luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/xds/routes_test.go

558 lines
16 KiB
Go
Raw Normal View History

copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
package xds
import (
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
"path/filepath"
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
"sort"
"testing"
Allow ingress gateways to route traffic based on Host header This commit adds the necessary changes to allow an ingress gateway to route traffic from a single defined port to multiple different upstream services in the Consul mesh. To do this, we now require all HTTP requests coming into the ingress gateway to specify a Host header that matches "<service-name>.*" in order to correctly route traffic to the correct service. - Differentiate multiple listener's route names by port - Adds a case in xds for allowing default discovery chains to create a route configuration when on an ingress gateway. This allows default services to easily use host header routing - ingress-gateways have a single route config for each listener that utilizes domain matching to route to different services.
2020-04-16 23:24:11 +00:00
"time"
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
xds: remove deprecated usages of xDS (#9602) Note that this does NOT upgrade to xDS v3. That will come in a future PR. Additionally: - Ignored staticcheck warnings about how github.com/golang/protobuf is deprecated. - Shuffled some agent/xds imports in advance of a later xDS v3 upgrade. - Remove support for envoy 1.13.x but don't add in 1.17.x yet. We have to wait until the xDS v3 support is added in a follow-up PR. Fixes #8425
2021-02-22 21:00:15 +00:00
xds: Pass in logger small cleanup in tests
2020-12-23 17:50:28 +00:00
testinf "github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/require"
xds: begin refactor to always pass test snapshots through all xDS types (#13461)
2022-06-15 19:58:28 +00:00
"google.golang.org/protobuf/types/known/durationpb"
xds: Pass in logger small cleanup in tests
2020-12-23 17:50:28 +00:00
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
"github.com/hashicorp/consul/agent/proxycfg"
Allow ingress gateways to route traffic based on Host header This commit adds the necessary changes to allow an ingress gateway to route traffic from a single defined port to multiple different upstream services in the Consul mesh. To do this, we now require all HTTP requests coming into the ingress gateway to specify a Host header that matches "<service-name>.*" in order to correctly route traffic to the correct service. - Differentiate multiple listener's route names by port - Adds a case in xds for allowing default discovery chains to create a route configuration when on an ingress gateway. This allows default services to easily use host header routing - ingress-gateways have a single route config for each listener that utilizes domain matching to route to different services.
2020-04-16 23:24:11 +00:00
"github.com/hashicorp/consul/agent/structs"
NET-5457 Support multiple virtual hosts for a single API gateway listener (#19120) * Modify struct to support multiple routes for a given readyListener * Rework route construction for API gateways * Add changelog entry * Add golden file test for API gateway w/ multiple hostnames on a single listener * Build up routes with deterministic ordering * Improve docstring
2023-10-10 18:21:25 +00:00
"github.com/hashicorp/consul/agent/xds/testcommon"
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
"github.com/hashicorp/consul/envoyextensions/xdscommon"
Add server receiver to routes and log tgw err
2020-09-03 22:19:58 +00:00
"github.com/hashicorp/consul/sdk/testutil"
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
)
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
type routeTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
}
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
return []routeTestCase{
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
},
connect: introduce ExternalSNI field on service-defaults (#6324) Compiling this will set an optional SNI field on each DiscoveryTarget. When set this value should be used for TLS connections to the instances of the target. If not set the default should be used. Setting ExternalSNI will disable mesh gateway use for that target. It also disables several service-resolver features that do not make sense for an external service.
2019-08-19 17:19:44 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
connect: introduce ExternalSNI field on service-defaults (#6324) Compiling this will set an optional SNI field on each DiscoveryTarget. When set this value should be used for TLS connections to the instances of the target. If not set the default should be used. Setting ExternalSNI will disable mesh gateway use for that target. It also disables several service-resolver features that do not make sense for an external service.
2019-08-19 17:19:44 +00:00
},
connect: reconcile how upstream configuration works with discovery chains (#6225) * connect: reconcile how upstream configuration works with discovery chains The following upstream config fields for connect sidecars sanely integrate into discovery chain resolution: - Destination Namespace/Datacenter: Compilation occurs locally but using different default values for namespaces and datacenters. The xDS clusters that are created are named as they normally would be. - Mesh Gateway Mode (single upstream): If set this value overrides any value computed for any resolver for the entire discovery chain. The xDS clusters that are created may be named differently (see below). - Mesh Gateway Mode (whole sidecar): If set this value overrides any value computed for any resolver for the entire discovery chain. If this is specifically overridden for a single upstream this value is ignored in that case. The xDS clusters that are created may be named differently (see below). - Protocol (in opaque config): If set this value overrides the value computed when evaluating the entire discovery chain. If the normal chain would be TCP or if this override is set to TCP then the result is that we explicitly disable L7 Routing and Splitting. The xDS clusters that are created may be named differently (see below). - Connect Timeout (in opaque config): If set this value overrides the value for any resolver in the entire discovery chain. The xDS clusters that are created may be named differently (see below). If any of the above overrides affect the actual result of compiling the discovery chain (i.e. "tcp" becomes "grpc" instead of being a no-op override to "tcp") then the relevant parameters are hashed and provided to the xDS layer as a prefix for use in naming the Clusters. This is to ensure that if one Upstream discovery chain has no overrides and tangentially needs a cluster named "api.default.XXX", and another Upstream does have overrides for "api.default.XXX" that they won't cross-pollinate against the operator's wishes. Fixes #6159
2019-08-02 03:03:34 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-chain-and-overrides",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
connect: reconcile how upstream configuration works with discovery chains (#6225) * connect: reconcile how upstream configuration works with discovery chains The following upstream config fields for connect sidecars sanely integrate into discovery chain resolution: - Destination Namespace/Datacenter: Compilation occurs locally but using different default values for namespaces and datacenters. The xDS clusters that are created are named as they normally would be. - Mesh Gateway Mode (single upstream): If set this value overrides any value computed for any resolver for the entire discovery chain. The xDS clusters that are created may be named differently (see below). - Mesh Gateway Mode (whole sidecar): If set this value overrides any value computed for any resolver for the entire discovery chain. If this is specifically overridden for a single upstream this value is ignored in that case. The xDS clusters that are created may be named differently (see below). - Protocol (in opaque config): If set this value overrides the value computed when evaluating the entire discovery chain. If the normal chain would be TCP or if this override is set to TCP then the result is that we explicitly disable L7 Routing and Splitting. The xDS clusters that are created may be named differently (see below). - Connect Timeout (in opaque config): If set this value overrides the value for any resolver in the entire discovery chain. The xDS clusters that are created may be named differently (see below). If any of the above overrides affect the actual result of compiling the discovery chain (i.e. "tcp" becomes "grpc" instead of being a no-op override to "tcp") then the relevant parameters are hashed and provided to the xDS layer as a prefix for use in naming the Clusters. This is to ensure that if one Upstream discovery chain has no overrides and tangentially needs a cluster named "api.default.XXX", and another Upstream does have overrides for "api.default.XXX" that they won't cross-pollinate against the operator's wishes. Fixes #6159
2019-08-02 03:03:34 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-chain-and-splitter",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
},
xds: allow http match criteria to be applied to routes on services using grpc protocols (#6149)
2019-07-17 19:07:08 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-grpc-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
xds: allow http match criteria to be applied to routes on services using grpc protocols (#6149)
2019-07-17 19:07:08 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-with-chain-and-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
},
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "connect-proxy-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
},
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
}
}
func TestRoutesFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input,
// just as it would be triggered by our xDS server.
if testing.Short() {
t.Skip("too slow for testing.Short")
}
tests := []routeTestCase{
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
// TODO(rb): test match stanza skipped for grpc
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
// Start ingress gateway test cases
ingress-gateways: don't log error when registering gateway (#15001) * ingress-gateways: don't log error when registering gateway Previously, when an ingress gateway was registered without a corresponding ingress gateway config entry, an error was logged because the watch on the config entry returned a nil result. This is expected so don't log an error.
2022-10-25 17:55:44 +00:00
{
name: "ingress-config-entry-nil",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
},
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-defaults-no-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
"default", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-chain",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
"simple", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-chain-external-sni",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
"external-sni", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-splitter-with-resolver-redirect",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
"splitter-with-resolver-redirect-multidc", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-chain-and-splitter",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
"chain-and-splitter", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-grpc-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
"grpc-router", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-chain-and-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
"chain-and-router", nil, nil, nil)
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-lb-in-resolver",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
"lb-resolver", nil, nil, nil)
},
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
},
Allow ingress gateways to route traffic based on Host header This commit adds the necessary changes to allow an ingress gateway to route traffic from a single defined port to multiple different upstream services in the Consul mesh. To do this, we now require all HTTP requests coming into the ingress gateway to specify a Host header that matches "<service-name>.*" in order to correctly route traffic to the correct service. - Differentiate multiple listener's route names by port - Adds a case in xds for allowing default discovery chains to create a route configuration when on an ingress gateway. This allows default services to easily use host header routing - ingress-gateways have a single route config for each listener that utilizes domain matching to route to different services.
2020-04-16 23:24:11 +00:00
{
name: "ingress-http-multiple-services",
create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
fix: multiple grpc/http2 services for ingress listeners
2022-05-18 21:55:59 +00:00
{
name: "ingress-grpc-multiple-services",
create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices,
},
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
{
name: "ingress-with-chain-and-router-header-manip",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "router-header-manip", nil, nil)
Ingress gateway header manip plumbing
2021-07-13 12:53:59 +00:00
},
},
Update xDS routes to support ingress services with different TLS config
2021-08-24 14:25:22 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-sds-listener-level",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level", nil, nil)
},
Update xDS routes to support ingress services with different TLS config
2021-08-24 14:25:22 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-sds-listener-level-wildcard",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level-wildcard", nil, nil)
},
Update xDS routes to support ingress services with different TLS config
2021-08-24 14:25:22 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-sds-service-level",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level", nil, nil)
},
Update xDS routes to support ingress services with different TLS config
2021-08-24 14:25:22 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "ingress-with-sds-service-level-mixed-tls",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level-mixed-tls", nil, nil)
},
Update xDS routes to support ingress services with different TLS config
2021-08-24 14:25:22 +00:00
},
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
{
name: "terminating-gateway-lb-config",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfig,
Pass LB config to Envoy via xDS
2020-08-28 20:27:40 +00:00
},
NET-5457 Support multiple virtual hosts for a single API gateway listener (#19120) * Modify struct to support multiple routes for a given readyListener * Rework route construction for API gateways * Add changelog entry * Add golden file test for API gateway w/ multiple hostnames on a single listener * Build up routes with deterministic ordering * Improve docstring
2023-10-10 18:21:25 +00:00
{
name: "api-gateway-with-multiple-hostnames",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
entry.Listeners = []structs.APIGatewayListener{
{
Name: "http",
Protocol: structs.ListenerProtocolHTTP,
Port: 8080,
Hostname: "*.example.com",
},
}
bound.Listeners = []structs.BoundAPIGatewayListener{
{
Name: "http",
Routes: []structs.ResourceReference{
{Kind: structs.HTTPRoute, Name: "backend-route"},
{Kind: structs.HTTPRoute, Name: "frontend-route"},
{Kind: structs.HTTPRoute, Name: "generic-route"},
}},
}
},
[]structs.BoundRoute{
&structs.HTTPRouteConfigEntry{
Kind: structs.HTTPRoute,
Name: "backend-route",
Hostnames: []string{"backend.example.com"},
Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}},
Rules: []structs.HTTPRouteRule{
{Services: []structs.HTTPService{{Name: "backend"}}},
},
},
&structs.HTTPRouteConfigEntry{
Kind: structs.HTTPRoute,
Name: "frontend-route",
Hostnames: []string{"frontend.example.com"},
Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}},
Rules: []structs.HTTPRouteRule{
{Services: []structs.HTTPService{{Name: "frontend"}}},
},
},
&structs.HTTPRouteConfigEntry{
Kind: structs.HTTPRoute,
Name: "generic-route",
Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}},
Rules: []structs.HTTPRouteRule{
{
Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/frontend"}}},
Services: []structs.HTTPService{{Name: "frontend"}},
},
{
Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/backend"}}},
Services: []structs.HTTPService{{Name: "backend"}},
},
},
},
}, nil, nil)
},
},
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
}
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
tests = append(tests, makeRouteDiscoChainTests(false)...)
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions {
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424) Related changes: - hard-fail the xDS connection attempt if the envoy version is known to be too old to be supported - remove the RouterMatchSafeRegex proxy feature since all supported envoy versions have it - stop using --max-obj-name-len (due to: envoyproxy/envoy#11740)
2020-07-31 20:52:49 +00:00
require.NoError(t, err)
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
t.Run("envoy-"+envoyVersion, func(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Sanity check default with no overrides first
snap := tt.create(t)
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
// We need to replace the TLS certs with deterministic ones to make golden
// files workable. Note we don't update these otherwise they'd change
// golden files for every test case and so not be any use!
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
testcommon.SetupTLSRootsAndLeaf(t, snap)
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
g := NewResourceGenerator(testutil.Logger(t), nil, false)
Support Incremental xDS mode (#9855) This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged. Union of all commit messages follows to give an overarching summary: xds: exclusively support incremental xDS when using xDS v3 Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail. Work around a strange older envoy behavior involving empty CDS responses over incremental xDS. xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead. Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client. xds: pull out checkStreamACLs method in advance of a later commit xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty. This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10. xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time
2021-04-29 18:54:05 +00:00
g.ProxyFeatures = sf
routes, err := g.routesFromSnapshot(snap)
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
require.NoError(t, err)
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
sort.Slice(routes, func(i, j int) bool {
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
return routes[i].(*envoy_route_v3.RouteConfiguration).Name < routes[j].(*envoy_route_v3.RouteConfiguration).Name
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
})
Make an xdscommon package that will be shared between Consul and Envoy plugins
2022-03-08 19:37:24 +00:00
r, err := createResponse(xdscommon.RouteType, "00000001", "00000001", routes)
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
require.NoError(t, err)
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
t.Run("current", func(t *testing.T) {
gotJSON := protoToJSON(t, r)
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
gName := tt.name
if tt.overrideGoldenName != "" {
gName = tt.overrideGoldenName
}
require.JSONEq(t, goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
})
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
})
}
implement some missing service-router features and add more xDS testing (#6065) - also implement OnlyPassing filters for non-gateway clusters
2019-07-12 19:16:21 +00:00
})
}
}
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) {
var tests = []struct {
name string
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb *structs.LoadBalancer
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected *envoy_route_v3.RouteAction
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
}{
{
name: "empty",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: "",
},
// we only modify route actions for hash-based LB policies
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{},
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
},
{
name: "least request",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: structs.LBPolicyLeastRequest,
LeastRequestConfig: &structs.LeastRequestConfig{
ChoiceCount: 3,
},
},
// we only modify route actions for hash-based LB policies
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{},
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
},
{
name: "headers",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: "ring_hash",
RingHashConfig: &structs.RingHashConfig{
MinimumRingSize: 3,
MaximumRingSize: 7,
},
HashPolicies: []structs.HashPolicy{
{
Field: structs.HashPolicyHeader,
FieldValue: "x-route-key",
Terminal: true,
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{
Header: &envoy_route_v3.RouteAction_HashPolicy_Header{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
HeaderName: "x-route-key",
},
},
Terminal: true,
},
},
},
},
{
name: "cookies",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: structs.LBPolicyMaglev,
HashPolicies: []structs.HashPolicy{
{
Field: structs.HashPolicyCookie,
FieldValue: "red-velvet",
Terminal: true,
},
{
Field: structs.HashPolicyCookie,
FieldValue: "oatmeal",
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Name: "red-velvet",
},
},
Terminal: true,
},
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Name: "oatmeal",
},
},
},
},
},
},
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
{
name: "non-zero session ttl gets zeroed out",
lb: &structs.LoadBalancer{
Policy: structs.LBPolicyMaglev,
HashPolicies: []structs.HashPolicy{
{
Field: structs.HashPolicyCookie,
FieldValue: "oatmeal",
CookieConfig: &structs.CookieConfig{
TTL: 10 * time.Second,
Session: true,
},
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
Name: "oatmeal",
Fix proto lint errors after version bump
2022-05-25 01:44:54 +00:00
Ttl: durationpb.New(0 * time.Second),
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
},
},
},
},
},
},
{
name: "zero value ttl omitted if not session cookie",
lb: &structs.LoadBalancer{
Policy: structs.LBPolicyMaglev,
HashPolicies: []structs.HashPolicy{
{
Field: structs.HashPolicyCookie,
FieldValue: "oatmeal",
CookieConfig: &structs.CookieConfig{
Path: "/oven",
},
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
Name: "oatmeal",
Path: "/oven",
Ttl: nil,
},
},
},
},
},
},
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
name: "source addr",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: structs.LBPolicyMaglev,
HashPolicies: []structs.HashPolicy{
{
SourceIP: true,
Terminal: true,
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{
ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
SourceIp: true,
},
},
Terminal: true,
},
},
},
},
{
name: "kitchen sink",
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
lb: &structs.LoadBalancer{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Policy: structs.LBPolicyMaglev,
HashPolicies: []structs.HashPolicy{
{
SourceIP: true,
Terminal: true,
},
{
Field: structs.HashPolicyCookie,
FieldValue: "oatmeal",
CookieConfig: &structs.CookieConfig{
TTL: 10 * time.Second,
Path: "/oven",
},
},
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
{
Field: structs.HashPolicyCookie,
FieldValue: "chocolate-chip",
CookieConfig: &structs.CookieConfig{
Session: true,
Path: "/oven",
},
},
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
Field: structs.HashPolicyHeader,
FieldValue: "special-header",
Terminal: true,
},
},
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
expected: &envoy_route_v3.RouteAction{
HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{
ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
SourceIp: true,
},
},
Terminal: true,
},
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Name: "oatmeal",
Fix proto lint errors after version bump
2022-05-25 01:44:54 +00:00
Ttl: durationpb.New(10 * time.Second),
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
Path: "/oven",
},
},
},
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
Name: "chocolate-chip",
Fix proto lint errors after version bump
2022-05-25 01:44:54 +00:00
Ttl: durationpb.New(0 * time.Second),
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
Path: "/oven",
},
},
},
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{
Header: &envoy_route_v3.RouteAction_HashPolicy_Header{
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
HeaderName: "special-header",
},
},
Terminal: true,
},
},
},
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
var ra envoy_route_v3.RouteAction
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
err := injectLBToRouteAction(tc.lb, &ra)
require.NoError(t, err)
xds: remove deprecated usages of xDS (#9602) Note that this does NOT upgrade to xDS v3. That will come in a future PR. Additionally: - Ignored staticcheck warnings about how github.com/golang/protobuf is deprecated. - Shuffled some agent/xds imports in advance of a later xDS v3 upgrade. - Remove support for envoy 1.13.x but don't add in 1.17.x yet. We have to wait until the xDS v3 support is added in a follow-up PR. Fixes #8425
2021-02-22 21:00:15 +00:00
require.Equal(t, tc.expected, &ra)
Remove LB infix and move injection to xds
2020-09-02 21:13:50 +00:00
})
}
}