luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/test/integration/connect/envoy
History
Michael Zalimeni 57265a06f0
Backport of [NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2023-44487) to release/1.16.x (#19420) 
Bump google.golang.org/grpc to 1.56.3

This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
 		2023-10-30 08:58:11 -04:00
..
case-api-gateway-http-hostnames xds: generate endpoints directly from API gateway snapshot (#17390) 2023-05-19 18:50:59 +00:00
case-api-gateway-http-simple xds: generate endpoints directly from API gateway snapshot (#17390) 2023-05-19 18:50:59 +00:00
case-api-gateway-http-splitter-targets Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-api-gateway-http-tls-overlapping-hosts xds: generate endpoints directly from API gateway snapshot (#17390) 2023-05-19 18:50:59 +00:00
case-api-gateway-tcp-conflicted Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-api-gateway-tcp-simple xds: generate endpoints directly from API gateway snapshot (#17390) 2023-05-19 18:50:59 +00:00
case-api-gateway-tcp-tls-overlapping-hosts xds: generate endpoints directly from API gateway snapshot (#17390) 2023-05-19 18:50:59 +00:00
case-badauthz Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-basic Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-centralconf Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-cluster-peering-failover Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-dc-failover-gateways-none Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-dc-failover-gateways-remote Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-defaultsubset Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-features Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-subset-onlypassing Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-subset-redirect Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-svc-failover Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-svc-redirect-http Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-resolver-svc-redirect-tcp Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-router-features Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-splitter-cluster-peering Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-splitter-features Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cfg-splitter-peering-ingress-gateways Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-consul-exec Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cross-peer-control-plane-mgw Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cross-peers Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cross-peers-http Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cross-peers-http-router Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-cross-peers-resolver-redirect-tcp Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-dogstatsd-udp Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-expose-checks Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-gateway-without-services Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-gateways-local Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-gateways-remote Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-grpc Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-http Support Envoy's MaxEjectionPercent and BaseEjectionTime config entries for passive health checks (#15979) 2023-04-26 15:59:48 -07:00
case-http-badauthz Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-grpc Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-http Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-multiple-services Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-peering-failover Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-sds Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-simple Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-gateway-tls Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-ingress-mesh-gateways-resolver Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-l7-intentions Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-lua Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-mesh-to-lambda Wasm Envoy HTTP extension (#16877) 2023-04-06 14:12:07 -07:00
case-multidc-rsa-ca Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-prometheus Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-property-override backport of commit 21263c8a004dffe7e8fcefc234d80abfa3ec66d5 (#17811) 2023-06-20 14:17:28 +00:00
case-stats-proxy Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-statsd-udp Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-terminating-gateway-hostnames Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-terminating-gateway-simple Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-terminating-gateway-subsets Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-terminating-gateway-without-services Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-upstream-config Support Envoy's MaxEjectionPercent and BaseEjectionTime config entries for passive health checks (#15979) 2023-04-26 15:59:48 -07:00
case-wanfed-gw Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
case-wasm [COMPLIANCE] Add Copyright and License Headers (#16854) 2023-04-20 12:40:22 +00:00
case-zipkin Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
consul-base-cfg Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
test-sds-server Backport of [NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2023-44487) to release/1.16.x (#19420) 2023-10-30 08:58:11 -04:00
.gitignore
Dockerfile-bats chore(test): Update bats version 2022-05-24 11:56:08 -04:00
Dockerfile-consul-envoy Run integration tests locally using amd64 (#14365) 2022-08-29 16:13:49 -07:00
Dockerfile-tcpdump Upgrade Alpine image to 3.17 (#16358) 2023-02-22 10:09:41 -06:00
README.md Add more content to integration test docs (#14613) 2022-09-14 16:13:23 -07:00
defaults.sh Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
down.sh Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
helpers.bash Add Prop Override Envoy extension integration test (#17569) 2023-06-06 10:04:31 -04:00
main_test.go Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
run-tests.sh ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00

README.md

Envoy Integration Tests

Overview

These tests validate that Consul is configuring Envoy correctly. They set up various scenarios using Docker containers and then run Bats (a Bash test framework) tests to validate the expected results.

Running Tests

To run the tests locally, cd into the root of the repo and run:

make test-envoy-integ

To run a specific test, run:

make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"

Where case-basic can be replaced by any directory name from this directory.

How Do These Tests Work

  1. The tests are all run through Go test via the main_test.go file. Each directory prefixed by case- is a subtest, for example, TestEnvoy/case-basic and TestEnvoy/case-wanfed-gw.
  2. The real framework for this test suite lives in run-tests.sh. Under the hood, main_test.go just runs run-tests.sh with various arguments.
  3. The tests use your local code by building a Docker image from your local directory just before executing. Note: this is implemented as the docker-envoy-integ Makefile target which is a prerequisite to the test-envoy-integ target, so if you are running the tests by invoking run-tests.sh or go test manually, be sure to rebuild the Docker image to ensure you are running your latest code.
  4. The tests run Docker containers connected by a shared Docker network. All tests have at least one Consul server running and then depending on the test case they will spin up additional services or gateways. Some tests run multiple Consul servers to test multi-DC setups. See the case-wanfed-gateway test for an example of this.
  5. At a high level, tests are set up by executing the setup.sh script in each directory. This script uses helper functions defined in helpers.bash. Once the test case is set up, the validations in verify.bats are run.
  6. If there exists a vars.sh file in the top-level of the case directory, the test runner will source it prior to invoking the run_tests, test_teardown and capture_logs phases of the test scenario.
  7. If there exists a capture.sh file in the top-level of the case directory, it will be executed after the test is done, but prior to the containers being removed. This is useful for capturing logs or Envoy snapshots for debugging test failures.
  8. Any files matching the *.hcl glob will be copied to the container $WORKDIR/$CLUSTER/consul directory prior to running the tests. This is useful for defining Consul configuration for each agent process to load on start up.
  9. In CI, the tests are executed against different Envoy versions and with both XDS_TARGET=client and XDS_TARGET=server. If set to client, a Consul server and client are run, and services are registered against the client. If set to server, only a Consul server is run, and services are registered against the server. By default, XDS_TARGET is set to server. See this comment for more information.

Investigating Test Failures

  • When tests fail in CI, logs and additional debugging data are available in the artifacts of the test run.
  • You can re-run the tests locally by running make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/<case-directory>" where <case-directory> is replaced with the name of the directory, e.g. case-basic.
  • Locally, all the logs of the failed test will be available in workdir in this directory.
  • You can run with DEBUG=1 to print out all the commands being run, e.g. DEBUG=1 make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic".
  • If you want to prevent the Docker containers from being spun down after test failure, add a sleep 9999 to the verify.bats test case that's failing.

Creating a New Test

Below is a rough outline for creating a new test. For the example, assume our test case will be called my-feature.

  1. Create a new directory named case-my-feature
  2. If the test involves multiple datacenters/clusters, create a separate subdirectory for each cluster (eg. case-my-feature/{dc1,dc2})
  3. Add any necessary configuration to *.hcl files in the respective cluster subdirectory (or the test case directory when using a single cluster).
  4. Create a setup.sh file in the case directory
  5. Create a capture.sh file in the case directory
  6. Create a verify.bats file in the case directory
  7. Populate the setup.sh, capture.sh and verify.bats files with the appropriate code for running your test, validating its state and capturing any logs or snapshots.