open-consul/agent/consul/peering_backend_test.go

package consul

import (
	"context"
	"net"
	"testing"
	"time"

	"github.com/stretchr/testify/require"
	gogrpc "google.golang.org/grpc"

	"github.com/hashicorp/consul/agent/pool"
	"github.com/hashicorp/consul/proto/pbpeering"
	"github.com/hashicorp/consul/sdk/testutil"
	"github.com/hashicorp/consul/testrpc"
)

func TestPeeringBackend_DoesNotForwardToDifferentDC(t *testing.T) {
	if testing.Short() {
		t.Skip("too slow for testing.Short")
	}

	t.Parallel()
	_, s1 := testServerDC(t, "dc1")
	_, s2 := testServerDC(t, "dc2")

	joinWAN(t, s2, s1)

	testrpc.WaitForLeader(t, s1.RPC, "dc1")
	testrpc.WaitForLeader(t, s2.RPC, "dc2")

	// make a grpc client to dial s2 directly
	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
	t.Cleanup(cancel)

	conn, err := gogrpc.DialContext(ctx, s2.config.RPCAddr.String(),
		gogrpc.WithContextDialer(newServerDialer(s2.config.RPCAddr.String())),
		gogrpc.WithInsecure(),
		gogrpc.WithBlock())
	require.NoError(t, err)
	t.Cleanup(func() { conn.Close() })

	peeringClient := pbpeering.NewPeeringServiceClient(conn)

	// GenerateToken request should fail against dc1, because we are dialing dc2. The GenerateToken request should never be forwarded across datacenters.
	req := pbpeering.GenerateTokenRequest{
		PeerName:   "peer1-usw1",
		Datacenter: "dc1",
	}
	_, err = peeringClient.GenerateToken(ctx, &req)
	require.Error(t, err)
	require.Contains(t, err.Error(), "requests to generate peering tokens cannot be forwarded to remote datacenters")
}

func TestPeeringBackend_ForwardToLeader(t *testing.T) {
	t.Parallel()

	_, conf1 := testServerConfig(t)
	server1, err := newServer(t, conf1)
	require.NoError(t, err)

	_, conf2 := testServerConfig(t)
	conf2.Bootstrap = false
	server2, err := newServer(t, conf2)
	require.NoError(t, err)

	// Join a 2nd server (not the leader)
	testrpc.WaitForLeader(t, server1.RPC, "dc1")
	joinLAN(t, server2, server1)
	testrpc.WaitForLeader(t, server2.RPC, "dc1")

	// Make a write call to server2 and make sure it gets forwarded to server1
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	t.Cleanup(cancel)

	// Dial server2 directly
	conn, err := gogrpc.DialContext(ctx, server2.config.RPCAddr.String(),
		gogrpc.WithContextDialer(newServerDialer(server2.config.RPCAddr.String())),
		gogrpc.WithInsecure(),
		gogrpc.WithBlock())
	require.NoError(t, err)
	t.Cleanup(func() { conn.Close() })

	peeringClient := pbpeering.NewPeeringServiceClient(conn)

	testutil.RunStep(t, "forward a write", func(t *testing.T) {
		// Do the grpc Write call to server2
		req := pbpeering.GenerateTokenRequest{
			Datacenter: "dc1",
			PeerName:   "foo",
		}
		_, err := peeringClient.GenerateToken(ctx, &req)
		require.NoError(t, err)

		// TODO(peering) check that state store is updated on leader, indicating a forwarded request after state store
		// is implemented.
	})
}

func newServerDialer(serverAddr string) func(context.Context, string) (net.Conn, error) {
	return func(ctx context.Context, addr string) (net.Conn, error) {
		d := net.Dialer{}
		conn, err := d.DialContext(ctx, "tcp", serverAddr)
		if err != nil {
			return nil, err
		}

		_, err = conn.Write([]byte{byte(pool.RPCGRPC)})
		if err != nil {
			conn.Close()
			return nil, err
		}

		return conn, nil
	}
}
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`package consul`

			`import (`
			`"context"`
			`"net"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/require"`
			`gogrpc "google.golang.org/grpc"`

			`"github.com/hashicorp/consul/agent/pool"`
			`"github.com/hashicorp/consul/proto/pbpeering"`
add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 20:25:51 +00:00			`"github.com/hashicorp/consul/sdk/testutil"`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`"github.com/hashicorp/consul/testrpc"`
			`)`

			`func TestPeeringBackend_DoesNotForwardToDifferentDC(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("too slow for testing.Short")`
			`}`

			`t.Parallel()`
			`_, s1 := testServerDC(t, "dc1")`
			`_, s2 := testServerDC(t, "dc2")`

			`joinWAN(t, s2, s1)`

			`testrpc.WaitForLeader(t, s1.RPC, "dc1")`
			`testrpc.WaitForLeader(t, s2.RPC, "dc2")`

			`// make a grpc client to dial s2 directly`
			`ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)`
			`t.Cleanup(cancel)`

			`conn, err := gogrpc.DialContext(ctx, s2.config.RPCAddr.String(),`
			`gogrpc.WithContextDialer(newServerDialer(s2.config.RPCAddr.String())),`
			`gogrpc.WithInsecure(),`
			`gogrpc.WithBlock())`
			`require.NoError(t, err)`
			`t.Cleanup(func() { conn.Close() })`

			`peeringClient := pbpeering.NewPeeringServiceClient(conn)`

			`// GenerateToken request should fail against dc1, because we are dialing dc2. The GenerateToken request should never be forwarded across datacenters.`
			`req := pbpeering.GenerateTokenRequest{`
			`PeerName: "peer1-usw1",`
			`Datacenter: "dc1",`
			`}`
			`_, err = peeringClient.GenerateToken(ctx, &req)`
			`require.Error(t, err)`
			`require.Contains(t, err.Error(), "requests to generate peering tokens cannot be forwarded to remote datacenters")`
			`}`

			`func TestPeeringBackend_ForwardToLeader(t *testing.T) {`
			`t.Parallel()`

			`_, conf1 := testServerConfig(t)`
			`server1, err := newServer(t, conf1)`
			`require.NoError(t, err)`

			`_, conf2 := testServerConfig(t)`
			`conf2.Bootstrap = false`
			`server2, err := newServer(t, conf2)`
			`require.NoError(t, err)`

			`// Join a 2nd server (not the leader)`
			`testrpc.WaitForLeader(t, server1.RPC, "dc1")`
			`joinLAN(t, server2, server1)`
			`testrpc.WaitForLeader(t, server2.RPC, "dc1")`

			`// Make a write call to server2 and make sure it gets forwarded to server1`
			`ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)`
			`t.Cleanup(cancel)`

			`// Dial server2 directly`
			`conn, err := gogrpc.DialContext(ctx, server2.config.RPCAddr.String(),`
			`gogrpc.WithContextDialer(newServerDialer(server2.config.RPCAddr.String())),`
			`gogrpc.WithInsecure(),`
			`gogrpc.WithBlock())`
			`require.NoError(t, err)`
			`t.Cleanup(func() { conn.Close() })`

			`peeringClient := pbpeering.NewPeeringServiceClient(conn)`

add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 20:25:51 +00:00			`testutil.RunStep(t, "forward a write", func(t *testing.T) {`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`// Do the grpc Write call to server2`
			`req := pbpeering.GenerateTokenRequest{`
			`Datacenter: "dc1",`
			`PeerName: "foo",`
			`}`
			`_, err := peeringClient.GenerateToken(ctx, &req)`
			`require.NoError(t, err)`

			`// TODO(peering) check that state store is updated on leader, indicating a forwarded request after state store`
			`// is implemented.`
			`})`
			`}`

			`func newServerDialer(serverAddr string) func(context.Context, string) (net.Conn, error) {`
			`return func(ctx context.Context, addr string) (net.Conn, error) {`
			`d := net.Dialer{}`
			`conn, err := d.DialContext(ctx, "tcp", serverAddr)`
			`if err != nil {`
			`return nil, err`
			`}`

			`_, err = conn.Write([]byte{byte(pool.RPCGRPC)})`
			`if err != nil {`
			`conn.Close()`
			`return nil, err`
			`}`

			`return conn, nil`
			`}`
			`}`