luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/http_test.go

1334 lines
35 KiB
Go
Raw Normal View History

Adding more agent tests
2013-12-23 21:52:10 +00:00
package agent
import (
More HTTP endpoints
2013-12-24 00:20:51 +00:00
"bytes"
Update TestHTTPServer_UnixSocket with DialContext
2017-02-11 02:29:42 +00:00
"context"
More HTTP endpoints
2013-12-24 00:20:51 +00:00
"encoding/json"
agent: Improving test reliability
2014-05-21 19:31:22 +00:00
"fmt"
More HTTP endpoints
2013-12-24 00:20:51 +00:00
"io"
"io/ioutil"
agent: fixing up tests
2015-01-16 17:58:37 +00:00
"net"
agent: adding more tests
2014-02-05 22:47:42 +00:00
"net/http"
"net/http/httptest"
HTTP: add content-type: application/json header
2014-04-17 18:38:14 +00:00
"os"
agent: Adding endpoint to serve the UI
2014-04-23 19:57:06 +00:00
"path/filepath"
agent: fixing up tests
2015-01-16 17:58:37 +00:00
"runtime"
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
"strconv"
agent: hide tokens from logs and monitor
2015-04-12 18:17:31 +00:00
"strings"
Adding more agent tests
2013-12-23 21:52:10 +00:00
"testing"
agent: adding more tests
2014-02-05 22:47:42 +00:00
"time"
agent: Address overrides. Fixes #301 and #253
2014-09-02 19:47:40 +00:00
agent: move agent/consul/structs to agent/structs
2017-07-06 10:34:00 +00:00
"github.com/hashicorp/consul/agent/structs"
Adds HTTP/2 support to Consul's HTTPS server. (#3657) * Refactors the HTTP listen path to create servers in the same spot. * Adds HTTP/2 support to Consul's HTTPS server. * Vendors Go HTTP/2 library and associated deps.
2017-11-07 23:06:59 +00:00
"github.com/hashicorp/consul/api"
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
2018-10-17 20:20:35 +00:00
"github.com/hashicorp/consul/testrpc"
test: add helper for ioutil.TempDir/TempFile This creates a simplified helper for temporary directories and files. All path names are prefixed with the name of the current test. All files and directories are stored either in /tmp/consul-test or /tmp if the former could not be created. Using the system temp dir breaks some tests on macOS where the unix socket path becomes too long.
2017-05-12 13:41:13 +00:00
"github.com/hashicorp/consul/testutil"
[Security] Allow blocking Write endpoints on Agent using Network Addresses (#4719) * Add -write-allowed-nets option * Add documentation for the new write_allowed_nets option
2019-01-10 14:27:26 +00:00
cleanhttp "github.com/hashicorp/go-cleanhttp"
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
2018-10-17 20:20:35 +00:00
"github.com/stretchr/testify/assert"
Handle resolving proxy tokens when parsing HTTP requests (#4453) Fixes: #4441 This fixes the issue with Connect Managed Proxies + ACLs being broken. The underlying problem was that the token parsed for most http endpoints was sent untouched to the servers via the RPC request. These changes make it so that at the HTTP endpoint when parsing the token we additionally attempt to convert potential proxy tokens into regular tokens before sending to the RPC endpoint. Proxy tokens are only valid on the agent with the managed proxy so the resolution has to happen before it gets forwarded anywhere.
2018-07-30 13:11:51 +00:00
"github.com/stretchr/testify/require"
Adds HTTP/2 support to Consul's HTTPS server. (#3657) * Refactors the HTTP listen path to create servers in the same spot. * Adds HTTP/2 support to Consul's HTTPS server. * Vendors Go HTTP/2 library and associated deps.
2017-11-07 23:06:59 +00:00
"golang.org/x/net/http2"
Adding more agent tests
2013-12-23 21:52:10 +00:00
)
agent: fixing up tests
2015-01-16 17:58:37 +00:00
func TestHTTPServer_UnixSocket(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: fixing up tests
2015-01-16 17:58:37 +00:00
if runtime.GOOS == "windows" {
t.SkipNow()
}
test: add helper for ioutil.TempDir/TempFile This creates a simplified helper for temporary directories and files. All path names are prefixed with the name of the current test. All files and directories are stored either in /tmp/consul-test or /tmp if the former could not be created. Using the system temp dir breaks some tests on macOS where the unix socket path becomes too long.
2017-05-12 13:41:13 +00:00
tempDir := testutil.TempDir(t, "consul")
agent: fixing up tests
2015-01-16 17:58:37 +00:00
defer os.RemoveAll(tempDir)
test: add helper for ioutil.TempDir/TempFile This creates a simplified helper for temporary directories and files. All path names are prefixed with the name of the current test. All files and directories are stored either in /tmp/consul-test or /tmp if the former could not be created. Using the system temp dir breaks some tests on macOS where the unix socket path becomes too long.
2017-05-12 13:41:13 +00:00
socket := filepath.Join(tempDir, "test.sock")
agent: fixing up tests
2015-01-16 17:58:37 +00:00
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
// Only testing mode, since uid/gid might not be settable
// from test environment.
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
addresses {
http = "unix://`+socket+`"
}
unix_sockets {
mode = "0777"
}
`)
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
agent: fixing up tests
2015-01-16 17:58:37 +00:00
// Ensure the socket was created
if _, err := os.Stat(socket); err != nil {
t.Fatalf("err: %s", err)
}
agent: test Unix domain socket permission settings
2015-01-20 22:32:15 +00:00
// Ensure the mode was set properly
fi, err := os.Stat(socket)
if err != nil {
t.Fatalf("err: %s", err)
}
if fi.Mode().String() != "Srwxrwxrwx" {
t.Fatalf("bad permissions: %s", fi.Mode())
}
agent: fixing up tests
2015-01-16 17:58:37 +00:00
// Ensure we can get a response from the socket.
Use cleanhttp to get rid of DefaultTransport
2015-10-22 14:47:50 +00:00
trans := cleanhttp.DefaultTransport()
Update TestHTTPServer_UnixSocket with DialContext
2017-02-11 02:29:42 +00:00
trans.DialContext = func(_ context.Context, _, _ string) (net.Conn, error) {
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
return net.Dial("unix", socket)
Use cleanhttp to get rid of DefaultTransport
2015-10-22 14:47:50 +00:00
}
agent: fixing up tests
2015-01-16 17:58:37 +00:00
client := &http.Client{
Use cleanhttp to get rid of DefaultTransport
2015-10-22 14:47:50 +00:00
Transport: trans,
agent: fixing up tests
2015-01-16 17:58:37 +00:00
}
// This URL doesn't look like it makes sense, but the scheme (http://) and
// the host (127.0.0.1) are required by the HTTP client library. In reality
// this will just use the custom dialer and talk to the socket.
resp, err := client.Get("http://127.0.0.1/v1/agent/self")
if err != nil {
t.Fatalf("err: %s", err)
}
defer resp.Body.Close()
if body, err := ioutil.ReadAll(resp.Body); err != nil || len(body) == 0 {
t.Fatalf("bad: %s %v", body, err)
}
}
agent: error if binding to existing socket file
2015-01-16 20:39:15 +00:00
func TestHTTPServer_UnixSocket_FileExists(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: test socket file overwrite
2015-01-16 18:37:13 +00:00
if runtime.GOOS == "windows" {
t.SkipNow()
}
test: add helper for ioutil.TempDir/TempFile This creates a simplified helper for temporary directories and files. All path names are prefixed with the name of the current test. All files and directories are stored either in /tmp/consul-test or /tmp if the former could not be created. Using the system temp dir breaks some tests on macOS where the unix socket path becomes too long.
2017-05-12 13:41:13 +00:00
tempDir := testutil.TempDir(t, "consul")
agent: test socket file overwrite
2015-01-16 18:37:13 +00:00
defer os.RemoveAll(tempDir)
test: add helper for ioutil.TempDir/TempFile This creates a simplified helper for temporary directories and files. All path names are prefixed with the name of the current test. All files and directories are stored either in /tmp/consul-test or /tmp if the former could not be created. Using the system temp dir breaks some tests on macOS where the unix socket path becomes too long.
2017-05-12 13:41:13 +00:00
socket := filepath.Join(tempDir, "test.sock")
agent: test socket file overwrite
2015-01-16 18:37:13 +00:00
// Create a regular file at the socket path
if err := ioutil.WriteFile(socket, []byte("hello world"), 0644); err != nil {
t.Fatalf("err: %s", err)
}
fi, err := os.Stat(socket)
if err != nil {
t.Fatalf("err: %s", err)
}
if !fi.Mode().IsRegular() {
t.Fatalf("not a regular file: %s", socket)
}
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
addresses {
http = "unix://`+socket+`"
}
`)
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
agent: error if binding to existing socket file
2015-01-16 20:39:15 +00:00
agent: adjusting tests for new behavior of sockets
2015-01-20 22:13:36 +00:00
// Ensure the file was replaced by the socket
fi, err = os.Stat(socket)
if err != nil {
t.Fatalf("err: %s", err)
}
if fi.Mode()&os.ModeSocket == 0 {
t.Fatalf("expected socket to replace file")
agent: test socket file overwrite
2015-01-16 18:37:13 +00:00
}
}
Adds HTTP/2 support to Consul's HTTPS server. (#3657) * Refactors the HTTP listen path to create servers in the same spot. * Adds HTTP/2 support to Consul's HTTPS server. * Vendors Go HTTP/2 library and associated deps.
2017-11-07 23:06:59 +00:00
func TestHTTPServer_H2(t *testing.T) {
t.Parallel()
// Fire up an agent with TLS enabled.
a := &TestAgent{
Name: t.Name(),
UseTLS: true,
HCL: `
key_file = "../test/client_certs/server.key"
cert_file = "../test/client_certs/server.crt"
ca_file = "../test/client_certs/rootca.crt"
`,
}
a.Start()
defer a.Shutdown()
// Make an HTTP/2-enabled client, using the API helpers to set
// up TLS to be as normal as possible for Consul.
tlscfg := &api.TLSConfig{
Address: "consul.test",
KeyFile: "../test/client_certs/client.key",
CertFile: "../test/client_certs/client.crt",
CAFile: "../test/client_certs/rootca.crt",
}
tlsccfg, err := api.SetupTLSConfig(tlscfg)
if err != nil {
t.Fatalf("err: %v", err)
}
transport := api.DefaultConfig().Transport
transport.TLSClientConfig = tlsccfg
if err := http2.ConfigureTransport(transport); err != nil {
t.Fatalf("err: %v", err)
}
hc := &http.Client{
Transport: transport,
}
// Hook a handler that echoes back the protocol.
handler := func(resp http.ResponseWriter, req *http.Request) {
resp.WriteHeader(http.StatusOK)
fmt.Fprint(resp, req.Proto)
}
Wraps HTTP mux to ban all non-printable characters from paths.
2017-12-20 23:47:53 +00:00
w, ok := a.srv.Handler.(*wrappedMux)
Adds HTTP/2 support to Consul's HTTPS server. (#3657) * Refactors the HTTP listen path to create servers in the same spot. * Adds HTTP/2 support to Consul's HTTPS server. * Vendors Go HTTP/2 library and associated deps.
2017-11-07 23:06:59 +00:00
if !ok {
t.Fatalf("handler is not expected type")
}
Wraps HTTP mux to ban all non-printable characters from paths.
2017-12-20 23:47:53 +00:00
w.mux.HandleFunc("/echo", handler)
Adds HTTP/2 support to Consul's HTTPS server. (#3657) * Refactors the HTTP listen path to create servers in the same spot. * Adds HTTP/2 support to Consul's HTTPS server. * Vendors Go HTTP/2 library and associated deps.
2017-11-07 23:06:59 +00:00
// Call it and make sure we see HTTP/2.
url := fmt.Sprintf("https://%s/echo", a.srv.ln.Addr().String())
resp, err := hc.Get(url)
if err != nil {
t.Fatalf("err: %v", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatalf("err: %v", err)
}
if !bytes.Equal(body, []byte("HTTP/2.0")) {
t.Fatalf("bad: %v", body)
}
// This doesn't have a closed-loop way to verify HTTP/2 support for
// some other endpoint, but configure an API client and make a call
// just as a sanity check.
cfg := &api.Config{
Address: a.srv.ln.Addr().String(),
Scheme: "https",
HttpClient: hc,
}
client, err := api.NewClient(cfg)
if err != nil {
t.Fatalf("err: %v", err)
}
if _, err := client.Agent().Self(); err != nil {
t.Fatalf("err: %v", err)
}
}
agent: adding more tests
2014-02-05 22:47:42 +00:00
func TestSetIndex(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: adding more tests
2014-02-05 22:47:42 +00:00
resp := httptest.NewRecorder()
setIndex(resp, 1000)
header := resp.Header().Get("X-Consul-Index")
if header != "1000" {
t.Fatalf("Bad: %v", header)
}
agent: Fixing multiple headers for /v1/event/list endpoint. Fixes #361
2014-10-14 00:53:54 +00:00
setIndex(resp, 2000)
if v := resp.Header()["X-Consul-Index"]; len(v) != 1 {
t.Fatalf("bad: %#v", v)
}
agent: adding more tests
2014-02-05 22:47:42 +00:00
}
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
func TestSetKnownLeader(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
resp := httptest.NewRecorder()
setKnownLeader(resp, true)
header := resp.Header().Get("X-Consul-KnownLeader")
if header != "true" {
t.Fatalf("Bad: %v", header)
}
resp = httptest.NewRecorder()
setKnownLeader(resp, false)
header = resp.Header().Get("X-Consul-KnownLeader")
if header != "false" {
t.Fatalf("Bad: %v", header)
}
}
func TestSetLastContact(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: LastContact cannot be negative (#3067) The X-Consul-LastContact header cannot be negative. Fixes #3067
2017-06-01 11:53:27 +00:00
tests := []struct {
desc string
d time.Duration
h string
}{
{"neg", -1, "0"},
{"zero", 0, "0"},
{"pos", 123 * time.Millisecond, "123"},
{"pos ms only", 123456 * time.Microsecond, "123"},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
resp := httptest.NewRecorder()
setLastContact(resp, tt.d)
header := resp.Header().Get("X-Consul-LastContact")
if got, want := header, tt.h; got != want {
t.Fatalf("got X-Consul-LastContact header %q want %q", got, want)
}
})
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
}
}
func TestSetMeta(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
meta := structs.QueryMeta{
Index: 1000,
KnownLeader: true,
LastContact: 123456 * time.Microsecond,
}
resp := httptest.NewRecorder()
setMeta(resp, &meta)
header := resp.Header().Get("X-Consul-Index")
if header != "1000" {
t.Fatalf("Bad: %v", header)
}
header = resp.Header().Get("X-Consul-KnownLeader")
if header != "true" {
t.Fatalf("Bad: %v", header)
}
header = resp.Header().Get("X-Consul-LastContact")
if header != "123" {
t.Fatalf("Bad: %v", header)
}
}
Adds the ability to blacklist specific HTTP endpoints. (#3252)
2017-07-10 20:51:25 +00:00
func TestHTTPAPI_BlockEndpoints(t *testing.T) {
t.Parallel()
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
http_config {
block_endpoints = ["/v1/agent/self"]
}
`)
Adds the ability to blacklist specific HTTP endpoints. (#3252)
2017-07-10 20:51:25 +00:00
defer a.Shutdown()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return nil, nil
}
// Try a blocked endpoint, which should get a 403.
{
req, _ := http.NewRequest("GET", "/v1/agent/self", nil)
resp := httptest.NewRecorder()
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
Adds the ability to blacklist specific HTTP endpoints. (#3252)
2017-07-10 20:51:25 +00:00
if got, want := resp.Code, http.StatusForbidden; got != want {
t.Fatalf("bad response code got %d want %d", got, want)
}
}
// Make sure some other endpoint still works.
{
req, _ := http.NewRequest("GET", "/v1/agent/checks", nil)
resp := httptest.NewRecorder()
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
Adds the ability to blacklist specific HTTP endpoints. (#3252)
2017-07-10 20:51:25 +00:00
if got, want := resp.Code, http.StatusOK; got != want {
t.Fatalf("bad response code got %d want %d", got, want)
}
}
}
Wraps HTTP mux to ban all non-printable characters from paths.
2017-12-20 23:47:53 +00:00
func TestHTTPAPI_Ban_Nonprintable_Characters(t *testing.T) {
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
req, _ := http.NewRequest("GET", "/v1/kv/bad\x00ness", nil)
resp := httptest.NewRecorder()
a.srv.Handler.ServeHTTP(resp, req)
if got, want := resp.Code, http.StatusBadRequest; got != want {
t.Fatalf("bad response code got %d want %d", got, want)
}
}
Add config option to disable HTTP printable char path check (#4442)
2018-07-26 12:53:39 +00:00
func TestHTTPAPI_Allow_Nonprintable_Characters_With_Flag(t *testing.T) {
a := NewTestAgent(t.Name(), "disable_http_unprintable_char_filter = true")
defer a.Shutdown()
req, _ := http.NewRequest("GET", "/v1/kv/bad\x00ness", nil)
resp := httptest.NewRecorder()
a.srv.Handler.ServeHTTP(resp, req)
// Key doesn't actually exist so we should get 404
if got, want := resp.Code, http.StatusNotFound; got != want {
t.Fatalf("bad response code got %d want %d", got, want)
}
}
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
func TestHTTPAPI_TranslateAddrHeader(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
// Header should not be present if address translation is off.
{
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), "")
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
resp := httptest.NewRecorder()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return nil, nil
}
req, _ := http.NewRequest("GET", "/v1/agent/self", nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
translate := resp.Header().Get("X-Consul-Translate-Addresses")
if translate != "" {
t.Fatalf("bad: expected %q, got %q", "", translate)
}
}
// Header should be set to true if it's turned on.
{
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
translate_wan_addrs = true
`)
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
resp := httptest.NewRecorder()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return nil, nil
}
req, _ := http.NewRequest("GET", "/v1/agent/self", nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled.
2016-08-16 18:31:41 +00:00
translate := resp.Header().Get("X-Consul-Translate-Addresses")
if translate != "true" {
t.Fatalf("bad: expected %q, got %q", "true", translate)
}
}
}
add ability to specify response headers on the HTTP API Add an config object that allows adding HTTP header response fields to every HTTP API response. Each specified header is added to every response from all HTTP API endpoints. Each individual endpoint may overwrite the specified header, which makes sure that Consul headers such as 'X-Consul-Index' is enforced by the API.
2014-12-28 04:53:19 +00:00
func TestHTTPAPIResponseHeaders(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
http_config {
response_headers = {
"Access-Control-Allow-Origin" = "*"
"X-XSS-Protection" = "1; mode=block"
}
}
`)
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
add ability to specify response headers on the HTTP API Add an config object that allows adding HTTP header response fields to every HTTP API response. Each specified header is added to every response from all HTTP API endpoints. Each individual endpoint may overwrite the specified header, which makes sure that Consul headers such as 'X-Consul-Index' is enforced by the API.
2014-12-28 04:53:19 +00:00
resp := httptest.NewRecorder()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return nil, nil
}
req, _ := http.NewRequest("GET", "/v1/agent/self", nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
add ability to specify response headers on the HTTP API Add an config object that allows adding HTTP header response fields to every HTTP API response. Each specified header is added to every response from all HTTP API endpoints. Each individual endpoint may overwrite the specified header, which makes sure that Consul headers such as 'X-Consul-Index' is enforced by the API.
2014-12-28 04:53:19 +00:00
origin := resp.Header().Get("Access-Control-Allow-Origin")
if origin != "*" {
t.Fatalf("bad Access-Control-Allow-Origin: expected %q, got %q", "*", origin)
}
xss := resp.Header().Get("X-XSS-Protection")
if xss != "1; mode=block" {
t.Fatalf("bad X-XSS-Protection header: expected %q, got %q", "1; mode=block", xss)
}
}
HTTP: add content-type: application/json header
2014-04-17 18:38:14 +00:00
func TestContentTypeIsJSON(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), "")
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
HTTP: add content-type: application/json header
2014-04-17 18:38:14 +00:00
resp := httptest.NewRecorder()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
// stub out a DirEntry so that it will be encoded as JSON
return &structs.DirEntry{Key: "key"}, nil
}
req, _ := http.NewRequest("GET", "/v1/kv/key", nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
HTTP: add content-type: application/json header
2014-04-17 18:38:14 +00:00
contentType := resp.Header().Get("Content-Type")
if contentType != "application/json" {
t.Fatalf("Content-Type header was not 'application/json'")
}
}
agent: hide tokens from logs and monitor
2015-04-12 18:17:31 +00:00
func TestHTTP_wrap_obfuscateLog(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
buf := new(bytes.Buffer)
a := &TestAgent{Name: t.Name(), LogOutput: buf}
a.Start()
defer a.Shutdown()
agent: hide tokens from logs and monitor
2015-04-12 18:17:31 +00:00
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return nil, nil
}
Obfuscates ACL tokens appearing in /v1/acl/<verb>/<token> APIs. (#3276) * Obfuscates ACL tokens appearing in /v1/acl APIs. * Makes test positively identify the desired strings. * Adds an example and explanation of the regular expression.
2017-07-15 07:07:08 +00:00
for _, pair := range [][]string{
{
"/some/url?token=secret1&token=secret2",
"/some/url?token=<hidden>&token=<hidden>",
},
{
"/v1/acl/clone/secret1",
"/v1/acl/clone/<hidden>",
},
{
"/v1/acl/clone/secret1?token=secret2",
"/v1/acl/clone/<hidden>?token=<hidden>",
},
{
"/v1/acl/destroy/secret1",
"/v1/acl/destroy/<hidden>",
},
{
"/v1/acl/destroy/secret1?token=secret2",
"/v1/acl/destroy/<hidden>?token=<hidden>",
},
{
"/v1/acl/info/secret1",
"/v1/acl/info/<hidden>",
},
{
"/v1/acl/info/secret1?token=secret2",
"/v1/acl/info/<hidden>?token=<hidden>",
},
} {
url, want := pair[0], pair[1]
t.Run(url, func(t *testing.T) {
resp := httptest.NewRecorder()
req, _ := http.NewRequest("GET", url, nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
Obfuscates ACL tokens appearing in /v1/acl/<verb>/<token> APIs. (#3276) * Obfuscates ACL tokens appearing in /v1/acl APIs. * Makes test positively identify the desired strings. * Adds an example and explanation of the regular expression.
2017-07-15 07:07:08 +00:00
if got := buf.String(); !strings.Contains(got, want) {
t.Fatalf("got %s want %s", got, want)
}
})
agent: hide tokens from logs and monitor
2015-04-12 18:17:31 +00:00
}
}
agent: test pretty printed json
2015-01-01 22:27:10 +00:00
func TestPrettyPrint(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
Test both ?pretty both bare and with value.
2015-01-02 08:14:44 +00:00
testPrettyPrint("pretty=1", t)
}
func TestPrettyPrintBare(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
Test both ?pretty both bare and with value.
2015-01-02 08:14:44 +00:00
testPrettyPrint("pretty", t)
}
func testPrettyPrint(pretty string, t *testing.T) {
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), "")
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
agent: test pretty printed json
2015-01-01 22:27:10 +00:00
r := &structs.DirEntry{Key: "key"}
resp := httptest.NewRecorder()
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
return r, nil
}
Test both ?pretty both bare and with value.
2015-01-02 08:14:44 +00:00
urlStr := "/v1/kv/key?" + pretty
req, _ := http.NewRequest("GET", urlStr, nil)
Support OPTIONS requests - register endpoints with supported methods - support OPTIONS requests, indicating supported methods - extract method validation (error 405) from individual endpoints - on 405 where multiple methods are allowed, create a single Allow header with comma-separated values, not multiple Allow headers.
2018-02-12 05:28:20 +00:00
a.srv.wrap(handler, []string{"GET"})(resp, req)
agent: test pretty printed json
2015-01-01 22:27:10 +00:00
expected, _ := json.MarshalIndent(r, "", " ")
Terminates pretty responses with a newline.
2016-05-10 21:37:05 +00:00
expected = append(expected, "\n"...)
agent: test pretty printed json
2015-01-01 22:27:10 +00:00
actual, err := ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatalf("err: %s", err)
}
if !bytes.Equal(expected, actual) {
t.Fatalf("bad: %q", string(actual))
}
}
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
func TestParseSource(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), "")
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
defer a.Shutdown()
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
// Default is agent's DC and no node (since the user didn't care, then
// just give them the cheapest possible query).
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
source := structs.QuerySource{}
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
a.srv.parseSource(req, &source)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
if source.Datacenter != "dc1" || source.Node != "" {
t.Fatalf("bad: %v", source)
}
// Adding the source parameter should set that node.
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ = http.NewRequest("GET", "/v1/catalog/nodes?near=bob", nil)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
source = structs.QuerySource{}
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
a.srv.parseSource(req, &source)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
if source.Datacenter != "dc1" || source.Node != "bob" {
t.Fatalf("bad: %v", source)
}
// We should follow whatever dc parameter was given so that the node is
// looked up correctly on the receiving end.
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ = http.NewRequest("GET", "/v1/catalog/nodes?near=bob&dc=foo", nil)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
source = structs.QuerySource{}
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
a.srv.parseSource(req, &source)
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
if source.Datacenter != "foo" || source.Node != "bob" {
t.Fatalf("bad: %v", source)
}
Adds a magic "self" node name to distance queries.
2015-07-24 21:30:53 +00:00
Changes ?near=self to a safer ?near=_agent, which is also clearer about what it does.
2015-07-28 17:39:37 +00:00
// The magic "_agent" node name will use the agent's local node name.
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ = http.NewRequest("GET", "/v1/catalog/nodes?near=_agent", nil)
Adds a magic "self" node name to distance queries.
2015-07-24 21:30:53 +00:00
source = structs.QuerySource{}
agent: refactor tests for TestAgent Refactored tests that use * makeAgentXXX * makeDNSServerXXX * makeHTTPServerXXX
2017-05-21 07:11:09 +00:00
a.srv.parseSource(req, &source)
if source.Datacenter != "dc1" || source.Node != a.Config.NodeName {
Adds a magic "self" node name to distance queries.
2015-07-24 21:30:53 +00:00
t.Fatalf("bad: %v", source)
}
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-06-30 21:25:40 +00:00
}
Support Agent Caching for Service Discovery Results (#4541) * Add cache types for catalog/services and health/services and basic test that caching works * Support non-blocking cache types with Cache-Control semantics. * Update API docs to include caching info for every endpoint. * Comment updates per PR feedback. * Add note on caching to the 10,000 foot view on the architecture page to make the new data path more clear. * Document prepared query staleness quirk and force all background requests to AllowStale so we can spread service discovery load across servers.
2018-09-06 10:34:28 +00:00
func TestParseCacheControl(t *testing.T) {
tests := []struct {
name string
headerVal string
want structs.QueryOptions
wantErr bool
}{
{
name: "empty header",
headerVal: "",
want: structs.QueryOptions{},
wantErr: false,
},
{
name: "simple max-age",
headerVal: "max-age=30",
want: structs.QueryOptions{
MaxAge: 30 * time.Second,
},
wantErr: false,
},
{
name: "zero max-age",
headerVal: "max-age=0",
want: structs.QueryOptions{
MustRevalidate: true,
},
wantErr: false,
},
{
name: "must-revalidate",
headerVal: "must-revalidate",
want: structs.QueryOptions{
MustRevalidate: true,
},
wantErr: false,
},
{
name: "mixes age, must-revalidate",
headerVal: "max-age=123, must-revalidate",
want: structs.QueryOptions{
MaxAge: 123 * time.Second,
MustRevalidate: true,
},
wantErr: false,
},
{
name: "quoted max-age",
headerVal: "max-age=\"30\"",
want: structs.QueryOptions{},
wantErr: true,
},
{
name: "mixed case max-age",
headerVal: "Max-Age=30",
want: structs.QueryOptions{
MaxAge: 30 * time.Second,
},
wantErr: false,
},
{
name: "simple stale-if-error",
headerVal: "stale-if-error=300",
want: structs.QueryOptions{
StaleIfError: 300 * time.Second,
},
wantErr: false,
},
{
name: "combined with space",
headerVal: "max-age=30, stale-if-error=300",
want: structs.QueryOptions{
MaxAge: 30 * time.Second,
StaleIfError: 300 * time.Second,
},
wantErr: false,
},
{
name: "combined no space",
headerVal: "stale-IF-error=300,max-age=30",
want: structs.QueryOptions{
MaxAge: 30 * time.Second,
StaleIfError: 300 * time.Second,
},
wantErr: false,
},
{
name: "unsupported directive",
headerVal: "no-cache",
want: structs.QueryOptions{},
wantErr: false,
},
{
name: "mixed unsupported directive",
headerVal: "no-cache, max-age=120",
want: structs.QueryOptions{
MaxAge: 120 * time.Second,
},
wantErr: false,
},
{
name: "garbage value",
headerVal: "max-age=\"I'm not, an int\"",
want: structs.QueryOptions{},
wantErr: true,
},
{
name: "garbage value with quotes",
headerVal: "max-age=\"I'm \\\"not an int\"",
want: structs.QueryOptions{},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
require := require.New(t)
r, _ := http.NewRequest("GET", "/foo/bar", nil)
if tt.headerVal != "" {
r.Header.Set("Cache-Control", tt.headerVal)
}
rr := httptest.NewRecorder()
var got structs.QueryOptions
failed := parseCacheControl(rr, r, &got)
if tt.wantErr {
require.True(failed)
require.Equal(http.StatusBadRequest, rr.Code)
} else {
require.False(failed)
}
require.Equal(tt.want, got)
})
}
}
agent: adding more tests
2014-02-05 22:47:42 +00:00
func TestParseWait(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: adding more tests
2014-02-05 22:47:42 +00:00
resp := httptest.NewRecorder()
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
var b structs.QueryOptions
agent: adding more tests
2014-02-05 22:47:42 +00:00
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes?wait=60s&index=1000", nil)
agent: adding more tests
2014-02-05 22:47:42 +00:00
if d := parseWait(resp, req, &b); d {
t.Fatalf("unexpected done")
}
if b.MinQueryIndex != 1000 {
t.Fatalf("Bad: %v", b)
}
if b.MaxQueryTime != 60*time.Second {
t.Fatalf("Bad: %v", b)
}
}
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
2018-10-17 20:20:35 +00:00
func TestPProfHandlers_EnableDebug(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), "enable_debug = true")
defer a.Shutdown()
resp := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/debug/pprof/profile", nil)
a.srv.Handler.ServeHTTP(resp, req)
require.Equal(http.StatusOK, resp.Code)
}
func TestPProfHandlers_DisableDebugNoACLs(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), "enable_debug = false")
defer a.Shutdown()
resp := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/debug/pprof/profile", nil)
a.srv.Handler.ServeHTTP(resp, req)
require.Equal(http.StatusUnauthorized, resp.Code)
}
func TestPProfHandlers_ACLs(t *testing.T) {
t.Parallel()
assert := assert.New(t)
dc1 := "dc1"
a := NewTestAgent(t.Name(), `
acl_datacenter = "`+dc1+`"
acl_default_policy = "deny"
acl_master_token = "master"
acl_agent_token = "agent"
acl_agent_master_token = "towel"
acl_enforce_version_8 = true
enable_debug = false
`)
cases := []struct {
code int
token string
endpoint string
nilResponse bool
}{
{
code: http.StatusOK,
token: "master",
endpoint: "/debug/pprof/heap",
nilResponse: false,
},
{
code: http.StatusForbidden,
token: "agent",
endpoint: "/debug/pprof/heap",
nilResponse: true,
},
{
code: http.StatusForbidden,
token: "agent",
endpoint: "/debug/pprof/",
nilResponse: true,
},
{
code: http.StatusForbidden,
token: "",
endpoint: "/debug/pprof/",
nilResponse: true,
},
{
code: http.StatusOK,
token: "master",
endpoint: "/debug/pprof/heap",
nilResponse: false,
},
{
code: http.StatusForbidden,
token: "towel",
endpoint: "/debug/pprof/heap",
nilResponse: true,
},
}
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
for i, c := range cases {
t.Run(fmt.Sprintf("case %d (%#v)", i, c), func(t *testing.T) {
req, _ := http.NewRequest("GET", fmt.Sprintf("%s?token=%s", c.endpoint, c.token), nil)
resp := httptest.NewRecorder()
a.srv.Handler.ServeHTTP(resp, req)
assert.Equal(c.code, resp.Code)
})
}
}
agent: adding more tests
2014-02-05 22:47:42 +00:00
func TestParseWait_InvalidTime(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: adding more tests
2014-02-05 22:47:42 +00:00
resp := httptest.NewRecorder()
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
var b structs.QueryOptions
agent: adding more tests
2014-02-05 22:47:42 +00:00
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes?wait=60foo&index=1000", nil)
agent: adding more tests
2014-02-05 22:47:42 +00:00
if d := parseWait(resp, req, &b); !d {
t.Fatalf("expected done")
}
if resp.Code != 400 {
t.Fatalf("bad code: %v", resp.Code)
}
}
func TestParseWait_InvalidIndex(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: adding more tests
2014-02-05 22:47:42 +00:00
resp := httptest.NewRecorder()
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
var b structs.QueryOptions
agent: adding more tests
2014-02-05 22:47:42 +00:00
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes?wait=60s&index=foo", nil)
agent: adding more tests
2014-02-05 22:47:42 +00:00
if d := parseWait(resp, req, &b); !d {
t.Fatalf("expected done")
}
if resp.Code != 400 {
t.Fatalf("bad code: %v", resp.Code)
}
}
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
func TestParseConsistency(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
resp := httptest.NewRecorder()
Revert "agent: add allowStale option for HTTP API (#3142)" This reverts commit 1e0fd27a74f5b18775ce91a84310430de35a4a80.
2017-06-27 05:04:55 +00:00
var b structs.QueryOptions
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
Revert "agent: add allowStale option for HTTP API (#3142)" This reverts commit 1e0fd27a74f5b18775ce91a84310430de35a4a80.
2017-06-27 05:04:55 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes?stale", nil)
Adds discovery_max_stale (#4004) Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 15:14:44 +00:00
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
if d := a.srv.parseConsistency(resp, req, &b); d {
Revert "agent: add allowStale option for HTTP API (#3142)" This reverts commit 1e0fd27a74f5b18775ce91a84310430de35a4a80.
2017-06-27 05:04:55 +00:00
t.Fatalf("unexpected done")
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
}
Revert "agent: add allowStale option for HTTP API (#3142)" This reverts commit 1e0fd27a74f5b18775ce91a84310430de35a4a80.
2017-06-27 05:04:55 +00:00
if !b.AllowStale {
t.Fatalf("Bad: %v", b)
}
if b.RequireConsistent {
t.Fatalf("Bad: %v", b)
}
b = structs.QueryOptions{}
req, _ = http.NewRequest("GET", "/v1/catalog/nodes?consistent", nil)
Adds discovery_max_stale (#4004) Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 15:14:44 +00:00
if d := a.srv.parseConsistency(resp, req, &b); d {
Revert "agent: add allowStale option for HTTP API (#3142)" This reverts commit 1e0fd27a74f5b18775ce91a84310430de35a4a80.
2017-06-27 05:04:55 +00:00
t.Fatalf("unexpected done")
}
if b.AllowStale {
t.Fatalf("Bad: %v", b)
}
if !b.RequireConsistent {
t.Fatalf("Bad: %v", b)
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
}
}
Adds discovery_max_stale (#4004) Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 15:14:44 +00:00
// ensureConsistency check if consistency modes are correctly applied
// if maxStale < 0 => stale, without MaxStaleDuration
// if maxStale == 0 => no stale
// if maxStale > 0 => stale + check duration
func ensureConsistency(t *testing.T, a *TestAgent, path string, maxStale time.Duration, requireConsistent bool) {
t.Helper()
req, _ := http.NewRequest("GET", path, nil)
var b structs.QueryOptions
resp := httptest.NewRecorder()
if d := a.srv.parseConsistency(resp, req, &b); d {
t.Fatalf("unexpected done")
}
allowStale := maxStale.Nanoseconds() != 0
if b.AllowStale != allowStale {
t.Fatalf("Bad Allow Stale")
}
if maxStale > 0 && b.MaxStaleDuration != maxStale {
t.Fatalf("Bad MaxStaleDuration: %d VS expected %d", b.MaxStaleDuration, maxStale)
}
if b.RequireConsistent != requireConsistent {
t.Fatal("Bad Consistent")
}
}
func TestParseConsistencyAndMaxStale(t *testing.T) {
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
// Default => Consistent
a.config.DiscoveryMaxStale = time.Duration(0)
ensureConsistency(t, a, "/v1/catalog/nodes", 0, false)
// Stale, without MaxStale
ensureConsistency(t, a, "/v1/catalog/nodes?stale", -1, false)
// Override explicitly
ensureConsistency(t, a, "/v1/catalog/nodes?max_stale=3s", 3*time.Second, false)
ensureConsistency(t, a, "/v1/catalog/nodes?stale&max_stale=3s", 3*time.Second, false)
// stale by defaul on discovery
a.config.DiscoveryMaxStale = time.Duration(7 * time.Second)
ensureConsistency(t, a, "/v1/catalog/nodes", a.config.DiscoveryMaxStale, false)
// Not in KV
ensureConsistency(t, a, "/v1/kv/my/path", 0, false)
// DiscoveryConsistencyLevel should apply
ensureConsistency(t, a, "/v1/health/service/one", a.config.DiscoveryMaxStale, false)
ensureConsistency(t, a, "/v1/catalog/service/one", a.config.DiscoveryMaxStale, false)
ensureConsistency(t, a, "/v1/catalog/services", a.config.DiscoveryMaxStale, false)
// Query path should be taken into account
ensureConsistency(t, a, "/v1/catalog/services?consistent", 0, true)
// Since stale is added, no MaxStale should be applied
ensureConsistency(t, a, "/v1/catalog/services?stale", -1, false)
ensureConsistency(t, a, "/v1/catalog/services?leader", 0, false)
}
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
func TestParseConsistency_Invalid(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
resp := httptest.NewRecorder()
var b structs.QueryOptions
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes?stale&consistent", nil)
Adds discovery_max_stale (#4004) Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 15:14:44 +00:00
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
if d := a.srv.parseConsistency(resp, req, &b); !d {
agent: Adding HTTP tests for new features
2014-04-21 20:19:18 +00:00
t.Fatalf("expected done")
}
if resp.Code != 400 {
t.Fatalf("bad code: %v", resp.Code)
}
}
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
// Test ACL token is resolved in correct order
func TestACLResolution(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
var token string
// Request without token
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
req, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
// Request with explicit token
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
reqToken, _ := http.NewRequest("GET", "/v1/catalog/nodes?token=foo", nil)
Add HTTP request header X-Consul-Token Add support for an X-Consul-Token HTTP request header to specify the token with which this request should be fulfilled. The header would have precedence over the responding Agent's default token, but would have lower precedence than a token specified in the query string.
2015-10-19 13:59:24 +00:00
// Request with header token only
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
reqHeaderToken, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
Add HTTP request header X-Consul-Token Add support for an X-Consul-Token HTTP request header to specify the token with which this request should be fulfilled. The header would have precedence over the responding Agent's default token, but would have lower precedence than a token specified in the query string.
2015-10-19 13:59:24 +00:00
reqHeaderToken.Header.Add("X-Consul-Token", "bar")
// Request with header and querystring tokens
test: drop error check on http.NewRequest Most URLs are static so the error check is redundant. The subsequent test wouldn't work if the url is wrong.
2017-05-09 11:38:05 +00:00
reqBothTokens, _ := http.NewRequest("GET", "/v1/catalog/nodes?token=baz", nil)
Add HTTP request header X-Consul-Token Add support for an X-Consul-Token HTTP request header to specify the token with which this request should be fulfilled. The header would have precedence over the responding Agent's default token, but would have lower precedence than a token specified in the query string.
2015-10-19 13:59:24 +00:00
reqBothTokens.Header.Add("X-Consul-Token", "zap")
Fixes #4483: Add support for Authorization: Bearer token Header (#4502) Added Authorization Bearer token support as per RFC6750 * appended Authorization header token parsing after X-Consul-Token * added test cases * updated website documentation to mention Authorization header * improve tests, improve Bearer parsing
2018-08-17 20:18:42 +00:00
// Request with Authorization Bearer token
reqAuthBearerToken, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerToken.Header.Add("Authorization", "Bearer bearer-token")
// Request with invalid Authorization scheme
reqAuthBearerInvalidScheme, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerInvalidScheme.Header.Add("Authorization", "Beer")
// Request with empty Authorization Bearer token
reqAuthBearerTokenEmpty, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerTokenEmpty.Header.Add("Authorization", "Bearer")
// Request with empty Authorization Bearer token
reqAuthBearerTokenInvalid, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerTokenInvalid.Header.Add("Authorization", "Bearertoken")
// Request with more than one space between Bearer and token
reqAuthBearerTokenMultiSpaces, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerTokenMultiSpaces.Header.Add("Authorization", "Bearer bearer-token")
// Request with Authorization Bearer token containing spaces
reqAuthBearerTokenSpaces, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerTokenSpaces.Header.Add("Authorization", "Bearer bearer-token "+
" the rest is discarded ")
// Request with Authorization Bearer and querystring token
reqAuthBearerAndQsToken, _ := http.NewRequest("GET", "/v1/catalog/nodes?token=qstoken", nil)
reqAuthBearerAndQsToken.Header.Add("Authorization", "Bearer bearer-token")
// Request with Authorization Bearer and X-Consul-Token header token
reqAuthBearerAndXToken, _ := http.NewRequest("GET", "/v1/catalog/nodes", nil)
reqAuthBearerAndXToken.Header.Add("X-Consul-Token", "xtoken")
reqAuthBearerAndXToken.Header.Add("Authorization", "Bearer bearer-token")
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), "")
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
defer a.Shutdown()
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
// Check when no token is set
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
a.tokens.UpdateUserToken("")
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
a.srv.parseToken(req, &token)
if token != "" {
t.Fatalf("bad: %s", token)
}
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
// Check when ACLToken set
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
a.tokens.UpdateUserToken("agent")
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
a.srv.parseToken(req, &token)
if token != "agent" {
t.Fatalf("bad: %s", token)
}
Add HTTP request header X-Consul-Token Add support for an X-Consul-Token HTTP request header to specify the token with which this request should be fulfilled. The header would have precedence over the responding Agent's default token, but would have lower precedence than a token specified in the query string.
2015-10-19 13:59:24 +00:00
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
// Explicit token has highest precedence
a.srv.parseToken(reqToken, &token)
if token != "foo" {
t.Fatalf("bad: %s", token)
}
Add HTTP request header X-Consul-Token Add support for an X-Consul-Token HTTP request header to specify the token with which this request should be fulfilled. The header would have precedence over the responding Agent's default token, but would have lower precedence than a token specified in the query string.
2015-10-19 13:59:24 +00:00
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
// Header token has precedence over agent token
a.srv.parseToken(reqHeaderToken, &token)
if token != "bar" {
t.Fatalf("bad: %s", token)
}
// Querystring token has precedence over header and agent tokens
a.srv.parseToken(reqBothTokens, &token)
if token != "baz" {
t.Fatalf("bad: %s", token)
}
Fixes #4483: Add support for Authorization: Bearer token Header (#4502) Added Authorization Bearer token support as per RFC6750 * appended Authorization header token parsing after X-Consul-Token * added test cases * updated website documentation to mention Authorization header * improve tests, improve Bearer parsing
2018-08-17 20:18:42 +00:00
//
// Authorization Bearer token tests
//
// Check if Authorization bearer token header is parsed correctly
a.srv.parseToken(reqAuthBearerToken, &token)
if token != "bearer-token" {
t.Fatalf("bad: %s", token)
}
// Check Authorization Bearer scheme invalid
a.srv.parseToken(reqAuthBearerInvalidScheme, &token)
if token != "agent" {
t.Fatalf("bad: %s", token)
}
// Check if Authorization Bearer token is empty
a.srv.parseToken(reqAuthBearerTokenEmpty, &token)
if token != "agent" {
t.Fatalf("bad: %s", token)
}
// Check if the Authorization Bearer token is invalid
a.srv.parseToken(reqAuthBearerTokenInvalid, &token)
if token != "agent" {
t.Fatalf("bad: %s", token)
}
// Check multi spaces between Authorization Bearer and token value
a.srv.parseToken(reqAuthBearerTokenMultiSpaces, &token)
if token != "bearer-token" {
t.Fatalf("bad: %s", token)
}
// Check if Authorization Bearer token with spaces is parsed correctly
a.srv.parseToken(reqAuthBearerTokenSpaces, &token)
if token != "bearer-token" {
t.Fatalf("bad: %s", token)
}
// Check if explicit token has precedence over Authorization bearer token
a.srv.parseToken(reqAuthBearerAndQsToken, &token)
if token != "qstoken" {
t.Fatalf("bad: %s", token)
}
// Check if X-Consul-Token has precedence over Authorization bearer token
a.srv.parseToken(reqAuthBearerAndXToken, &token)
if token != "xtoken" {
t.Fatalf("bad: %s", token)
}
agent: Test ACL token resolution
2015-02-06 22:38:01 +00:00
}
agent: static UI is configurable
2015-12-22 17:30:19 +00:00
func TestEnableWebUI(t *testing.T) {
test: run agent tests in parallel This brings down the test run from 108 sec to 15 sec. There is an occasional port conflict because of the nature the next port is chosen. So far it seems rare enough to live with it.
2017-05-21 07:54:40 +00:00
t.Parallel()
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
a := NewTestAgent(t.Name(), `
Renames `enable_ui` to `ui` to keep compatibility with existing configs.
2017-09-26 06:58:54 +00:00
ui = true
New config parser, HCL support, multiple bind addrs (#3480) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt
2017-09-25 18:40:42 +00:00
`)
test: refactor httpTest with TestAgent
2017-05-21 18:31:20 +00:00
defer a.Shutdown()
req, _ := http.NewRequest("GET", "/ui/", nil)
resp := httptest.NewRecorder()
a.srv.Handler.ServeHTTP(resp, req)
if resp.Code != 200 {
t.Fatalf("should handle ui")
}
agent: static UI is configurable
2015-12-22 17:30:19 +00:00
}
Handle resolving proxy tokens when parsing HTTP requests (#4453) Fixes: #4441 This fixes the issue with Connect Managed Proxies + ACLs being broken. The underlying problem was that the token parsed for most http endpoints was sent untouched to the servers via the RPC request. These changes make it so that at the HTTP endpoint when parsing the token we additionally attempt to convert potential proxy tokens into regular tokens before sending to the RPC endpoint. Proxy tokens are only valid on the agent with the managed proxy so the resolution has to happen before it gets forwarded anywhere.
2018-07-30 13:11:51 +00:00
func TestParseToken_ProxyTokenResolve(t *testing.T) {
t.Parallel()
type endpointCheck struct {
endpoint string
handler func(s *HTTPServer, resp http.ResponseWriter, req *http.Request) (interface{}, error)
}
// This is not an exhaustive list of all of our endpoints and is only testing GET endpoints
// right now. However it provides decent coverage that the proxy token resolution
// is happening properly
tests := []endpointCheck{
{"/v1/acl/info/root", (*HTTPServer).ACLGet},
{"/v1/agent/self", (*HTTPServer).AgentSelf},
{"/v1/agent/metrics", (*HTTPServer).AgentMetrics},
{"/v1/agent/services", (*HTTPServer).AgentServices},
{"/v1/agent/checks", (*HTTPServer).AgentChecks},
{"/v1/agent/members", (*HTTPServer).AgentMembers},
{"/v1/agent/connect/ca/roots", (*HTTPServer).AgentConnectCARoots},
{"/v1/agent/connect/ca/leaf/test", (*HTTPServer).AgentConnectCALeafCert},
{"/v1/agent/connect/ca/proxy/test", (*HTTPServer).AgentConnectProxyConfig},
{"/v1/catalog/connect", (*HTTPServer).CatalogConnectServiceNodes},
{"/v1/catalog/datacenters", (*HTTPServer).CatalogDatacenters},
{"/v1/catalog/nodes", (*HTTPServer).CatalogNodes},
{"/v1/catalog/node/" + t.Name(), (*HTTPServer).CatalogNodeServices},
{"/v1/catalog/services", (*HTTPServer).CatalogServices},
{"/v1/catalog/service/test", (*HTTPServer).CatalogServiceNodes},
{"/v1/connect/ca/configuration", (*HTTPServer).ConnectCAConfiguration},
{"/v1/connect/ca/roots", (*HTTPServer).ConnectCARoots},
{"/v1/connect/intentions", (*HTTPServer).IntentionEndpoint},
{"/v1/coordinate/datacenters", (*HTTPServer).CoordinateDatacenters},
{"/v1/coordinate/nodes", (*HTTPServer).CoordinateNodes},
{"/v1/coordinate/node/" + t.Name(), (*HTTPServer).CoordinateNode},
{"/v1/event/list", (*HTTPServer).EventList},
{"/v1/health/node/" + t.Name(), (*HTTPServer).HealthNodeChecks},
{"/v1/health/checks/test", (*HTTPServer).HealthNodeChecks},
{"/v1/health/state/passing", (*HTTPServer).HealthChecksInState},
{"/v1/health/service/test", (*HTTPServer).HealthServiceNodes},
{"/v1/health/connect/test", (*HTTPServer).HealthConnectServiceNodes},
{"/v1/operator/raft/configuration", (*HTTPServer).OperatorRaftConfiguration},
// keyring endpoint has issues with returning errors if you haven't enabled encryption
// {"/v1/operator/keyring", (*HTTPServer).OperatorKeyringEndpoint},
{"/v1/operator/autopilot/configuration", (*HTTPServer).OperatorAutopilotConfiguration},
{"/v1/operator/autopilot/health", (*HTTPServer).OperatorServerHealth},
{"/v1/query", (*HTTPServer).PreparedQueryGeneral},
{"/v1/session/list", (*HTTPServer).SessionList},
{"/v1/status/leader", (*HTTPServer).StatusLeader},
{"/v1/status/peers", (*HTTPServer).StatusPeers},
}
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
{
reg := &structs.ServiceDefinition{
ID: "test-id",
Name: "test",
Address: "127.0.0.1",
Port: 8000,
Check: structs.CheckType{
TTL: 15 * time.Second,
},
Connect: &structs.ServiceConnect{
Proxy: &structs.ServiceDefinitionConnectProxy{},
},
}
req, _ := http.NewRequest("PUT", "/v1/agent/service/register?token=root", jsonReader(reg))
resp := httptest.NewRecorder()
_, err := a.srv.AgentRegisterService(resp, req)
require.NoError(t, err)
require.Equal(t, 200, resp.Code, "body: %s", resp.Body.String())
}
// Get the proxy token from the agent directly, since there is no API.
proxy := a.State.Proxy("test-id-proxy")
require.NotNil(t, proxy)
token := proxy.ProxyToken
require.NotEmpty(t, token)
for _, check := range tests {
t.Run(fmt.Sprintf("GET(%s)", check.endpoint), func(t *testing.T) {
req, _ := http.NewRequest("GET", fmt.Sprintf("%s?token=%s", check.endpoint, token), nil)
resp := httptest.NewRecorder()
_, err := check.handler(a.srv, resp, req)
require.NoError(t, err)
})
}
}
[Security] Allow blocking Write endpoints on Agent using Network Addresses (#4719) * Add -write-allowed-nets option * Add documentation for the new write_allowed_nets option
2019-01-10 14:27:26 +00:00
func TestAllowedNets(t *testing.T) {
type testVal struct {
nets []string
ip string
expected bool
}
for _, v := range []testVal{
{
ip: "156.124.222.351",
expected: true,
},
{
ip: "[::2]",
expected: true,
},
{
nets: []string{"0.0.0.0/0"},
ip: "115.124.32.64",
expected: true,
},
{
nets: []string{"::0/0"},
ip: "[::3]",
expected: true,
},
{
nets: []string{"127.0.0.1/8"},
ip: "127.0.0.1",
expected: true,
},
{
nets: []string{"127.0.0.1/8"},
ip: "128.0.0.1",
expected: false,
},
{
nets: []string{"::1/8"},
ip: "[::1]",
expected: true,
},
{
nets: []string{"255.255.255.255/32"},
ip: "127.0.0.1",
expected: false,
},
{
nets: []string{"255.255.255.255/32", "127.0.0.1/8"},
ip: "127.0.0.1",
expected: true,
},
} {
var nets []*net.IPNet
for _, n := range v.nets {
_, in, err := net.ParseCIDR(n)
if err != nil {
t.Fatal(err)
}
nets = append(nets, in)
}
a := &TestAgent{
Name: t.Name(),
}
a.Start()
defer a.Shutdown()
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
a.config.AllowWriteHTTPFrom = nets
err := a.srv.checkWriteAccess(&http.Request{
Method: http.MethodPost,
RemoteAddr: fmt.Sprintf("%s:16544", v.ip),
})
actual := err == nil
if actual != v.expected {
t.Fatalf("bad checkWriteAccess for values %+v, got %v", v, err)
}
_, isForbiddenErr := err.(ForbiddenError)
if err != nil && !isForbiddenErr {
t.Fatalf("expected ForbiddenError but got: %s", err)
}
}
}
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
// assertIndex tests that X-Consul-Index is set and non-zero
func assertIndex(t *testing.T, resp *httptest.ResponseRecorder) {
header := resp.Header().Get("X-Consul-Index")
if header == "" || header == "0" {
t.Fatalf("Bad: %v", header)
}
}
agent: Improving test reliability
2014-05-21 19:31:22 +00:00
// checkIndex is like assertIndex but returns an error
func checkIndex(resp *httptest.ResponseRecorder) error {
header := resp.Header().Get("X-Consul-Index")
if header == "" || header == "0" {
return fmt.Errorf("Bad: %v", header)
}
return nil
}
agent: Updating tests for new API
2014-04-21 20:11:05 +00:00
// getIndex parses X-Consul-Index
func getIndex(t *testing.T, resp *httptest.ResponseRecorder) uint64 {
header := resp.Header().Get("X-Consul-Index")
if header == "" {
t.Fatalf("Bad: %v", header)
}
val, err := strconv.Atoi(header)
if err != nil {
t.Fatalf("Bad: %v", header)
}
return uint64(val)
}
agent: Session endpoint tests
2014-05-19 18:29:50 +00:00
test: inline request body encoding
2017-05-09 16:58:12 +00:00
func jsonReader(v interface{}) io.Reader {
if v == nil {
return nil
}
b := new(bytes.Buffer)
if err := json.NewEncoder(b).Encode(v); err != nil {
panic(err)
}
return b
}