luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/structs/config_entry_discoverychain...

2181 lines
55 KiB
Go
Raw Normal View History

adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
package structs
import (
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
"bytes"
"fmt"
"strings"
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
"testing"
"time"
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
2020-08-27 17:20:58 +00:00
"github.com/stretchr/testify/assert"
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
"github.com/stretchr/testify/require"
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
"github.com/hashicorp/consul/acl"
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
)
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
func TestConfigEntries_ListRelatedServices_AndACLs(t *testing.T) {
// This test tests both of these because they are related functions.
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
newAuthz := func(t *testing.T, src string) acl.Authorizer {
acl: remove id and revision from Policy constructors The fields were removed in a previous commit. Also remove an unused constructor for PolicyMerger
2021-10-15 17:33:31 +00:00
policy, err := acl.NewPolicyFromSource(src, acl.SyntaxCurrent, nil, nil)
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
require.NoError(t, err)
authorizer, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
require.NoError(t, err)
return authorizer
}
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
newServiceACL := func(t *testing.T, canRead, canWrite []string) acl.Authorizer {
var buf bytes.Buffer
for _, s := range canRead {
buf.WriteString(fmt.Sprintf("service %q { policy = %q }\n", s, "read"))
}
for _, s := range canWrite {
buf.WriteString(fmt.Sprintf("service %q { policy = %q }\n", s, "write"))
}
acl: remove id and revision from Policy constructors The fields were removed in a previous commit. Also remove an unused constructor for PolicyMerger
2021-10-15 17:33:31 +00:00
policy, err := acl.NewPolicyFromSource(buf.String(), acl.SyntaxCurrent, nil, nil)
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
require.NoError(t, err)
ACL Authorizer overhaul (#6620) * ACL Authorizer overhaul To account for upcoming features every Authorization function can now take an extra *acl.EnterpriseAuthorizerContext. These are unused in OSS and will always be nil. Additionally the acl package has received some thorough refactoring to enable all of the extra Consul Enterprise specific authorizations including moving sentinel enforcement into the stubbed structs. The Authorizer funcs now return an acl.EnforcementDecision instead of a boolean. This improves the overall interface as it makes multiple Authorizers easily chainable as they now indicate whether they had an authoritative decision or should use some other defaults. A ChainedAuthorizer was added to handle this Authorizer enforcement chain and will never itself return a non-authoritative decision. * Include stub for extra enterprise rules in the global management policy * Allow for an upgrade of the global-management policy
2019-10-15 20:58:50 +00:00
authorizer, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
require.NoError(t, err)
return authorizer
}
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
newServiceAndOperatorACL := func(t *testing.T, service, operator string) acl.Authorizer {
switch {
case service != "" && operator != "":
return newAuthz(t, fmt.Sprintf(`service "test" { policy = %q } operator = %q`, service, operator))
case service == "" && operator != "":
return newAuthz(t, fmt.Sprintf(`operator = %q`, operator))
case service != "" && operator == "":
return newAuthz(t, fmt.Sprintf(`service "test" { policy = %q }`, service))
default:
t.Fatalf("one of these should be set")
return nil
}
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
newServiceAndMeshACL := func(t *testing.T, service, mesh string) acl.Authorizer {
switch {
case service != "" && mesh != "":
return newAuthz(t, fmt.Sprintf(`service "test" { policy = %q } mesh = %q`, service, mesh))
case service == "" && mesh != "":
return newAuthz(t, fmt.Sprintf(`mesh = %q`, mesh))
case service != "" && mesh == "":
return newAuthz(t, fmt.Sprintf(`service "test" { policy = %q }`, service))
default:
t.Fatalf("one of these should be set")
return nil
}
}
type testACL = configEntryTestACL
type testcase = configEntryACLTestCase
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
defaultDenyCase := testACL{
name: "deny",
authorizer: newServiceACL(t, nil, nil),
canRead: false,
canWrite: false,
}
readTestCase := testACL{
name: "can read test",
authorizer: newServiceACL(t, []string{"test"}, nil),
canRead: true,
canWrite: false,
}
writeTestCase := testACL{
name: "can write test",
authorizer: newServiceACL(t, nil, []string{"test"}),
canRead: true,
canWrite: true,
}
writeTestCaseDenied := testACL{
name: "cannot write test",
authorizer: newServiceACL(t, nil, []string{"test"}),
canRead: true,
canWrite: false,
}
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
cases := []testcase{
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
{
name: "resolver: self",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
},
expectServices: nil,
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCase,
},
},
{
name: "resolver: redirect",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Service: "other",
},
},
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
expectServices: []ServiceID{NewServiceID("other", nil)},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCaseDenied,
{
name: "can write test (with other:read)",
authorizer: newServiceACL(t, []string{"other"}, []string{"test"}),
canRead: true,
canWrite: true,
},
},
},
{
name: "resolver: failover",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
"foo": {OnlyPassing: true},
"bar": {OnlyPassing: true},
},
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"foo": {
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
Service: "other1",
},
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"bar": {
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
Service: "other2",
},
},
},
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
expectServices: []ServiceID{NewServiceID("other1", nil), NewServiceID("other2", nil)},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCaseDenied,
{
name: "can write test (with other1:read and other2:read)",
authorizer: newServiceACL(t, []string{"other1", "other2"}, []string{"test"}),
canRead: true,
canWrite: true,
},
},
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
{
name: "resolver: failover with targets",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Targets: []ServiceResolverFailoverTarget{
{Service: "other1"},
{Datacenter: "dc2"},
{Peer: "cluster-01"},
},
},
},
},
expectServices: []ServiceID{NewServiceID("other1", nil)},
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCaseDenied,
{
name: "can write test (with other1:read)",
authorizer: newServiceACL(t, []string{"other1"}, []string{"test"}),
canRead: true,
canWrite: true,
},
},
},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
{
name: "splitter: self",
entry: &ServiceSplitterConfigEntry{
Kind: ServiceSplitter,
Name: "test",
Splits: []ServiceSplit{
{Weight: 100},
},
},
expectServices: nil,
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCase,
},
},
{
name: "splitter: some",
entry: &ServiceSplitterConfigEntry{
Kind: ServiceSplitter,
Name: "test",
Splits: []ServiceSplit{
{Weight: 25, Service: "b"},
{Weight: 25, Service: "a"},
{Weight: 50, Service: "c"},
},
},
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
expectServices: []ServiceID{NewServiceID("a", nil), NewServiceID("b", nil), NewServiceID("c", nil)},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCaseDenied,
{
name: "can write test (with a:read, b:read, and c:read)",
authorizer: newServiceACL(t, []string{"a", "b", "c"}, []string{"test"}),
canRead: true,
canWrite: true,
},
},
},
{
name: "router: self",
entry: &ServiceRouterConfigEntry{
Kind: ServiceRouter,
Name: "test",
},
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
expectServices: []ServiceID{NewServiceID("test", nil)},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCase,
},
},
{
name: "router: some",
entry: &ServiceRouterConfigEntry{
Kind: ServiceRouter,
Name: "test",
Routes: []ServiceRoute{
{
Match: &ServiceRouteMatch{HTTP: &ServiceRouteHTTPMatch{
PathPrefix: "/foo",
}},
Destination: &ServiceRouteDestination{
Service: "foo",
},
},
{
Match: &ServiceRouteMatch{HTTP: &ServiceRouteHTTPMatch{
PathPrefix: "/bar",
}},
Destination: &ServiceRouteDestination{
Service: "bar",
},
},
},
},
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
expectServices: []ServiceID{NewServiceID("bar", nil), NewServiceID("foo", nil), NewServiceID("test", nil)},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
expectACLs: []testACL{
defaultDenyCase,
readTestCase,
writeTestCaseDenied,
{
name: "can write test (with foo:read and bar:read)",
authorizer: newServiceACL(t, []string{"foo", "bar"}, []string{"test"}),
canRead: true,
canWrite: true,
},
},
},
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
{
name: "ingress-gateway",
entry: &IngressGatewayConfigEntry{Name: "test"},
expectACLs: []testACL{
{
name: "no-authz",
authorizer: newAuthz(t, ``),
canRead: false,
canWrite: false,
},
{
name: "service deny and operator deny",
authorizer: newServiceAndOperatorACL(t, "deny", "deny"),
canRead: false,
canWrite: false,
},
{
name: "service read and operator deny",
authorizer: newServiceAndOperatorACL(t, "read", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service write and operator deny",
authorizer: newServiceAndOperatorACL(t, "write", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service deny and mesh deny",
authorizer: newServiceAndMeshACL(t, "deny", "deny"),
canRead: false,
canWrite: false,
},
{
name: "service read and mesh deny",
authorizer: newServiceAndMeshACL(t, "read", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service write and mesh deny",
authorizer: newServiceAndMeshACL(t, "write", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service deny and operator read",
authorizer: newServiceAndOperatorACL(t, "deny", "read"),
canRead: false,
canWrite: false,
},
{
name: "service read and operator read",
authorizer: newServiceAndOperatorACL(t, "read", "read"),
canRead: true,
canWrite: false,
},
{
name: "service write and operator read",
authorizer: newServiceAndOperatorACL(t, "write", "read"),
canRead: true,
canWrite: false,
},
{
name: "service deny and operator write",
authorizer: newServiceAndOperatorACL(t, "deny", "write"),
canRead: false,
canWrite: true,
},
{
name: "service read and operator write",
authorizer: newServiceAndOperatorACL(t, "read", "write"),
canRead: true,
canWrite: true,
},
{
name: "service write and operator write",
authorizer: newServiceAndOperatorACL(t, "write", "write"),
canRead: true,
canWrite: true,
},
{
name: "service deny and mesh read",
authorizer: newServiceAndMeshACL(t, "deny", "read"),
canRead: false,
canWrite: false,
},
{
name: "service read and mesh read",
authorizer: newServiceAndMeshACL(t, "read", "read"),
canRead: true,
canWrite: false,
},
{
name: "service write and mesh read",
authorizer: newServiceAndMeshACL(t, "write", "read"),
canRead: true,
canWrite: false,
},
{
name: "service deny and mesh write",
authorizer: newServiceAndMeshACL(t, "deny", "write"),
canRead: false,
canWrite: true,
},
{
name: "service read and mesh write",
authorizer: newServiceAndMeshACL(t, "read", "write"),
canRead: true,
canWrite: true,
},
{
name: "service write and mesh write",
authorizer: newServiceAndMeshACL(t, "write", "write"),
canRead: true,
canWrite: true,
},
},
},
{
name: "terminating-gateway",
entry: &TerminatingGatewayConfigEntry{Name: "test"},
expectACLs: []testACL{
{
name: "no-authz",
authorizer: newAuthz(t, ``),
canRead: false,
canWrite: false,
},
{
name: "service deny and operator deny",
authorizer: newServiceAndOperatorACL(t, "deny", "deny"),
canRead: false,
canWrite: false,
},
{
name: "service read and operator deny",
authorizer: newServiceAndOperatorACL(t, "read", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service write and operator deny",
authorizer: newServiceAndOperatorACL(t, "write", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service deny and mesh deny",
authorizer: newServiceAndMeshACL(t, "deny", "deny"),
canRead: false,
canWrite: false,
},
{
name: "service read and mesh deny",
authorizer: newServiceAndMeshACL(t, "read", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service write and mesh deny",
authorizer: newServiceAndMeshACL(t, "write", "deny"),
canRead: true,
canWrite: false,
},
{
name: "service deny and operator read",
authorizer: newServiceAndOperatorACL(t, "deny", "read"),
canRead: false,
canWrite: false,
},
{
name: "service read and operator read",
authorizer: newServiceAndOperatorACL(t, "read", "read"),
canRead: true,
canWrite: false,
},
{
name: "service write and operator read",
authorizer: newServiceAndOperatorACL(t, "write", "read"),
canRead: true,
canWrite: false,
},
{
name: "service deny and operator write",
authorizer: newServiceAndOperatorACL(t, "deny", "write"),
canRead: false,
canWrite: true,
},
{
name: "service read and operator write",
authorizer: newServiceAndOperatorACL(t, "read", "write"),
canRead: true,
canWrite: true,
},
{
name: "service write and operator write",
authorizer: newServiceAndOperatorACL(t, "write", "write"),
canRead: true,
canWrite: true,
},
{
name: "service deny and mesh read",
authorizer: newServiceAndMeshACL(t, "deny", "read"),
canRead: false,
canWrite: false,
},
{
name: "service read and mesh read",
authorizer: newServiceAndMeshACL(t, "read", "read"),
canRead: true,
canWrite: false,
},
{
name: "service write and mesh read",
authorizer: newServiceAndMeshACL(t, "write", "read"),
canRead: true,
canWrite: false,
},
{
name: "service deny and mesh write",
authorizer: newServiceAndMeshACL(t, "deny", "write"),
canRead: false,
canWrite: true,
},
{
name: "service read and mesh write",
authorizer: newServiceAndMeshACL(t, "read", "write"),
canRead: true,
canWrite: true,
},
{
name: "service write and mesh write",
authorizer: newServiceAndMeshACL(t, "write", "write"),
canRead: true,
canWrite: true,
},
},
},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
acl: adding a new mesh resource
2021-08-20 22:11:01 +00:00
testConfigEntries_ListRelatedServices_AndACLs(t, cases)
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
func TestServiceResolverConfigEntry(t *testing.T) {
type testcase struct {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
name string
entry *ServiceResolverConfigEntry
normalizeErr string
validateErr string
// check is called between normalize and validate
check func(t *testing.T, entry *ServiceResolverConfigEntry)
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
cases := []testcase{
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
{
name: "nil",
entry: nil,
normalizeErr: "config entry is nil",
},
{
name: "no name",
entry: &ServiceResolverConfigEntry{},
validateErr: "Name is required",
},
{
name: "empty",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
},
},
{
name: "empty subset name",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
"": {OnlyPassing: true},
},
},
validateErr: "Subset defined with empty name",
},
add service resolver subset filter validation
2021-10-12 21:19:11 +00:00
{
name: "invalid boolean expression subset filter",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
"v1": {Filter: "random string"},
},
},
validateErr: `Filter for subset "v1" is not a valid expression`,
},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
{
name: "default subset does not exist",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
DefaultSubset: "gone",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
},
validateErr: `DefaultSubset "gone" is not a valid subset`,
},
{
name: "default subset does exist",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
DefaultSubset: "v1",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
},
},
{
name: "empty redirect",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{},
},
validateErr: "Redirect is empty",
},
{
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
name: "empty redirect",
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
entry: &ServiceResolverConfigEntry{
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
validateErr: "Redirect is empty",
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
{
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
name: "redirect subset with no service",
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
ServiceSubset: "next",
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
validateErr: "Redirect.ServiceSubset defined without Redirect.Service",
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
{
name: "self redirect with invalid subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Service: "test",
ServiceSubset: "gone",
},
},
validateErr: `Redirect.ServiceSubset "gone" is not a valid subset of "test"`,
},
Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366)
2022-08-29 13:51:32 +00:00
{
name: "redirect with peer and subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Peer: "cluster-01",
ServiceSubset: "gone",
},
},
validateErr: `Redirect.Peer cannot be set with Redirect.ServiceSubset`,
},
{
name: "redirect with peer and datacenter",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Peer: "cluster-01",
Datacenter: "dc2",
},
},
validateErr: `Redirect.Peer cannot be set with Redirect.Datacenter`,
},
{
name: "redirect with peer and datacenter",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Peer: "cluster-01",
},
},
validateErr: `Redirect.Peer defined without Redirect.Service`,
},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
{
name: "self redirect with valid subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Service: "test",
ServiceSubset: "v1",
},
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
},
},
Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366)
2022-08-29 13:51:32 +00:00
{
name: "redirect to peer",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Redirect: &ServiceResolverRedirect{
Service: "other",
Peer: "cluster-01",
},
},
},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
{
name: "simple wildcard failover",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"*": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Datacenters: []string{"dc2"},
},
},
},
},
{
name: "failover for missing subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"gone": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Datacenters: []string{"dc2"},
},
},
},
validateErr: `Bad Failover["gone"]: not a valid subset`,
},
{
name: "failover for present subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"v1": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Datacenters: []string{"dc2"},
},
},
},
},
{
name: "failover empty",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"v1": {},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
validateErr: `Bad Failover["v1"]: one of Service, ServiceSubset, Namespace, Targets, or Datacenters is required`,
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
{
name: "failover to self using invalid subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"v1": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Service: "test",
ServiceSubset: "gone",
},
},
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
validateErr: `Bad Failover["v1"]: ServiceSubset "gone" is not a valid subset of "test"`,
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
{
name: "failover to self using valid subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
do some initial config entry graph validation during writes (#6047)
2019-07-01 20:23:36 +00:00
"v1": {Filter: "Service.Meta.version == v1"},
"v2": {Filter: "Service.Meta.version == v2"},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
},
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"v1": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Service: "test",
ServiceSubset: "v2",
},
},
},
},
{
name: "failover with empty datacenters in list",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
"*": {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
Service: "backup",
Datacenters: []string{"", "dc2", "dc3"},
},
},
},
validateErr: `Bad Failover["*"].Datacenters: found empty datacenter`,
},
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
{
name: "failover target with an invalid subset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Targets: []ServiceResolverFailoverTarget{{ServiceSubset: "subset"}},
},
},
},
validateErr: `Bad Failover["*"].Targets[0]: ServiceSubset "subset" is not a valid subset of "test"`,
},
{
name: "failover targets can't have Peer and ServiceSubset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Targets: []ServiceResolverFailoverTarget{{Peer: "cluster-01", ServiceSubset: "subset"}},
},
},
},
validateErr: `Bad Failover["*"].Targets[0]: Peer cannot be set with ServiceSubset`,
},
{
name: "failover targets can't have Peer and Datacenter",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Targets: []ServiceResolverFailoverTarget{{Peer: "cluster-01", Datacenter: "dc1"}},
},
},
},
validateErr: `Bad Failover["*"].Targets[0]: Peer cannot be set with Datacenter`,
},
{
name: "failover Targets cannot be set with Datacenters",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Datacenters: []string{"a"},
Targets: []ServiceResolverFailoverTarget{{Peer: "cluster-01"}},
},
},
},
validateErr: `Bad Failover["*"]: Targets cannot be set with Datacenters`,
},
{
name: "failover Targets cannot be set with ServiceSubset",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
ServiceSubset: "v2",
Targets: []ServiceResolverFailoverTarget{{Peer: "cluster-01"}},
},
},
Subsets: map[string]ServiceResolverSubset{
"v2": {Filter: "Service.Meta.version == v2"},
},
},
validateErr: `Bad Failover["*"]: Targets cannot be set with ServiceSubset`,
},
{
name: "failover Targets cannot be set with Service",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Service: "another-service",
Targets: []ServiceResolverFailoverTarget{{Peer: "cluster-01"}},
},
},
Subsets: map[string]ServiceResolverSubset{
"v2": {Filter: "Service.Meta.version == v2"},
},
},
validateErr: `Bad Failover["*"]: Targets cannot be set with Service`,
},
{
name: "complicated failover targets",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Failover: map[string]ServiceResolverFailover{
"*": {
Targets: []ServiceResolverFailoverTarget{
{Peer: "cluster-01", Service: "test-v2"},
{Service: "test-v2", ServiceSubset: "test"},
{Datacenter: "dc2"},
},
},
},
},
},
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
{
name: "bad connect timeout",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
ConnectTimeout: -1 * time.Second,
},
validateErr: "Bad ConnectTimeout",
},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
// Bulk add a bunch of similar validation cases.
for _, invalidSubset := range invalidSubsetNames {
tc := testcase{
name: "invalid subset name: " + invalidSubset,
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
invalidSubset: {OnlyPassing: true},
},
},
validateErr: fmt.Sprintf("Subset %q is invalid", invalidSubset),
}
cases = append(cases, tc)
}
for _, goodSubset := range validSubsetNames {
tc := testcase{
name: "valid subset name: " + goodSubset,
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Subsets: map[string]ServiceResolverSubset{
goodSubset: {OnlyPassing: true},
},
},
}
cases = append(cases, tc)
}
for _, tc := range cases {
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
tc := tc
t.Run(tc.name, func(t *testing.T) {
err := tc.entry.Normalize()
if tc.normalizeErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.normalizeErr)
return
}
require.NoError(t, err)
if tc.check != nil {
tc.check(t, tc.entry)
}
err = tc.entry.Validate()
if tc.validateErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.validateErr)
return
}
require.NoError(t, err)
})
}
}
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
func TestServiceResolverConfigEntry_LoadBalancer(t *testing.T) {
type testcase struct {
name string
entry *ServiceResolverConfigEntry
normalizeErr string
validateErr string
// check is called between normalize and validate
check func(t *testing.T, entry *ServiceResolverConfigEntry)
}
cases := []testcase{
{
name: "empty policy is valid",
entry: &ServiceResolverConfigEntry{
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: "",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
{
name: "supported policy",
entry: &ServiceResolverConfigEntry{
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyRandom,
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
{
name: "unsupported policy",
entry: &ServiceResolverConfigEntry{
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: "fake-policy",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
validateErr: `"fake-policy" is not supported`,
},
{
name: "bad policy for least request config",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyRingHash,
LeastRequestConfig: &LeastRequestConfig{ChoiceCount: 10},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
validateErr: `LeastRequestConfig specified for incompatible load balancing policy`,
},
{
name: "bad policy for ring hash config",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyLeastRequest,
RingHashConfig: &RingHashConfig{MinimumRingSize: 1024},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
validateErr: `RingHashConfig specified for incompatible load balancing policy`,
},
{
name: "good policy for ring hash config",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyRingHash,
RingHashConfig: &RingHashConfig{MinimumRingSize: 1024},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
{
name: "good policy for least request config",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyLeastRequest,
LeastRequestConfig: &LeastRequestConfig{ChoiceCount: 2},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
{
name: "empty policy is not defaulted",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: "",
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
check: func(t *testing.T, entry *ServiceResolverConfigEntry) {
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
require.Equal(t, "", entry.LoadBalancer.Policy)
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
{
name: "empty policy with hash policy",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: "",
HashPolicies: []HashPolicy{
{
SourceIP: true,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
validateErr: `HashPolicies specified for non-hash-based Policy`,
},
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
name: "cookie config with header policy",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: HashPolicyHeader,
FieldValue: "x-user-id",
CookieConfig: &CookieConfig{
TTL: 10 * time.Second,
Path: "/root",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
},
},
},
},
},
validateErr: `cookie_config provided for "header"`,
},
{
Add session flag to cookie config
2020-09-12 00:34:03 +00:00
name: "cannot generate session cookie with ttl",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: HashPolicyCookie,
FieldValue: "good-cookie",
CookieConfig: &CookieConfig{
Session: true,
TTL: 10 * time.Second,
},
},
},
},
},
validateErr: `a session cookie cannot have an associated TTL`,
},
{
name: "valid cookie policy",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: HashPolicyCookie,
FieldValue: "good-cookie",
CookieConfig: &CookieConfig{
TTL: 10 * time.Second,
Path: "/oven",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
},
},
},
},
},
},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
{
name: "supported match field",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: "header",
FieldValue: "X-Consul-Token",
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
},
{
name: "unsupported match field",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: "fake-field",
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
validateErr: `"fake-field" is not a supported field`,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
{
name: "cannot match on source address and custom field",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: "header",
SourceIP: true,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
validateErr: `A single hash policy cannot hash both a source address and a "header"`,
},
{
name: "matchvalue not compatible with source address",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
FieldValue: "X-Consul-Token",
SourceIP: true,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
validateErr: `A FieldValue cannot be specified when hashing SourceIP`,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
{
name: "field without match value",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
Field: "header",
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
validateErr: `Field "header" was specified without a FieldValue`,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
{
name: "field without match value",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyMaglev,
HashPolicies: []HashPolicy{
{
FieldValue: "my-cookie",
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
validateErr: `FieldValue requires a Field to apply to`,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
{
name: "ring hash kitchen sink",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyRingHash,
RingHashConfig: &RingHashConfig{MaximumRingSize: 10, MinimumRingSize: 2},
HashPolicies: []HashPolicy{
{
Field: "cookie",
FieldValue: "my-cookie",
},
{
Field: "header",
FieldValue: "alt-header",
Terminal: true,
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
},
},
{
name: "least request kitchen sink",
entry: &ServiceResolverConfigEntry{
Kind: ServiceResolver,
Name: "test",
Restructure structs and other PR comments
2020-09-02 15:10:50 +00:00
LoadBalancer: &LoadBalancer{
Revert EnvoyConfig nesting
2020-09-11 15:21:43 +00:00
Policy: LBPolicyLeastRequest,
LeastRequestConfig: &LeastRequestConfig{ChoiceCount: 20},
Add LB policy to service-resolver
2020-08-23 00:05:09 +00:00
},
},
},
}
for _, tc := range cases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
err := tc.entry.Normalize()
if tc.normalizeErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.normalizeErr)
return
}
require.NoError(t, err)
if tc.check != nil {
tc.check(t, tc.entry)
}
err = tc.entry.Validate()
if tc.validateErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.validateErr)
return
}
require.NoError(t, err)
})
}
}
adding new config entries for L7 discovery chain (unused) (#5987)
2019-06-27 17:37:43 +00:00
func TestServiceSplitterConfigEntry(t *testing.T) {
makesplitter := func(splits ...ServiceSplit) *ServiceSplitterConfigEntry {
return &ServiceSplitterConfigEntry{
Kind: ServiceSplitter,
Name: "test",
Splits: splits,
}
}
makesplit := func(weight float32, service, serviceSubset, namespace string) ServiceSplit {
return ServiceSplit{
Weight: weight,
Service: service,
ServiceSubset: serviceSubset,
Namespace: namespace,
}
}
for _, tc := range []struct {
name string
entry *ServiceSplitterConfigEntry
normalizeErr string
validateErr string
// check is called between normalize and validate
check func(t *testing.T, entry *ServiceSplitterConfigEntry)
}{
{
name: "nil",
entry: nil,
normalizeErr: "config entry is nil",
},
{
name: "no name",
entry: &ServiceSplitterConfigEntry{},
validateErr: "Name is required",
},
{
name: "empty",
entry: makesplitter(),
validateErr: "no splits configured",
},
{
name: "1 split",
entry: makesplitter(
makesplit(100, "test", "", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(100), entry.Splits[0].Weight)
},
},
{
name: "1 split not enough weight",
entry: makesplitter(
makesplit(99.99, "test", "", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(99.99), entry.Splits[0].Weight)
},
validateErr: "the sum of all split weights must be 100",
},
{
name: "1 split too much weight",
entry: makesplitter(
makesplit(100.01, "test", "", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(100.01), entry.Splits[0].Weight)
},
validateErr: "the sum of all split weights must be 100",
},
{
name: "2 splits",
entry: makesplitter(
makesplit(99, "test", "v1", ""),
makesplit(1, "test", "v2", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(99), entry.Splits[0].Weight)
require.Equal(t, float32(1), entry.Splits[1].Weight)
},
},
{
name: "2 splits - rounded up to smallest units",
entry: makesplitter(
makesplit(99.999, "test", "v1", ""),
makesplit(0.001, "test", "v2", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(100), entry.Splits[0].Weight)
require.Equal(t, float32(0), entry.Splits[1].Weight)
},
},
{
name: "2 splits not enough weight",
entry: makesplitter(
makesplit(99.98, "test", "v1", ""),
makesplit(0.01, "test", "v2", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(99.98), entry.Splits[0].Weight)
require.Equal(t, float32(0.01), entry.Splits[1].Weight)
},
validateErr: "the sum of all split weights must be 100",
},
{
name: "2 splits too much weight",
entry: makesplitter(
makesplit(100, "test", "v1", ""),
makesplit(0.01, "test", "v2", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(100), entry.Splits[0].Weight)
require.Equal(t, float32(0.01), entry.Splits[1].Weight)
},
validateErr: "the sum of all split weights must be 100",
},
{
name: "3 splits",
entry: makesplitter(
makesplit(34, "test", "v1", ""),
makesplit(33, "test", "v2", ""),
makesplit(33, "test", "v3", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(34), entry.Splits[0].Weight)
require.Equal(t, float32(33), entry.Splits[1].Weight)
require.Equal(t, float32(33), entry.Splits[2].Weight)
},
},
{
name: "3 splits one duplicated same weights",
entry: makesplitter(
makesplit(34, "test", "v1", ""),
makesplit(33, "test", "v2", ""),
makesplit(33, "test", "v2", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(34), entry.Splits[0].Weight)
require.Equal(t, float32(33), entry.Splits[1].Weight)
require.Equal(t, float32(33), entry.Splits[2].Weight)
},
validateErr: "split destination occurs more than once",
},
{
name: "3 splits one duplicated diff weights",
entry: makesplitter(
makesplit(34, "test", "v1", ""),
makesplit(33, "test", "v2", ""),
makesplit(33, "test", "v1", ""),
),
check: func(t *testing.T, entry *ServiceSplitterConfigEntry) {
require.Equal(t, float32(34), entry.Splits[0].Weight)
require.Equal(t, float32(33), entry.Splits[1].Weight)
require.Equal(t, float32(33), entry.Splits[2].Weight)
},
validateErr: "split destination occurs more than once",
},
} {
tc := tc
t.Run(tc.name, func(t *testing.T) {
err := tc.entry.Normalize()
if tc.normalizeErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.normalizeErr)
return
}
require.NoError(t, err)
if tc.check != nil {
tc.check(t, tc.entry)
}
err = tc.entry.Validate()
if tc.validateErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.validateErr)
return
}
require.NoError(t, err)
})
}
}
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-08-26 13:50:49 +00:00
func TestServiceSplitMergeParent(t *testing.T) {
type testCase struct {
name string
split, parent, want *ServiceSplit
wantErr string
}
run := func(t *testing.T, tc testCase) {
got, err := tc.split.MergeParent(tc.parent)
if tc.wantErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.wantErr)
} else {
require.NoError(t, err)
require.Equal(t, tc.want, got)
}
}
testCases := []testCase{
{
name: "all header manip fields set",
split: &ServiceSplit{
Weight: 50.0,
Service: "foo",
RequestHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"child-only": "1",
"both-want-child": "2",
},
Set: map[string]string{
"child-only": "3",
"both-want-child": "4",
},
Remove: []string{"child-only-req", "both-req"},
},
ResponseHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"child-only": "5",
"both-want-parent": "6",
},
Set: map[string]string{
"child-only": "7",
"both-want-parent": "8",
},
Remove: []string{"child-only-resp", "both-resp"},
},
},
parent: &ServiceSplit{
Weight: 25.0,
Service: "bar",
RequestHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"parent-only": "9",
"both-want-child": "10",
},
Set: map[string]string{
"parent-only": "11",
"both-want-child": "12",
},
Remove: []string{"parent-only-req", "both-req"},
},
ResponseHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"parent-only": "13",
"both-want-parent": "14",
},
Set: map[string]string{
"parent-only": "15",
"both-want-parent": "16",
},
Remove: []string{"parent-only-resp", "both-resp"},
},
},
want: &ServiceSplit{
Weight: 50.0,
Service: "foo",
RequestHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"child-only": "1",
"both-want-child": "2",
"parent-only": "9",
},
Set: map[string]string{
"child-only": "3",
"both-want-child": "4",
"parent-only": "11",
},
Remove: []string{"parent-only-req", "both-req", "child-only-req"},
},
ResponseHeaders: &HTTPHeaderModifiers{
Add: map[string]string{
"child-only": "5",
"parent-only": "13",
"both-want-parent": "14",
},
Set: map[string]string{
"child-only": "7",
"parent-only": "15",
"both-want-parent": "16",
},
Remove: []string{"child-only-resp", "both-resp", "parent-only-resp"},
},
},
},
{
name: "no header manip",
split: &ServiceSplit{
Weight: 50,
Service: "foo",
},
parent: &ServiceSplit{
Weight: 50,
Service: "bar",
},
want: &ServiceSplit{
Weight: 50,
Service: "foo",
},
},
{
name: "nil parent",
split: &ServiceSplit{
Weight: 50,
Service: "foo",
},
parent: nil,
want: &ServiceSplit{
Weight: 50,
Service: "foo",
},
},
{
name: "nil child",
split: nil,
parent: &ServiceSplit{
Weight: 50,
Service: "foo",
},
want: &ServiceSplit{
Weight: 50,
Service: "foo",
},
},
{
name: "both nil",
split: nil,
parent: nil,
want: nil,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
run(t, tc)
})
}
}
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
func TestServiceRouterConfigEntry(t *testing.T) {
httpMatch := func(http *ServiceRouteHTTPMatch) *ServiceRouteMatch {
return &ServiceRouteMatch{HTTP: http}
}
httpMatchHeader := func(headers ...ServiceRouteHTTPMatchHeader) *ServiceRouteMatch {
return httpMatch(&ServiceRouteHTTPMatch{
Header: headers,
})
}
httpMatchParam := func(params ...ServiceRouteHTTPMatchQueryParam) *ServiceRouteMatch {
return httpMatch(&ServiceRouteHTTPMatch{
QueryParam: params,
})
}
toService := func(svc string) *ServiceRouteDestination {
return &ServiceRouteDestination{Service: svc}
}
routeMatch := func(match *ServiceRouteMatch) ServiceRoute {
return ServiceRoute{
Match: match,
Destination: toService("other"),
}
}
makerouter := func(routes ...ServiceRoute) *ServiceRouterConfigEntry {
return &ServiceRouterConfigEntry{
Kind: ServiceRouter,
Name: "test",
Routes: routes,
}
}
type testcase struct {
name string
entry *ServiceRouterConfigEntry
normalizeErr string
validateErr string
// check is called between normalize and validate
check func(t *testing.T, entry *ServiceRouterConfigEntry)
}
cases := []testcase{
{
name: "nil",
entry: nil,
normalizeErr: "config entry is nil",
},
{
name: "no name",
entry: &ServiceRouterConfigEntry{},
validateErr: "Name is required",
},
{
name: "empty",
entry: makerouter(),
},
{
name: "1 empty route",
entry: makerouter(
ServiceRoute{},
),
},
{
name: "route with path exact",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathExact: "/exact",
}))),
},
{
name: "route with bad path exact",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathExact: "no-leading-slash",
}))),
validateErr: "PathExact doesn't start with '/'",
},
{
name: "route with path prefix",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathPrefix: "/prefix",
}))),
},
{
name: "route with bad path prefix",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathPrefix: "no-leading-slash",
}))),
validateErr: "PathPrefix doesn't start with '/'",
},
{
name: "route with path regex",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathRegex: "/regex",
}))),
},
{
name: "route with path exact and prefix",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathExact: "/exact",
PathPrefix: "/prefix",
}))),
validateErr: "should only contain at most one of PathExact, PathPrefix, or PathRegex",
},
{
name: "route with path exact and regex",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathExact: "/exact",
PathRegex: "/regex",
}))),
validateErr: "should only contain at most one of PathExact, PathPrefix, or PathRegex",
},
{
name: "route with path prefix and regex",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathPrefix: "/prefix",
PathRegex: "/regex",
}))),
validateErr: "should only contain at most one of PathExact, PathPrefix, or PathRegex",
},
{
name: "route with path exact, prefix, and regex",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
PathExact: "/exact",
PathPrefix: "/prefix",
PathRegex: "/regex",
}))),
validateErr: "should only contain at most one of PathExact, PathPrefix, or PathRegex",
},
{
name: "route with no name header",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Present: true,
}))),
validateErr: "missing required Name field",
},
{
name: "route with header present",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
}))),
},
{
name: "route with header not present",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
Invert: true,
}))),
},
{
name: "route with header exact",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Exact: "bar",
}))),
},
{
name: "route with header regex",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Regex: "bar",
}))),
},
{
name: "route with header prefix",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Prefix: "bar",
}))),
},
{
name: "route with header suffix",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Suffix: "bar",
}))),
},
{
name: "route with header present and exact",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
Exact: "bar",
}))),
validateErr: "should only contain one of Present, Exact, Prefix, Suffix, or Regex",
},
{
name: "route with header present and regex",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
Regex: "bar",
}))),
validateErr: "should only contain one of Present, Exact, Prefix, Suffix, or Regex",
},
{
name: "route with header present and prefix",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
Prefix: "bar",
}))),
validateErr: "should only contain one of Present, Exact, Prefix, Suffix, or Regex",
},
{
name: "route with header present and suffix",
entry: makerouter(routeMatch(httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Present: true,
Suffix: "bar",
}))),
validateErr: "should only contain one of Present, Exact, Prefix, Suffix, or Regex",
},
// NOTE: Some combinatoric cases for header operators (some 5 choose 2,
// all 5 choose 3, all 5 choose 4, all 5 choose 5) are omitted from
// testing.
////////////////
{
name: "route with no name query param",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163) This is a breaking change, but only in the context of the beta series.
2019-07-24 01:55:26 +00:00
Exact: "foo",
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}))),
validateErr: "missing required Name field",
},
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163) This is a breaking change, but only in the context of the beta series.
2019-07-24 01:55:26 +00:00
{
name: "route with query param exact match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Exact: "bar",
}))),
},
{
name: "route with query param regex match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Regex: "bar",
}))),
},
{
name: "route with query param present match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Present: true,
}))),
},
{
name: "route with query param exact and regex match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Exact: "bar",
Regex: "bar",
}))),
validateErr: "should only contain one of Present, Exact, or Regex",
},
{
name: "route with query param exact and present match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Exact: "bar",
Present: true,
}))),
validateErr: "should only contain one of Present, Exact, or Regex",
},
{
name: "route with query param regex and present match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Regex: "bar",
Present: true,
}))),
validateErr: "should only contain one of Present, Exact, or Regex",
},
{
name: "route with query param exact, regex, and present match",
entry: makerouter(routeMatch(httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
Exact: "bar",
Regex: "bar",
Present: true,
}))),
validateErr: "should only contain one of Present, Exact, or Regex",
},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
////////////////
{
name: "route with no match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: nil,
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
validateErr: "cannot make use of PrefixRewrite without configuring either PathExact or PathPrefix",
},
{
name: "route with path prefix match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: httpMatch(&ServiceRouteHTTPMatch{
PathPrefix: "/api",
}),
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
},
{
name: "route with path exact match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: httpMatch(&ServiceRouteHTTPMatch{
PathExact: "/api",
}),
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
},
{
name: "route with path regex match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: httpMatch(&ServiceRouteHTTPMatch{
PathRegex: "/api",
}),
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
validateErr: "cannot make use of PrefixRewrite without configuring either PathExact or PathPrefix",
},
{
name: "route with header match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: httpMatchHeader(ServiceRouteHTTPMatchHeader{
Name: "foo",
Exact: "bar",
}),
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
validateErr: "cannot make use of PrefixRewrite without configuring either PathExact or PathPrefix",
},
{
name: "route with header match and prefix rewrite",
entry: makerouter(ServiceRoute{
Match: httpMatchParam(ServiceRouteHTTPMatchQueryParam{
Name: "foo",
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163) This is a breaking change, but only in the context of the beta series.
2019-07-24 01:55:26 +00:00
Exact: "bar",
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}),
Destination: &ServiceRouteDestination{
Service: "other",
PrefixRewrite: "/new",
},
}),
validateErr: "cannot make use of PrefixRewrite without configuring either PathExact or PathPrefix",
},
connect: allow L7 routers to match on http methods (#6164) Fixes #6158
2019-07-24 01:56:39 +00:00
////////////////
{
name: "route with method matches",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
Methods: []string{
"get", "POST", "dElEtE",
},
}))),
check: func(t *testing.T, entry *ServiceRouterConfigEntry) {
m := entry.Routes[0].Match.HTTP.Methods
require.Equal(t, []string{"GET", "POST", "DELETE"}, m)
},
},
{
name: "route with method matches repeated",
entry: makerouter(routeMatch(httpMatch(&ServiceRouteHTTPMatch{
Methods: []string{
"GET", "DELETE", "get",
},
}))),
validateErr: "Methods contains \"GET\" more than once",
},
Add the ability to retry on reset connection to service-routers (#12890)
2022-10-05 17:06:44 +00:00
////////////////
{
name: "route with no match with retry condition",
entry: makerouter(ServiceRoute{
Match: nil,
Destination: &ServiceRouteDestination{
Service: "other",
RetryOn: []string{
"5xx",
"gateway-error",
"reset",
"connect-failure",
"envoy-ratelimited",
"retriable-4xx",
"refused-stream",
"cancelled",
"deadline-exceeded",
"internal",
"resource-exhausted",
"unavailable",
},
},
}),
},
{
name: "route with no match with invalid retry condition",
entry: makerouter(ServiceRoute{
Match: nil,
Destination: &ServiceRouteDestination{
Service: "other",
RetryOn: []string{
"invalid-retry-condition",
},
},
}),
validateErr: "contains an invalid retry condition: \"invalid-retry-condition\"",
},
connect: validate and test more of the L7 config entries (#6156)
2019-07-24 01:50:23 +00:00
}
for _, tc := range cases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
err := tc.entry.Normalize()
if tc.normalizeErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.normalizeErr)
return
}
require.NoError(t, err)
if tc.check != nil {
tc.check(t, tc.entry)
}
err = tc.entry.Validate()
if tc.validateErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tc.validateErr)
return
}
require.NoError(t, err)
})
}
}
var validSubsetNames = []string{
"a", "aa", "2a", "a2", "a2a", "a22a",
"1", "11", "10", "01",
"a-a", "a--a", "a--a--a",
"0-0", "0--0", "0--0--0",
strings.Repeat("a", 63),
}
var invalidSubsetNames = []string{
"A", "AA", "2A", "A2", "A2A", "A22A",
"A-A", "A--A", "A--A--A",
" ", " a", "a ", "a a",
"_", "_a", "a_", "a_a",
".", ".a", "a.", "a.a",
"-", "-a", "a-",
strings.Repeat("a", 64),
}
func TestValidateServiceSubset(t *testing.T) {
for _, name := range validSubsetNames {
t.Run(name, func(t *testing.T) {
require.NoError(t, validateServiceSubset(name))
})
}
for _, name := range invalidSubsetNames {
t.Run(name, func(t *testing.T) {
require.Error(t, validateServiceSubset(name))
})
}
}
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
2020-08-27 17:20:58 +00:00
func TestIsProtocolHTTPLike(t *testing.T) {
assert.False(t, IsProtocolHTTPLike(""))
assert.False(t, IsProtocolHTTPLike("tcp"))
assert.True(t, IsProtocolHTTPLike("http"))
assert.True(t, IsProtocolHTTPLike("http2"))
assert.True(t, IsProtocolHTTPLike("grpc"))
}
Add the ability to retry on reset connection to service-routers (#12890)
2022-10-05 17:06:44 +00:00
func TestIsValidRetryCondition(t *testing.T) {
assert.False(t, isValidRetryCondition(""))
assert.False(t, isValidRetryCondition("retriable-headers"))
assert.False(t, isValidRetryCondition("retriable-status-codes"))
assert.True(t, isValidRetryCondition("5xx"))
assert.True(t, isValidRetryCondition("gateway-error"))
assert.True(t, isValidRetryCondition("reset"))
assert.True(t, isValidRetryCondition("connect-failure"))
assert.True(t, isValidRetryCondition("envoy-ratelimited"))
assert.True(t, isValidRetryCondition("retriable-4xx"))
assert.True(t, isValidRetryCondition("refused-stream"))
assert.True(t, isValidRetryCondition("cancelled"))
assert.True(t, isValidRetryCondition("deadline-exceeded"))
assert.True(t, isValidRetryCondition("internal"))
assert.True(t, isValidRetryCondition("resource-exhausted"))
assert.True(t, isValidRetryCondition("unavailable"))
}