AgentServices_SidecarService(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// Register service
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Port: 8000,
|
|
Connect: &AgentServiceConnect{
|
|
SidecarService: &AgentServiceRegistration{},
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["foo"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
if _, ok := services["foo-sidecar-proxy"]; !ok {
|
|
t.Fatalf("missing sidecar service: %v", services)
|
|
}
|
|
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Deregister should have removed both service and it's sidecar
|
|
services, err = agent.Services()
|
|
require.NoError(t, err)
|
|
|
|
if _, ok := services["foo"]; ok {
|
|
t.Fatalf("didn't remove service: %v", services)
|
|
}
|
|
if _, ok := services["foo-sidecar-proxy"]; ok {
|
|
t.Fatalf("didn't remove sidecar service: %v", services)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices_ExternalConnectProxy(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// Register service
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Port: 8000,
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
// Register proxy
|
|
reg = &AgentServiceRegistration{
|
|
Kind: ServiceKindConnectProxy,
|
|
Name: "foo-proxy",
|
|
Port: 8001,
|
|
Proxy: &AgentServiceConnectProxyConfig{
|
|
DestinationServiceName: "foo",
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["foo"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
if _, ok := services["foo-proxy"]; !ok {
|
|
t.Fatalf("missing proxy service: %v", services)
|
|
}
|
|
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if err := agent.ServiceDeregister("foo-proxy"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices_CheckPassing(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
Status: HealthPassing,
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["foo"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
chk, ok := checks["service:foo"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
|
|
if chk.Status != HealthPassing {
|
|
t.Fatalf("Bad: %#v", chk)
|
|
}
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices_CheckBadStatus(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
Status: "fluffy",
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err == nil {
|
|
t.Fatalf("bad status accepted")
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices_CheckID(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
CheckID: "foo-ttl",
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := checks["foo-ttl"]; !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServiceAddress(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg1 := &AgentServiceRegistration{
|
|
Name: "foo1",
|
|
Port: 8000,
|
|
Address: "192.168.0.42",
|
|
}
|
|
reg2 := &AgentServiceRegistration{
|
|
Name: "foo2",
|
|
Port: 8000,
|
|
TaggedAddresses: map[string]ServiceAddress{
|
|
"lan": ServiceAddress{
|
|
Address: "192.168.0.43",
|
|
Port: 8000,
|
|
},
|
|
"wan": ServiceAddress{
|
|
Address: "198.18.0.1",
|
|
Port: 80,
|
|
},
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg1); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if err := agent.ServiceRegister(reg2); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, ok := services["foo1"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
if _, ok := services["foo2"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
|
|
if services["foo1"].Address != "192.168.0.42" {
|
|
t.Fatalf("missing Address field in service foo1: %v", services)
|
|
}
|
|
if services["foo2"].Address != "" {
|
|
t.Fatalf("missing Address field in service foo2: %v", services)
|
|
}
|
|
require.NotNil(t, services["foo2"].TaggedAddresses)
|
|
require.Contains(t, services["foo2"].TaggedAddresses, "lan")
|
|
require.Contains(t, services["foo2"].TaggedAddresses, "wan")
|
|
require.Equal(t, services["foo2"].TaggedAddresses["lan"].Address, "192.168.0.43")
|
|
require.Equal(t, services["foo2"].TaggedAddresses["lan"].Port, 8000)
|
|
require.Equal(t, services["foo2"].TaggedAddresses["wan"].Address, "198.18.0.1")
|
|
require.Equal(t, services["foo2"].TaggedAddresses["wan"].Port, 80)
|
|
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentEnableTagOverride(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg1 := &AgentServiceRegistration{
|
|
Name: "foo1",
|
|
Port: 8000,
|
|
Address: "192.168.0.42",
|
|
EnableTagOverride: true,
|
|
}
|
|
reg2 := &AgentServiceRegistration{
|
|
Name: "foo2",
|
|
Port: 8000,
|
|
}
|
|
if err := agent.ServiceRegister(reg1); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if err := agent.ServiceRegister(reg2); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, ok := services["foo1"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
if services["foo1"].EnableTagOverride != true {
|
|
t.Fatalf("tag override not set on service foo1: %v", services)
|
|
}
|
|
if _, ok := services["foo2"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
if services["foo2"].EnableTagOverride != false {
|
|
t.Fatalf("tag override set on service foo2: %v", services)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentServices_MultipleChecks(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Checks: AgentServiceChecks{
|
|
&AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
&AgentServiceCheck{
|
|
TTL: "30s",
|
|
},
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["foo"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := checks["service:foo:1"]; !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if _, ok := checks["service:foo:2"]; !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentService(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
require := require.New(t)
|
|
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
Checks: AgentServiceChecks{
|
|
&AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
&AgentServiceCheck{
|
|
TTL: "30s",
|
|
},
|
|
},
|
|
}
|
|
require.NoError(agent.ServiceRegister(reg))
|
|
|
|
got, qm, err := agent.Service("foo", nil)
|
|
require.NoError(err)
|
|
|
|
expect := &AgentService{
|
|
ID: "foo",
|
|
Service: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
ContentHash: "6b13684bfe179e67",
|
|
Port: 8000,
|
|
Weights: AgentWeights{
|
|
Passing: 1,
|
|
Warning: 1,
|
|
},
|
|
Meta: map[string]string{},
|
|
}
|
|
require.Equal(expect, got)
|
|
require.Equal(expect.ContentHash, qm.LastContentHash)
|
|
|
|
// Sanity check blocking behavior - this is more thoroughly tested in the
|
|
// agent endpoint tests but this ensures that the API package is at least
|
|
// passing the hash param properly.
|
|
opts := QueryOptions{
|
|
WaitHash: qm.LastContentHash,
|
|
WaitTime: 100 * time.Millisecond, // Just long enough to be reliably measurable
|
|
}
|
|
start := time.Now()
|
|
got, qm, err = agent.Service("foo", &opts)
|
|
elapsed := time.Since(start)
|
|
require.NoError(err)
|
|
require.True(elapsed >= opts.WaitTime)
|
|
}
|
|
|
|
func TestAPI_AgentSetTTLStatus(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
verify := func(status, output string) {
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
chk, ok := checks["service:foo"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if chk.Status != status {
|
|
t.Fatalf("Bad: %#v", chk)
|
|
}
|
|
if chk.Output != output {
|
|
t.Fatalf("Bad: %#v", chk)
|
|
}
|
|
}
|
|
|
|
if err := agent.WarnTTL("service:foo", "foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthWarning, "foo")
|
|
|
|
if err := agent.PassTTL("service:foo", "bar"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthPassing, "bar")
|
|
|
|
if err := agent.FailTTL("service:foo", "baz"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthCritical, "baz")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "foo", "warn"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthWarning, "foo")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "bar", "pass"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthPassing, "bar")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "baz", "fail"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthCritical, "baz")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "foo", HealthWarning); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthWarning, "foo")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "bar", HealthPassing); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthPassing, "bar")
|
|
|
|
if err := agent.UpdateTTL("service:foo", "baz", HealthCritical); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
verify(HealthCritical, "baz")
|
|
|
|
if err := agent.ServiceDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentChecks(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := &AgentCheckRegistration{
|
|
Name: "foo",
|
|
}
|
|
reg.TTL = "15s"
|
|
if err := agent.CheckRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
chk, ok := checks["foo"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if chk.Status != HealthCritical {
|
|
t.Fatalf("check not critical: %v", chk)
|
|
}
|
|
|
|
if err := agent.CheckDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentChecksWithFilter(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := &AgentCheckRegistration{
|
|
Name: "foo",
|
|
}
|
|
reg.TTL = "15s"
|
|
require.NoError(t, agent.CheckRegister(reg))
|
|
reg = &AgentCheckRegistration{
|
|
Name: "bar",
|
|
}
|
|
reg.TTL = "15s"
|
|
require.NoError(t, agent.CheckRegister(reg))
|
|
|
|
checks, err := agent.ChecksWithFilter("Name == foo")
|
|
require.NoError(t, err)
|
|
require.Len(t, checks, 1)
|
|
_, ok := checks["foo"]
|
|
require.True(t, ok)
|
|
}
|
|
|
|
func TestAPI_AgentScriptCheck(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) {
|
|
c.EnableScriptChecks = true
|
|
})
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
t.Run("node script check", func(t *testing.T) {
|
|
reg := &AgentCheckRegistration{
|
|
Name: "foo",
|
|
AgentServiceCheck: AgentServiceCheck{
|
|
Interval: "10s",
|
|
Args: []string{"sh", "-c", "false"},
|
|
},
|
|
}
|
|
if err := agent.CheckRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := checks["foo"]; !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
})
|
|
|
|
t.Run("service script check", func(t *testing.T) {
|
|
reg := &AgentServiceRegistration{
|
|
Name: "bar",
|
|
Port: 1234,
|
|
Checks: AgentServiceChecks{
|
|
&AgentServiceCheck{
|
|
Interval: "10s",
|
|
Args: []string{"sh", "-c", "false"},
|
|
},
|
|
},
|
|
}
|
|
if err := agent.ServiceRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
services, err := agent.Services()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := services["bar"]; !ok {
|
|
t.Fatalf("missing service: %v", services)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if _, ok := checks["service:bar"]; !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestAPI_AgentCheckStartPassing(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := &AgentCheckRegistration{
|
|
Name: "foo",
|
|
AgentServiceCheck: AgentServiceCheck{
|
|
Status: HealthPassing,
|
|
},
|
|
}
|
|
reg.TTL = "15s"
|
|
if err := agent.CheckRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
chk, ok := checks["foo"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if chk.Status != HealthPassing {
|
|
t.Fatalf("check not passing: %v", chk)
|
|
}
|
|
|
|
if err := agent.CheckDeregister("foo"); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentChecks_serviceBound(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
|
|
// First register a service
|
|
serviceReg := &AgentServiceRegistration{
|
|
Name: "redis",
|
|
}
|
|
if err := agent.ServiceRegister(serviceReg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Register a check bound to the service
|
|
reg := &AgentCheckRegistration{
|
|
Name: "redischeck",
|
|
ServiceID: "redis",
|
|
}
|
|
reg.TTL = "15s"
|
|
reg.DeregisterCriticalServiceAfter = "nope"
|
|
err := agent.CheckRegister(reg)
|
|
if err == nil || !strings.Contains(err.Error(), "invalid duration") {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
reg.DeregisterCriticalServiceAfter = "90m"
|
|
if err := agent.CheckRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
check, ok := checks["redischeck"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if check.ServiceID != "redis" {
|
|
t.Fatalf("missing service association for check: %v", check)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentChecks_Docker(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) {
|
|
c.EnableScriptChecks = true
|
|
})
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// First register a service
|
|
serviceReg := &AgentServiceRegistration{
|
|
Name: "redis",
|
|
}
|
|
if err := agent.ServiceRegister(serviceReg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Register a check bound to the service
|
|
reg := &AgentCheckRegistration{
|
|
Name: "redischeck",
|
|
ServiceID: "redis",
|
|
AgentServiceCheck: AgentServiceCheck{
|
|
DockerContainerID: "f972c95ebf0e",
|
|
Args: []string{"/bin/true"},
|
|
Shell: "/bin/bash",
|
|
Interval: "10s",
|
|
},
|
|
}
|
|
if err := agent.CheckRegister(reg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
check, ok := checks["redischeck"]
|
|
if !ok {
|
|
t.Fatalf("missing check: %v", checks)
|
|
}
|
|
if check.ServiceID != "redis" {
|
|
t.Fatalf("missing service association for check: %v", check)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentJoin(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
info, err := agent.Self()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Join ourself
|
|
addr := info["DebugConfig"]["SerfAdvertiseAddrLAN"].(string)
|
|
// strip off 'tcp://'
|
|
addr = addr[len("tcp://"):]
|
|
err = agent.Join(addr, false)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentLeave(t *testing.T) {
|
|
t.Parallel()
|
|
c1, s1 := makeClient(t)
|
|
defer s1.Stop()
|
|
|
|
c2, s2 := makeClientWithConfig(t, nil, func(conf *testutil.TestServerConfig) {
|
|
conf.Server = false
|
|
conf.Bootstrap = false
|
|
})
|
|
defer s2.Stop()
|
|
|
|
if err := c2.Agent().Join(s1.LANAddr, false); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// We sometimes see an EOF response to this one, depending on timing.
|
|
err := c2.Agent().Leave()
|
|
if err != nil && !strings.Contains(err.Error(), "EOF") {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Make sure the second agent's status is 'Left'
|
|
members, err := c1.Agent().Members(false)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
member := members[0]
|
|
if member.Name == s1.Config.NodeName {
|
|
member = members[1]
|
|
}
|
|
if member.Status != int(serf.StatusLeft) {
|
|
t.Fatalf("bad: %v", *member)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentForceLeave(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// Eject somebody
|
|
err := agent.ForceLeave("foo")
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentMonitor(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
logCh, err := agent.Monitor("info", nil, nil)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Wait for the first log message and validate it
|
|
select {
|
|
case log := <-logCh:
|
|
if !strings.Contains(log, "[INFO]") {
|
|
t.Fatalf("bad: %q", log)
|
|
}
|
|
case <-time.After(10 * time.Second):
|
|
t.Fatalf("failed to get a log message")
|
|
}
|
|
}
|
|
|
|
func TestAPI_ServiceMaintenance(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
// First register a service
|
|
serviceReg := &AgentServiceRegistration{
|
|
Name: "redis",
|
|
}
|
|
if err := agent.ServiceRegister(serviceReg); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
// Enable maintenance mode
|
|
if err := agent.EnableServiceMaintenance("redis", "broken"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Ensure a critical check was added
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
found := false
|
|
for _, check := range checks {
|
|
if strings.Contains(check.CheckID, "maintenance") {
|
|
found = true
|
|
if check.Status != HealthCritical || check.Notes != "broken" {
|
|
t.Fatalf("bad: %#v", checks)
|
|
}
|
|
}
|
|
}
|
|
if !found {
|
|
t.Fatalf("bad: %#v", checks)
|
|
}
|
|
|
|
// Disable maintenance mode
|
|
if err := agent.DisableServiceMaintenance("redis"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Ensure the critical health check was removed
|
|
checks, err = agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
for _, check := range checks {
|
|
if strings.Contains(check.CheckID, "maintenance") {
|
|
t.Fatalf("should have removed health check")
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAPI_NodeMaintenance(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
|
|
// Enable maintenance mode
|
|
if err := agent.EnableNodeMaintenance("broken"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Check that a critical check was added
|
|
checks, err := agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
found := false
|
|
for _, check := range checks {
|
|
if strings.Contains(check.CheckID, "maintenance") {
|
|
found = true
|
|
if check.Status != HealthCritical || check.Notes != "broken" {
|
|
t.Fatalf("bad: %#v", checks)
|
|
}
|
|
}
|
|
}
|
|
if !found {
|
|
t.Fatalf("bad: %#v", checks)
|
|
}
|
|
|
|
// Disable maintenance mode
|
|
if err := agent.DisableNodeMaintenance(); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Ensure the check was removed
|
|
checks, err = agent.Checks()
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
for _, check := range checks {
|
|
if strings.Contains(check.CheckID, "maintenance") {
|
|
t.Fatalf("should have removed health check")
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAPI_AgentUpdateToken(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeACLClient(t)
|
|
defer s.Stop()
|
|
|
|
t.Run("deprecated", func(t *testing.T) {
|
|
agent := c.Agent()
|
|
if _, err := agent.UpdateACLToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateACLAgentToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateACLAgentMasterToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateACLReplicationToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
})
|
|
|
|
t.Run("new with no fallback", func(t *testing.T) {
|
|
agent := c.Agent()
|
|
if _, err := agent.UpdateDefaultACLToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateAgentACLToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateAgentMasterACLToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if _, err := agent.UpdateReplicationACLToken("root", nil); err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
})
|
|
|
|
t.Run("new with fallback", func(t *testing.T) {
|
|
// Respond with 404 for the new paths to trigger fallback.
|
|
failer := func(w http.ResponseWriter, req *http.Request) {
|
|
w.WriteHeader(404)
|
|
}
|
|
notfound := httptest.NewServer(http.HandlerFunc(failer))
|
|
defer notfound.Close()
|
|
|
|
raw := c // real consul client
|
|
|
|
// Set up a reverse proxy that will send some requests to the
|
|
// 404 server and pass everything else through to the real Consul
|
|
// server.
|
|
director := func(req *http.Request) {
|
|
req.URL.Scheme = "http"
|
|
|
|
switch req.URL.Path {
|
|
case "/v1/agent/token/default",
|
|
"/v1/agent/token/agent",
|
|
"/v1/agent/token/agent_master",
|
|
"/v1/agent/token/replication":
|
|
req.URL.Host = notfound.URL[7:] // Strip off "http://".
|
|
default:
|
|
req.URL.Host = raw.config.Address
|
|
}
|
|
}
|
|
proxy := httptest.NewServer(&httputil.ReverseProxy{Director: director})
|
|
defer proxy.Close()
|
|
|
|
// Make another client that points at the proxy instead of the real
|
|
// Consul server.
|
|
config := raw.config
|
|
config.Address = proxy.URL[7:] // Strip off "http://".
|
|
c, err := NewClient(&config)
|
|
require.NoError(t, err)
|
|
|
|
agent := c.Agent()
|
|
|
|
_, err = agent.UpdateDefaultACLToken("root", nil)
|
|
require.NoError(t, err)
|
|
|
|
_, err = agent.UpdateAgentACLToken("root", nil)
|
|
require.NoError(t, err)
|
|
|
|
_, err = agent.UpdateAgentMasterACLToken("root", nil)
|
|
require.NoError(t, err)
|
|
|
|
_, err = agent.UpdateReplicationACLToken("root", nil)
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("new with 403s", func(t *testing.T) {
|
|
failer := func(w http.ResponseWriter, req *http.Request) {
|
|
w.WriteHeader(403)
|
|
}
|
|
authdeny := httptest.NewServer(http.HandlerFunc(failer))
|
|
defer authdeny.Close()
|
|
|
|
raw := c // real consul client
|
|
|
|
// Make another client that points at the proxy instead of the real
|
|
// Consul server.
|
|
config := raw.config
|
|
config.Address = authdeny.URL[7:] // Strip off "http://".
|
|
c, err := NewClient(&config)
|
|
require.NoError(t, err)
|
|
|
|
agent := c.Agent()
|
|
|
|
_, err = agent.UpdateDefaultACLToken("root", nil)
|
|
require.Error(t, err)
|
|
|
|
_, err = agent.UpdateAgentACLToken("root", nil)
|
|
require.Error(t, err)
|
|
|
|
_, err = agent.UpdateAgentMasterACLToken("root", nil)
|
|
require.Error(t, err)
|
|
|
|
_, err = agent.UpdateReplicationACLToken("root", nil)
|
|
require.Error(t, err)
|
|
})
|
|
}
|
|
|
|
func TestAPI_AgentConnectCARoots_empty(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
require := require.New(t)
|
|
c, s := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) {
|
|
c.Connect = nil // disable connect to prevent CA being bootstrapped
|
|
})
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
_, _, err := agent.ConnectCARoots(nil)
|
|
require.Error(err)
|
|
require.Contains(err.Error(), "Connect must be enabled")
|
|
}
|
|
|
|
func TestAPI_AgentConnectCARoots_list(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
require := require.New(t)
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
list, meta, err := agent.ConnectCARoots(nil)
|
|
require.NoError(err)
|
|
require.True(meta.LastIndex > 0)
|
|
require.Len(list.Roots, 1)
|
|
}
|
|
|
|
func TestAPI_AgentConnectCALeaf(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
require := require.New(t)
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
// Setup service
|
|
reg := &AgentServiceRegistration{
|
|
Name: "foo",
|
|
Tags: []string{"bar", "baz"},
|
|
Port: 8000,
|
|
}
|
|
require.NoError(agent.ServiceRegister(reg))
|
|
|
|
leaf, meta, err := agent.ConnectCALeaf("foo", nil)
|
|
require.NoError(err)
|
|
require.True(meta.LastIndex > 0)
|
|
// Sanity checks here as we have actual certificate validation checks at many
|
|
// other levels.
|
|
require.NotEmpty(leaf.SerialNumber)
|
|
require.NotEmpty(leaf.CertPEM)
|
|
require.NotEmpty(leaf.PrivateKeyPEM)
|
|
require.Equal("foo", leaf.Service)
|
|
require.True(strings.HasSuffix(leaf.ServiceURI, "/svc/foo"))
|
|
require.True(leaf.ModifyIndex > 0)
|
|
require.True(leaf.ValidAfter.Before(time.Now()))
|
|
require.True(leaf.ValidBefore.After(time.Now()))
|
|
}
|
|
|
|
func TestAPI_AgentConnectAuthorize(t *testing.T) {
|
|
t.Parallel()
|
|
require := require.New(t)
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
s.WaitForSerfCheck(t)
|
|
params := &AgentAuthorizeParams{
|
|
Target: "foo",
|
|
ClientCertSerial: "fake",
|
|
// Importing connect.TestSpiffeIDService creates an import cycle
|
|
ClientCertURI: "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/ny1/svc/web",
|
|
}
|
|
auth, err := agent.ConnectAuthorize(params)
|
|
require.Nil(err)
|
|
require.True(auth.Authorized)
|
|
require.Equal(auth.Reason, "ACLs disabled, access is allowed by default")
|
|
}
|
|
|
|
func TestAPI_AgentHealthService(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
requireServiceHealthID := func(t *testing.T, serviceID, expected string, shouldExist bool) {
|
|
msg := fmt.Sprintf("service id:%s, shouldExist:%v, expectedStatus:%s : bad %%s", serviceID, shouldExist, expected)
|
|
|
|
state, out, err := agent.AgentHealthServiceByID(serviceID)
|
|
require.Nil(t, err, msg, "err")
|
|
require.Equal(t, expected, state, msg, "state")
|
|
if !shouldExist {
|
|
require.Nil(t, out, msg, "shouldExist")
|
|
} else {
|
|
require.NotNil(t, out, msg, "output")
|
|
require.Equal(t, serviceID, out.Service.ID, msg, "output")
|
|
}
|
|
}
|
|
requireServiceHealthName := func(t *testing.T, serviceName, expected string, shouldExist bool) {
|
|
msg := fmt.Sprintf("service name:%s, shouldExist:%v, expectedStatus:%s : bad %%s", serviceName, shouldExist, expected)
|
|
|
|
state, outs, err := agent.AgentHealthServiceByName(serviceName)
|
|
require.Nil(t, err, msg, "err")
|
|
require.Equal(t, expected, state, msg, "state")
|
|
if !shouldExist {
|
|
require.Equal(t, 0, len(outs), msg, "output")
|
|
} else {
|
|
require.True(t, len(outs) > 0, msg, "output")
|
|
for _, o := range outs {
|
|
require.Equal(t, serviceName, o.Service.Service, msg, "output")
|
|
}
|
|
}
|
|
}
|
|
|
|
requireServiceHealthID(t, "_i_do_not_exist_", HealthCritical, false)
|
|
requireServiceHealthName(t, "_i_do_not_exist_", HealthCritical, false)
|
|
|
|
testServiceID1 := "foo"
|
|
testServiceID2 := "foofoo"
|
|
testServiceName := "bar"
|
|
|
|
// register service
|
|
reg := &AgentServiceRegistration{
|
|
Name: testServiceName,
|
|
ID: testServiceID1,
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
err := agent.ServiceRegister(reg)
|
|
require.Nil(t, err)
|
|
requireServiceHealthID(t, testServiceID1, HealthCritical, true)
|
|
requireServiceHealthName(t, testServiceName, HealthCritical, true)
|
|
|
|
err = agent.WarnTTL(fmt.Sprintf("service:%s", testServiceID1), "I am warn")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthWarning, true)
|
|
requireServiceHealthID(t, testServiceID1, HealthWarning, true)
|
|
|
|
err = agent.PassTTL(fmt.Sprintf("service:%s", testServiceID1), "I am good :)")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthPassing, true)
|
|
requireServiceHealthID(t, testServiceID1, HealthPassing, true)
|
|
|
|
err = agent.FailTTL(fmt.Sprintf("service:%s", testServiceID1), "I am dead.")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthCritical, true)
|
|
requireServiceHealthID(t, testServiceID1, HealthCritical, true)
|
|
|
|
// register another service
|
|
reg = &AgentServiceRegistration{
|
|
Name: testServiceName,
|
|
ID: testServiceID2,
|
|
Port: 8000,
|
|
Check: &AgentServiceCheck{
|
|
TTL: "15s",
|
|
},
|
|
}
|
|
err = agent.ServiceRegister(reg)
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthCritical, true)
|
|
|
|
err = agent.PassTTL(fmt.Sprintf("service:%s", testServiceID1), "I am good :)")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthCritical, true)
|
|
|
|
err = agent.WarnTTL(fmt.Sprintf("service:%s", testServiceID2), "I am warn")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthWarning, true)
|
|
|
|
err = agent.PassTTL(fmt.Sprintf("service:%s", testServiceID2), "I am good :)")
|
|
require.Nil(t, err)
|
|
requireServiceHealthName(t, testServiceName, HealthPassing, true)
|
|
}
|
|
|
|
func TestAgentService_JSON_OmitTaggedAdddresses(t *testing.T) {
|
|
t.Parallel()
|
|
cases := []struct {
|
|
name string
|
|
as AgentService
|
|
}{
|
|
{
|
|
"nil",
|
|
AgentService{
|
|
TaggedAddresses: nil,
|
|
},
|
|
},
|
|
{
|
|
"empty",
|
|
AgentService{
|
|
TaggedAddresses: make(map[string]ServiceAddress),
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
name := tc.name
|
|
as := tc.as
|
|
t.Run(name, func(t *testing.T) {
|
|
t.Parallel()
|
|
data, err := json.Marshal(as)
|
|
require.NoError(t, err)
|
|
var raw map[string]interface{}
|
|
err = json.Unmarshal(data, &raw)
|
|
require.NoError(t, err)
|
|
require.NotContains(t, raw, "TaggedAddresses")
|
|
require.NotContains(t, raw, "tagged_addresses")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAgentService_Register_MeshGateway(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
reg := AgentServiceRegistration{
|
|
Kind: ServiceKindMeshGateway,
|
|
Name: "mesh-gateway",
|
|
Address: "10.1.2.3",
|
|
Port: 8443,
|
|
Proxy: &AgentServiceConnectProxyConfig{
|
|
Config: map[string]interface{}{
|
|
"foo": "bar",
|
|
},
|
|
},
|
|
}
|
|
|
|
err := agent.ServiceRegister(®)
|
|
require.NoError(t, err)
|
|
|
|
svc, _, err := agent.Service("mesh-gateway", nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, svc)
|
|
require.Equal(t, ServiceKindMeshGateway, svc.Kind)
|
|
require.NotNil(t, svc.Proxy)
|
|
require.Contains(t, svc.Proxy.Config, "foo")
|
|
require.Equal(t, "bar", svc.Proxy.Config["foo"])
|
|
}
|
|
|
|
func TestAgentService_ExposeChecks(t *testing.T) {
|
|
t.Parallel()
|
|
c, s := makeClient(t)
|
|
defer s.Stop()
|
|
|
|
agent := c.Agent()
|
|
|
|
path := ExposePath{
|
|
LocalPathPort: 8080,
|
|
ListenerPort: 21500,
|
|
Path: "/metrics",
|
|
Protocol: "http2",
|
|
}
|
|
reg := AgentServiceRegistration{
|
|
Kind: ServiceKindConnectProxy,
|
|
Name: "expose-proxy",
|
|
Address: "10.1.2.3",
|
|
Port: 8443,
|
|
Proxy: &AgentServiceConnectProxyConfig{
|
|
DestinationServiceName: "expose",
|
|
Expose: ExposeConfig{
|
|
Checks: true,
|
|
Paths: []ExposePath{
|
|
path,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
err := agent.ServiceRegister(®)
|
|
require.NoError(t, err)
|
|
|
|
svc, _, err := agent.Service("expose-proxy", nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, svc)
|
|
require.Equal(t, ServiceKindConnectProxy, svc.Kind)
|
|
require.NotNil(t, svc.Proxy)
|
|
require.Len(t, svc.Proxy.Expose.Paths, 1)
|
|
require.True(t, svc.Proxy.Expose.Checks)
|
|
require.Equal(t, path, svc.Proxy.Expose.Paths[0])
|
|
}
|