Commit Graph

299 Commits

Author SHA1 Message Date
cskh 4bc1e19629
upgrade test: consolidate resolver test cases (#16443) 2023-02-27 20:38:31 +00:00
sarahalsmiller 2c942b089e
Basic gobased API gateway spinup test (#16278)
* wip, proof of concept, gateway service being registered, don't know how to hit it

* checkpoint

* Fix up API Gateway go tests (#16297)

* checkpoint, getting InvalidDiscoveryChain route protocol does not match targeted service protocol

* checkpoint

* httproute hittable

* tests working, one header test failing

* differentiate services by status code, minor cleanup

* working tests

* updated GetPort interface

* fix getport

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-02-24 15:57:44 -05:00
Anita Akaeze 4f3bfdbb91
NO_JIRA: refactor validate function in traffic mgt tests (#16422) 2023-02-24 14:34:14 -05:00
Semir Patel 840497933e
Try DRYing up createCluster in integration tests (#16199) 2023-02-23 16:51:20 -06:00
Anita Akaeze cfc546eeec
NET-2286: Add tests to verify traffic redirects between services (#16390) 2023-02-23 17:28:42 -05:00
cskh e1110bbb1d
upgrade test: peering with resolver and failover (#16391) 2023-02-23 12:53:56 -05:00
Eric Haberkorn be0eda24c9
Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
Anita Akaeze 518974934f
NET-2285: Assert total number of expected instances by Consul (#16371) 2023-02-22 15:43:20 -05:00
Anita Akaeze 29c56a1b5e
initial code (#16296) 2023-02-22 12:52:14 -05:00
Derek Menteer b0a97756bf
Upgrade Alpine image to 3.17 (#16358) 2023-02-22 10:09:41 -06:00
cskh d500380169
upgrade test: splitter and resolver config entry in peered cluster (#16356) 2023-02-22 10:22:25 -05:00
Andrew Stucki 4a6e879ba5
[API Gateway] Fix targeting service splitters in HTTPRoutes (#16350)
* [API Gateway] Fix targeting service splitters in HTTPRoutes

* Fix test description
2023-02-22 03:48:26 +00:00
Andrew Stucki 7685c14885
[API Gateway] Validate listener name is not empty (#16340)
* [API Gateway] Validate listener name is not empty

* Update docstrings and test
2023-02-21 14:12:19 -05:00
wangxinyi7 588c5a3ddf
fix flakieness (#16338) 2023-02-21 08:47:11 -08:00
Dan Stough 29497be7e8
[OSS] security: update go to 1.20.1 (#16263)
* security: update go to 1.20.1
2023-02-17 15:04:12 -05:00
Andrew Stucki 3a5981ab98
Fix hostname alignment checks for HTTPRoutes (#16300)
* Fix hostname alignment checks for HTTPRoutes
2023-02-17 18:18:11 +00:00
Andrew Stucki c8e5a1a684
Inline API Gateway TLS cert code (#16295)
* Include secret type when building resources from config snapshot

* First pass at generating envoy secrets from api-gateway snapshot

* Update comments for xDS update order

* Add secret type + corresponding golden files to existing tests

* Initialize test helpers for testing api-gateway resource generation

* Generate golden files for new api-gateway xDS resource test

* Support ADS for TLS certificates on api-gateway

* Configure TLS on api-gateway listeners

* Inline TLS cert code

* update tests

* Add SNI support so we can have multiple certificates

* Remove commented out section from helper

* regen deep-copy

* Add tcp tls test

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-02-17 12:46:03 -05:00
Nitya Dhanushkodi 9d255fe057
troubleshoot: fixes and updated messages (#16294) 2023-02-17 07:43:05 -08:00
Thomas Eckert c66f9ebf39
API Gateway Envoy Golden Listener Tests (#16221)
* Simple API Gateway e2e test for tcp routes

* Drop DNSSans since we don't front the Gateway with a leaf cert

* WIP listener tests for api-gateway

* Return early if no routes

* Add back in leaf cert to testing

* Fix merge conflicts

* Re-add kind to setup

* Fix iteration over listener upstreams

* New tcp listener test

* Add tests for API Gateway with TCP and HTTP routes

* Move zero-route check back

* Drop generateIngressDNSSANs

* Check for chains not routes

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-02-16 14:42:36 -05:00
cskh 4b5c8d7edc
upgrade test: fix flaky peering through mesh gateway (#16271) 2023-02-15 10:26:43 -05:00
malizz f482e41f0d
add integration tests for troubleshoot (#16223)
* draft

* expose internal admin port and add proxy test

* update tests

* move comment

* add failure case, fix lint issues

* cleanup

* handle error

* revert changes to service interface

* address review comments

* fix merge conflict

* merge the tests so cluster is created once

* fix other test
2023-02-14 14:22:09 -08:00
cskh 3cace09d59
integ test: fix retry upstream test (#16246) 2023-02-13 15:16:56 -05:00
Andrew Stucki 58af8acab9
[API Gateway] Add integration test for HTTP routes (#16236)
* [API Gateway] Add integration test for conflicted TCP listeners

* [API Gateway] Update simple test to leverage intentions and multiple listeners

* Fix broken unit test

* [API Gateway] Add integration test for HTTP routes
2023-02-13 14:18:05 -05:00
cskh 1fd534bede
upgrade test: peering with http router config entry (#16231)
* upgrade test: peering with http router config entry
2023-02-13 14:09:12 -05:00
Andrew Stucki 7dda5e8b1d
[API Gateway] Update simple test to leverage intentions and multiple listeners (#16228)
* [API Gateway] Add integration test for conflicted TCP listeners

* [API Gateway] Update simple test to leverage intentions and multiple listeners

* Fix broken unit test

* PR suggestions
2023-02-10 21:13:44 +00:00
Andrew Stucki 6177653a6a
[API Gateway] Add integration test for conflicted TCP listeners (#16225) 2023-02-10 11:34:01 -06:00
Derek Menteer 4be4dd7af0
Fix peering acceptors in secondary datacenters. (#16230)
Prior to this commit, secondary datacenters could not be initialized
as peering acceptors if ACLs were enabled. This is due to the fact that
internal server-to-server API calls would fail because the management
token was not generated. This PR makes it so that both primary and
secondary datacenters generate their own management token whenever
a leader is elected in their respective clusters.
2023-02-10 09:47:17 -06:00
Andrew Stucki d36ac93fee
Simple API Gateway e2e test for tcp routes (#16222)
* Simple API Gateway e2e test for tcp routes

* Drop DNSSans since we don't front the Gateway with a leaf cert
2023-02-09 16:20:12 -05:00
Andrew Stucki 3f276a470d
Add basic smoke test to make sure an APIGateway runs (#16217) 2023-02-09 11:32:10 -05:00
Anita Akaeze 01fa1031de
Merge pull request #4216 from hashicorp/NET-2252-add-assert-fortioname (#16212)
NET-2252: integration tests: add assert.FortioName
2023-02-09 09:45:31 -05:00
cskh 1c5ca0da53
feat: envoy extension - http local rate limit (#16196)
- http local rate limit
- Apply rate limit only to local_app
- unit test and integ test
2023-02-07 21:56:15 -05:00
cskh 3deda39ca9
Upgrade test: verify the agent token is working after upgrade (#16164)
1. Upgraded agent can inherit the persisted token and join the cluster
2. Agent token prior to upgrade is still valid after upgrade
3. Enable ACL in the agent configuration
2023-02-07 14:13:19 -05:00
wangxinyi7 8c6fac9d97
change log level (#16128) 2023-02-06 12:58:13 -08:00
Anita Akaeze b382aca089
NET-2087: Restart proxy sidecar during cluster upgrade (#16140) 2023-02-06 13:09:44 -05:00
Anita Akaeze 7921a80ad2
add assertions (#16087) 2023-02-03 10:20:22 -05:00
Dan Upton cc02c78ce6
rate: add prometheus definitions, docs, and clearer names (#15945) 2023-02-03 12:01:57 +00:00
Anita Akaeze ccae7fd123
NO_JIRA: Add function to get container status before making api call (#16116) 2023-02-01 10:48:54 -05:00
cskh 177c466ee1
improvement: prevent filter being added twice from any enovy extension (#16112)
* improvement: prevent filter being added twice from any enovy extension

* break if error != nil

* update test
2023-01-31 16:49:45 +00:00
cskh c3f518405a
Upgrade test: retain sidecar containers during upgrade. (#16100) 2023-01-30 09:49:52 -05:00
cskh 66067d8b7a
Upgrade test: peering control plane traffic through mesh gateway (#16091) 2023-01-27 11:25:48 -05:00
cskh c5f771b87c
integ test: remove hardcoded upstream local bind port and max number of envoy sidecar (#16092) 2023-01-27 15:19:10 +00:00
cskh b698e04abd
flaky test: use retry long to wait for config entry upgrade (#16068)
* flaky test: use retry long to wait for config entry upgrade

* increase wait for rbac policy
2023-01-26 11:01:17 -05:00
cskh 8661b6844f
Post upgrade test validation: envoy endpoint and register service (#16067) 2023-01-25 12:27:36 -05:00
Dan Stough b48832dc91
test: run integration tests in parallel (#16035) 2023-01-24 14:51:50 -05:00
R.B. Boyer 248c186cab
test: container tests wait for available networks (#16045) 2023-01-23 14:14:24 -06:00
Dan Stough 0699aac1f8
test(integration): add access logging test (#16008) 2023-01-20 17:02:44 -05:00
John Murret acfc7452e9
Integration test for server rate limiting (#15960)
* rate limit test

* Have tests for the 3 modes

* added assertions for logs and metrics

* add comments to test sections

* add check for rate limit exceeded text in log assertion section.

* fix linting error

* updating test to use KV get and put.  move log assertion tolast.

* Adding logging for blocking messages in enforcing mode.  refactoring tests.

* modified test description

* formatting

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* Update test/integration/consul-container/test/ratelimit/ratelimit_test.go

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* expand log checking so that it ensures both logs are they when they are supposed to be and not there when they are not expected to be.

* add retry on test

* Warn once when rate limit exceed regardless of enforcing vs permissive.

* Update test/integration/consul-container/test/ratelimit/ratelimit_test.go

Co-authored-by: Dan Upton <daniel@floppy.co>

Co-authored-by: Dan Upton <daniel@floppy.co>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-01-19 08:43:33 -07:00
Anita Akaeze 66a88b65f2
NET-2038: Add envoy assertion function of listener verification (#15969) 2023-01-18 16:13:55 -05:00
Dan Stough dbe9d26962
chore(ci): fix compat ent compat tests for sidecars and gateways (#15997) 2023-01-17 17:16:55 -05:00
R.B. Boyer 04673cb6e4
test: general cleanup and fixes for the container integration test suite (#15959)
- remove dep on consul main module
- use 'consul tls' subcommands instead of tlsutil
- use direct json config construction instead of agent/config structs
- merge libcluster and libagent packages together
- more widely use BuildContext
- get the OSS/ENT runner stuff working properly
- reduce some flakiness
- fix some correctness related to http/https API
2023-01-11 15:34:27 -06:00