2023-03-28 20:12:41 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2020-03-31 16:59:10 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
2022-12-13 16:51:37 +00:00
|
|
|
"time"
|
2020-03-31 16:59:10 +00:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestAPI_ConfigEntries_IngressGateway(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
c, s := makeClient(t)
|
|
|
|
defer s.Stop()
|
|
|
|
|
|
|
|
config_entries := c.ConfigEntries()
|
|
|
|
|
|
|
|
ingress1 := &IngressGatewayConfigEntry{
|
|
|
|
Kind: IngressGateway,
|
|
|
|
Name: "foo",
|
2020-09-29 14:11:57 +00:00
|
|
|
Meta: map[string]string{
|
|
|
|
"foo": "bar",
|
|
|
|
"gir": "zim",
|
|
|
|
},
|
2020-03-31 16:59:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ingress2 := &IngressGatewayConfigEntry{
|
|
|
|
Kind: IngressGateway,
|
|
|
|
Name: "bar",
|
2020-04-30 20:50:25 +00:00
|
|
|
TLS: GatewayTLSConfig{
|
2022-01-11 16:46:42 +00:00
|
|
|
Enabled: true,
|
|
|
|
TLSMinVersion: "TLSv1_2",
|
2020-04-30 20:50:25 +00:00
|
|
|
},
|
2022-09-28 18:56:46 +00:00
|
|
|
Defaults: &IngressServiceConfig{
|
|
|
|
MaxConnections: uint32Pointer(2048),
|
|
|
|
MaxPendingRequests: uint32Pointer(4096),
|
2022-12-13 16:51:37 +00:00
|
|
|
PassiveHealthCheck: &PassiveHealthCheck{
|
|
|
|
MaxFailures: 20,
|
|
|
|
Interval: 500000000,
|
|
|
|
},
|
2022-09-28 18:56:46 +00:00
|
|
|
},
|
2020-03-31 16:59:10 +00:00
|
|
|
}
|
|
|
|
|
2020-05-06 21:09:24 +00:00
|
|
|
global := &ProxyConfigEntry{
|
|
|
|
Kind: ProxyDefaults,
|
|
|
|
Name: ProxyConfigGlobal,
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"protocol": "http",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
// set default protocol to http so that ingress gateways pass validation
|
|
|
|
_, wm, err := config_entries.Set(global, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
2020-03-31 16:59:10 +00:00
|
|
|
// set it
|
2020-05-06 21:09:24 +00:00
|
|
|
_, wm, err = config_entries.Set(ingress1, nil)
|
2020-03-31 16:59:10 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// also set the second one
|
|
|
|
_, wm, err = config_entries.Set(ingress2, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// get it
|
|
|
|
entry, qm, err := config_entries.Get(IngressGateway, "foo", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, qm)
|
|
|
|
require.NotEqual(t, 0, qm.RequestTime)
|
|
|
|
|
|
|
|
// verify it
|
|
|
|
readIngress, ok := entry.(*IngressGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, ingress1.Kind, readIngress.Kind)
|
|
|
|
require.Equal(t, ingress1.Name, readIngress.Name)
|
2020-09-29 14:11:57 +00:00
|
|
|
require.Equal(t, ingress1.Meta, readIngress.Meta)
|
|
|
|
require.Equal(t, ingress1.Meta, readIngress.GetMeta())
|
2020-03-31 16:59:10 +00:00
|
|
|
|
|
|
|
// update it
|
|
|
|
ingress1.Listeners = []IngressListener{
|
|
|
|
{
|
|
|
|
Port: 2222,
|
2020-04-23 15:06:19 +00:00
|
|
|
Protocol: "http",
|
2020-03-31 16:59:10 +00:00
|
|
|
Services: []IngressService{
|
|
|
|
{
|
2020-04-23 15:06:19 +00:00
|
|
|
Name: "asdf",
|
|
|
|
Hosts: []string{"test.example.com"},
|
2021-08-25 15:43:07 +00:00
|
|
|
RequestHeaders: &HTTPHeaderModifiers{
|
|
|
|
Set: map[string]string{
|
|
|
|
"x-foo": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
ResponseHeaders: &HTTPHeaderModifiers{
|
|
|
|
Remove: []string{"x-foo"},
|
|
|
|
},
|
2021-08-25 16:29:06 +00:00
|
|
|
TLS: &GatewayServiceTLSConfig{
|
|
|
|
SDS: &GatewayTLSSDSConfig{
|
|
|
|
ClusterName: "foo",
|
|
|
|
CertResource: "bar",
|
|
|
|
},
|
|
|
|
},
|
2022-09-28 18:56:46 +00:00
|
|
|
MaxConnections: uint32Pointer(5120),
|
|
|
|
MaxPendingRequests: uint32Pointer(512),
|
|
|
|
MaxConcurrentRequests: uint32Pointer(2048),
|
2022-12-13 16:51:37 +00:00
|
|
|
PassiveHealthCheck: &PassiveHealthCheck{
|
|
|
|
MaxFailures: 10,
|
|
|
|
},
|
2021-08-25 16:29:06 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
TLS: &GatewayTLSConfig{
|
|
|
|
SDS: &GatewayTLSSDSConfig{
|
|
|
|
ClusterName: "baz",
|
|
|
|
CertResource: "qux",
|
2020-03-31 16:59:10 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2021-08-25 16:29:06 +00:00
|
|
|
ingress1.TLS = GatewayTLSConfig{
|
|
|
|
SDS: &GatewayTLSSDSConfig{
|
|
|
|
ClusterName: "qux",
|
|
|
|
CertResource: "bug",
|
|
|
|
},
|
|
|
|
}
|
2020-03-31 16:59:10 +00:00
|
|
|
|
|
|
|
// CAS fail
|
|
|
|
written, _, err := config_entries.CAS(ingress1, 0, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.False(t, written)
|
|
|
|
|
|
|
|
// CAS success
|
|
|
|
written, wm, err = config_entries.CAS(ingress1, readIngress.ModifyIndex, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
require.True(t, written)
|
|
|
|
|
|
|
|
// update no cas
|
|
|
|
ingress2.Listeners = []IngressListener{
|
|
|
|
{
|
|
|
|
Port: 3333,
|
|
|
|
Protocol: "http",
|
|
|
|
Services: []IngressService{
|
|
|
|
{
|
|
|
|
Name: "qwer",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
_, wm, err = config_entries.Set(ingress2, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// list them
|
|
|
|
entries, qm, err := config_entries.List(IngressGateway, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, qm)
|
|
|
|
require.NotEqual(t, 0, qm.RequestTime)
|
|
|
|
require.Len(t, entries, 2)
|
|
|
|
|
|
|
|
for _, entry = range entries {
|
|
|
|
switch entry.GetName() {
|
|
|
|
case "foo":
|
|
|
|
// this also verifies that the update value was persisted and
|
|
|
|
// the updated values are seen
|
|
|
|
readIngress, ok = entry.(*IngressGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, ingress1.Kind, readIngress.Kind)
|
|
|
|
require.Equal(t, ingress1.Name, readIngress.Name)
|
2020-04-20 14:02:35 +00:00
|
|
|
|
|
|
|
require.Len(t, readIngress.Listeners, 1)
|
|
|
|
require.Len(t, readIngress.Listeners[0].Services, 1)
|
2023-08-23 16:53:44 +00:00
|
|
|
// Set namespace and partition to blank so that CE and ent can utilize the same tests
|
2020-04-20 14:02:35 +00:00
|
|
|
readIngress.Listeners[0].Services[0].Namespace = ""
|
2021-11-08 20:22:10 +00:00
|
|
|
readIngress.Listeners[0].Services[0].Partition = ""
|
2020-04-20 14:02:35 +00:00
|
|
|
|
2020-03-31 16:59:10 +00:00
|
|
|
require.Equal(t, ingress1.Listeners, readIngress.Listeners)
|
|
|
|
case "bar":
|
|
|
|
readIngress, ok = entry.(*IngressGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, ingress2.Kind, readIngress.Kind)
|
|
|
|
require.Equal(t, ingress2.Name, readIngress.Name)
|
2022-09-28 18:56:46 +00:00
|
|
|
require.Equal(t, *ingress2.Defaults.MaxConnections, *readIngress.Defaults.MaxConnections)
|
|
|
|
require.Equal(t, uint32(4096), *readIngress.Defaults.MaxPendingRequests)
|
|
|
|
require.Equal(t, uint32(0), *readIngress.Defaults.MaxConcurrentRequests)
|
2022-12-13 16:51:37 +00:00
|
|
|
require.Equal(t, uint32(20), readIngress.Defaults.PassiveHealthCheck.MaxFailures)
|
|
|
|
require.Equal(t, time.Duration(500000000), readIngress.Defaults.PassiveHealthCheck.Interval)
|
|
|
|
require.Nil(t, readIngress.Defaults.PassiveHealthCheck.EnforcingConsecutive5xx)
|
|
|
|
|
2020-04-20 14:02:35 +00:00
|
|
|
require.Len(t, readIngress.Listeners, 1)
|
|
|
|
require.Len(t, readIngress.Listeners[0].Services, 1)
|
2023-08-23 16:53:44 +00:00
|
|
|
// Set namespace and partition to blank so that CE and ent can utilize the same tests
|
2020-04-20 14:02:35 +00:00
|
|
|
readIngress.Listeners[0].Services[0].Namespace = ""
|
2021-11-08 20:22:10 +00:00
|
|
|
readIngress.Listeners[0].Services[0].Partition = ""
|
2020-04-20 14:02:35 +00:00
|
|
|
|
2020-03-31 16:59:10 +00:00
|
|
|
require.Equal(t, ingress2.Listeners, readIngress.Listeners)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// delete it
|
|
|
|
wm, err = config_entries.Delete(IngressGateway, "foo", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// verify deletion
|
2020-06-05 19:28:03 +00:00
|
|
|
_, _, err = config_entries.Get(IngressGateway, "foo", nil)
|
2020-03-31 16:59:10 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
}
|
2020-03-31 19:27:32 +00:00
|
|
|
|
|
|
|
func TestAPI_ConfigEntries_TerminatingGateway(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
c, s := makeClient(t)
|
|
|
|
defer s.Stop()
|
|
|
|
|
|
|
|
configEntries := c.ConfigEntries()
|
|
|
|
|
|
|
|
terminating1 := &TerminatingGatewayConfigEntry{
|
|
|
|
Kind: TerminatingGateway,
|
|
|
|
Name: "foo",
|
2020-09-29 14:11:57 +00:00
|
|
|
Meta: map[string]string{
|
|
|
|
"foo": "bar",
|
|
|
|
"gir": "zim",
|
|
|
|
},
|
2020-03-31 19:27:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
terminating2 := &TerminatingGatewayConfigEntry{
|
|
|
|
Kind: TerminatingGateway,
|
|
|
|
Name: "bar",
|
|
|
|
}
|
|
|
|
|
|
|
|
// set it
|
|
|
|
_, wm, err := configEntries.Set(terminating1, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// also set the second one
|
|
|
|
_, wm, err = configEntries.Set(terminating2, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// get it
|
|
|
|
entry, qm, err := configEntries.Get(TerminatingGateway, "foo", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, qm)
|
|
|
|
require.NotEqual(t, 0, qm.RequestTime)
|
|
|
|
|
|
|
|
// verify it
|
|
|
|
readTerminating, ok := entry.(*TerminatingGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, terminating1.Kind, readTerminating.Kind)
|
|
|
|
require.Equal(t, terminating1.Name, readTerminating.Name)
|
2020-09-29 14:11:57 +00:00
|
|
|
require.Equal(t, terminating1.Meta, readTerminating.Meta)
|
|
|
|
require.Equal(t, terminating1.Meta, readTerminating.GetMeta())
|
2020-03-31 19:27:32 +00:00
|
|
|
|
|
|
|
// update it
|
|
|
|
terminating1.Services = []LinkedService{
|
|
|
|
{
|
|
|
|
Name: "web",
|
|
|
|
CAFile: "/etc/web/ca.crt",
|
|
|
|
CertFile: "/etc/web/client.crt",
|
|
|
|
KeyFile: "/etc/web/tls.key",
|
2020-04-27 22:25:37 +00:00
|
|
|
SNI: "mydomain",
|
2020-03-31 19:27:32 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// CAS fail
|
|
|
|
written, _, err := configEntries.CAS(terminating1, 0, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.False(t, written)
|
|
|
|
|
|
|
|
// CAS success
|
|
|
|
written, wm, err = configEntries.CAS(terminating1, readTerminating.ModifyIndex, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
require.True(t, written)
|
|
|
|
|
2020-04-08 18:37:24 +00:00
|
|
|
// re-setting should not yield an error
|
|
|
|
_, wm, err = configEntries.Set(terminating1, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
2020-03-31 19:27:32 +00:00
|
|
|
terminating2.Services = []LinkedService{
|
|
|
|
{
|
|
|
|
Name: "*",
|
|
|
|
CAFile: "/etc/certs/ca.crt",
|
|
|
|
CertFile: "/etc/certs/client.crt",
|
|
|
|
KeyFile: "/etc/certs/tls.key",
|
2020-04-27 22:25:37 +00:00
|
|
|
SNI: "mydomain",
|
2020-03-31 19:27:32 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
_, wm, err = configEntries.Set(terminating2, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// list them
|
|
|
|
entries, qm, err := configEntries.List(TerminatingGateway, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, qm)
|
|
|
|
require.NotEqual(t, 0, qm.RequestTime)
|
|
|
|
require.Len(t, entries, 2)
|
|
|
|
|
|
|
|
for _, entry = range entries {
|
|
|
|
switch entry.GetName() {
|
|
|
|
case "foo":
|
|
|
|
// this also verifies that the update value was persisted and
|
|
|
|
// the updated values are seen
|
|
|
|
readTerminating, ok = entry.(*TerminatingGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, terminating1.Kind, readTerminating.Kind)
|
|
|
|
require.Equal(t, terminating1.Name, readTerminating.Name)
|
2020-04-20 14:02:35 +00:00
|
|
|
require.Len(t, readTerminating.Services, 1)
|
2023-08-23 16:53:44 +00:00
|
|
|
// Set namespace to blank so that CE and ent can utilize the same tests
|
2020-04-20 14:02:35 +00:00
|
|
|
readTerminating.Services[0].Namespace = ""
|
|
|
|
|
2020-03-31 19:27:32 +00:00
|
|
|
require.Equal(t, terminating1.Services, readTerminating.Services)
|
|
|
|
case "bar":
|
|
|
|
readTerminating, ok = entry.(*TerminatingGatewayConfigEntry)
|
|
|
|
require.True(t, ok)
|
|
|
|
require.Equal(t, terminating2.Kind, readTerminating.Kind)
|
|
|
|
require.Equal(t, terminating2.Name, readTerminating.Name)
|
2020-04-20 14:02:35 +00:00
|
|
|
require.Len(t, readTerminating.Services, 1)
|
2023-08-23 16:53:44 +00:00
|
|
|
// Set namespace to blank so that CE and ent can utilize the same tests
|
2020-04-20 14:02:35 +00:00
|
|
|
readTerminating.Services[0].Namespace = ""
|
|
|
|
|
2020-03-31 19:27:32 +00:00
|
|
|
require.Equal(t, terminating2.Services, readTerminating.Services)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// delete it
|
|
|
|
wm, err = configEntries.Delete(TerminatingGateway, "foo", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, wm)
|
|
|
|
require.NotEqual(t, 0, wm.RequestTime)
|
|
|
|
|
|
|
|
// verify deletion
|
2020-06-05 19:28:03 +00:00
|
|
|
_, _, err = configEntries.Get(TerminatingGateway, "foo", nil)
|
2020-03-31 19:27:32 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
}
|