583 lines
15 KiB
Go
583 lines
15 KiB
Go
package fingerprint
|
|
|
|
import (
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/nomad/ci"
|
|
"github.com/hashicorp/nomad/client/config"
|
|
agentconsul "github.com/hashicorp/nomad/command/agent/consul"
|
|
"github.com/hashicorp/nomad/helper/testlog"
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// fakeConsul creates an HTTP server mimicking Consul /v1/agent/self endpoint on
|
|
// the first request, and alternates between success and failure responses on
|
|
// subsequent requests
|
|
func fakeConsul(payload string) (*httptest.Server, *config.Config) {
|
|
working := true
|
|
|
|
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if working {
|
|
_, _ = io.WriteString(w, payload)
|
|
working = false
|
|
} else {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
working = true
|
|
}
|
|
}))
|
|
|
|
cfg := config.DefaultConfig()
|
|
cfg.ConsulConfig.Addr = strings.TrimPrefix(ts.URL, `http://`)
|
|
return ts, cfg
|
|
}
|
|
|
|
func fakeConsulPayload(t *testing.T, filename string) string {
|
|
b, err := os.ReadFile(filename)
|
|
require.NoError(t, err)
|
|
return string(b)
|
|
}
|
|
|
|
func newConsulFingerPrint(t *testing.T) *ConsulFingerprint {
|
|
return NewConsulFingerprint(testlog.HCLogger(t)).(*ConsulFingerprint)
|
|
}
|
|
|
|
func TestConsulFingerprint_server(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("is server", func(t *testing.T) {
|
|
s, ok := fp.server(agentconsul.Self{
|
|
"Config": {"Server": true},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "true", s)
|
|
})
|
|
|
|
t.Run("is not server", func(t *testing.T) {
|
|
s, ok := fp.server(agentconsul.Self{
|
|
"Config": {"Server": false},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", s)
|
|
})
|
|
|
|
t.Run("missing", func(t *testing.T) {
|
|
_, ok := fp.server(agentconsul.Self{
|
|
"Config": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.server(agentconsul.Self{
|
|
"Config": {"Server": 9000},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_version(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("oss", func(t *testing.T) {
|
|
v, ok := fp.version(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "v1.9.5", v)
|
|
})
|
|
|
|
t.Run("ent", func(t *testing.T) {
|
|
v, ok := fp.version(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5+ent"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "v1.9.5+ent", v)
|
|
})
|
|
|
|
t.Run("missing", func(t *testing.T) {
|
|
_, ok := fp.version(agentconsul.Self{
|
|
"Config": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.version(agentconsul.Self{
|
|
"Config": {"Version": 9000},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_sku(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("oss", func(t *testing.T) {
|
|
s, ok := fp.sku(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "oss", s)
|
|
})
|
|
|
|
t.Run("oss dev", func(t *testing.T) {
|
|
s, ok := fp.sku(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5-dev"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "oss", s)
|
|
})
|
|
|
|
t.Run("ent", func(t *testing.T) {
|
|
s, ok := fp.sku(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5+ent"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "ent", s)
|
|
})
|
|
|
|
t.Run("ent dev", func(t *testing.T) {
|
|
s, ok := fp.sku(agentconsul.Self{
|
|
"Config": {"Version": "v1.9.5+ent-dev"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "ent", s)
|
|
})
|
|
|
|
t.Run("missing", func(t *testing.T) {
|
|
_, ok := fp.sku(agentconsul.Self{
|
|
"Config": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.sku(agentconsul.Self{
|
|
"Config": {"Version": "***"},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_revision(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("ok", func(t *testing.T) {
|
|
r, ok := fp.revision(agentconsul.Self{
|
|
"Config": {"Revision": "3c1c22679"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "3c1c22679", r)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.revision(agentconsul.Self{
|
|
"Config": {"Revision": 9000},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("missing", func(t *testing.T) {
|
|
_, ok := fp.revision(agentconsul.Self{
|
|
"Config": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_dc(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("ok", func(t *testing.T) {
|
|
dc, ok := fp.dc(agentconsul.Self{
|
|
"Config": {"Datacenter": "dc1"},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "dc1", dc)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.dc(agentconsul.Self{
|
|
"Config": {"Datacenter": 9000},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("missing", func(t *testing.T) {
|
|
_, ok := fp.dc(agentconsul.Self{
|
|
"Config": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_segment(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("ok", func(t *testing.T) {
|
|
s, ok := fp.segment(agentconsul.Self{
|
|
"Member": {"Tags": map[string]interface{}{"segment": "seg1"}},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "seg1", s)
|
|
})
|
|
|
|
t.Run("segment missing", func(t *testing.T) {
|
|
_, ok := fp.segment(agentconsul.Self{
|
|
"Member": {"Tags": map[string]interface{}{}},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("tags missing", func(t *testing.T) {
|
|
_, ok := fp.segment(agentconsul.Self{
|
|
"Member": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("malformed", func(t *testing.T) {
|
|
_, ok := fp.segment(agentconsul.Self{
|
|
"Member": {"Tags": map[string]interface{}{"segment": 9000}},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_connect(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("connect enabled", func(t *testing.T) {
|
|
s, ok := fp.connect(agentconsul.Self{
|
|
"DebugConfig": {"ConnectEnabled": true},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "true", s)
|
|
})
|
|
|
|
t.Run("connect not enabled", func(t *testing.T) {
|
|
s, ok := fp.connect(agentconsul.Self{
|
|
"DebugConfig": {"ConnectEnabled": false},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", s)
|
|
})
|
|
|
|
t.Run("connect missing", func(t *testing.T) {
|
|
_, ok := fp.connect(agentconsul.Self{
|
|
"DebugConfig": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_grpc(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("grpc set pre-1.14 http", func(t *testing.T) {
|
|
s, ok := fp.grpc("http")(agentconsul.Self{
|
|
"Config": {"Version": "1.13.3"},
|
|
"DebugConfig": {"GRPCPort": 8502.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "8502", s)
|
|
})
|
|
|
|
t.Run("grpc disabled pre-1.14 http", func(t *testing.T) {
|
|
s, ok := fp.grpc("http")(agentconsul.Self{
|
|
"Config": {"Version": "1.13.3"},
|
|
"DebugConfig": {"GRPCPort": -1.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "-1", s)
|
|
})
|
|
|
|
t.Run("grpc set pre-1.14 https", func(t *testing.T) {
|
|
s, ok := fp.grpc("https")(agentconsul.Self{
|
|
"Config": {"Version": "1.13.3"},
|
|
"DebugConfig": {"GRPCPort": 8502.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "8502", s)
|
|
})
|
|
|
|
t.Run("grpc disabled pre-1.14 https", func(t *testing.T) {
|
|
s, ok := fp.grpc("https")(agentconsul.Self{
|
|
"Config": {"Version": "1.13.3"},
|
|
"DebugConfig": {"GRPCPort": -1.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "-1", s)
|
|
})
|
|
|
|
t.Run("grpc set post-1.14 http", func(t *testing.T) {
|
|
s, ok := fp.grpc("http")(agentconsul.Self{
|
|
"Config": {"Version": "1.14.0"},
|
|
"DebugConfig": {"GRPCPort": 8502.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "8502", s)
|
|
})
|
|
|
|
t.Run("grpc disabled post-1.14 http", func(t *testing.T) {
|
|
s, ok := fp.grpc("http")(agentconsul.Self{
|
|
"Config": {"Version": "1.14.0"},
|
|
"DebugConfig": {"GRPCPort": -1.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "-1", s)
|
|
})
|
|
|
|
t.Run("grpc disabled post-1.14 https", func(t *testing.T) {
|
|
s, ok := fp.grpc("https")(agentconsul.Self{
|
|
"Config": {"Version": "1.14.0"},
|
|
"DebugConfig": {"GRPCTLSPort": -1.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "-1", s)
|
|
})
|
|
|
|
t.Run("grpc set post-1.14 https", func(t *testing.T) {
|
|
s, ok := fp.grpc("https")(agentconsul.Self{
|
|
"Config": {"Version": "1.14.0"},
|
|
"DebugConfig": {"GRPCTLSPort": 8503.0}, // JSON numbers are floats
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "8503", s)
|
|
})
|
|
|
|
t.Run("grpc missing http", func(t *testing.T) {
|
|
_, ok := fp.grpc("http")(agentconsul.Self{
|
|
"DebugConfig": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
|
|
t.Run("grpc missing https", func(t *testing.T) {
|
|
_, ok := fp.grpc("https")(agentconsul.Self{
|
|
"DebugConfig": {},
|
|
})
|
|
require.False(t, ok)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_namespaces(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
fp := newConsulFingerPrint(t)
|
|
|
|
t.Run("supports namespaces", func(t *testing.T) {
|
|
value, ok := fp.namespaces(agentconsul.Self{
|
|
"Stats": {"license": map[string]interface{}{"features": "Automated Backups, Automated Upgrades, Enhanced Read Scalability, Network Segments, Redundancy Zone, Advanced Network Federation, Namespaces, SSO, Audit Logging"}},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "true", value)
|
|
})
|
|
|
|
t.Run("no namespaces", func(t *testing.T) {
|
|
value, ok := fp.namespaces(agentconsul.Self{
|
|
"Stats": {"license": map[string]interface{}{"features": "Automated Backups, Automated Upgrades, Enhanced Read Scalability, Network Segments, Redundancy Zone, Advanced Network Federation, SSO, Audit Logging"}},
|
|
})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", value)
|
|
|
|
})
|
|
|
|
t.Run("stats missing", func(t *testing.T) {
|
|
value, ok := fp.namespaces(agentconsul.Self{})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", value)
|
|
})
|
|
|
|
t.Run("license missing", func(t *testing.T) {
|
|
value, ok := fp.namespaces(agentconsul.Self{"Stats": {}})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", value)
|
|
})
|
|
|
|
t.Run("features missing", func(t *testing.T) {
|
|
value, ok := fp.namespaces(agentconsul.Self{"Stats": {"license": map[string]interface{}{}}})
|
|
require.True(t, ok)
|
|
require.Equal(t, "false", value)
|
|
})
|
|
}
|
|
|
|
func TestConsulFingerprint_Fingerprint_oss(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
cf := newConsulFingerPrint(t)
|
|
|
|
ts, cfg := fakeConsul(fakeConsulPayload(t, "test_fixtures/consul/agent_self_oss.json"))
|
|
defer ts.Close()
|
|
|
|
node := &structs.Node{Attributes: make(map[string]string)}
|
|
|
|
// consul not available before first run
|
|
require.Equal(t, consulUnavailable, cf.lastState)
|
|
|
|
// execute first query with good response
|
|
var resp FingerprintResponse
|
|
err := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp)
|
|
require.NoError(t, err)
|
|
require.Equal(t, map[string]string{
|
|
"consul.datacenter": "dc1",
|
|
"consul.revision": "3c1c22679",
|
|
"consul.segment": "seg1",
|
|
"consul.server": "true",
|
|
"consul.sku": "oss",
|
|
"consul.version": "1.9.5",
|
|
"consul.connect": "true",
|
|
"consul.grpc": "8502",
|
|
"consul.ft.namespaces": "false",
|
|
"unique.consul.name": "HAL9000",
|
|
}, resp.Attributes)
|
|
require.True(t, resp.Detected)
|
|
|
|
// consul now available
|
|
require.Equal(t, consulAvailable, cf.lastState)
|
|
|
|
var resp2 FingerprintResponse
|
|
|
|
// pretend attributes set for failing request
|
|
node.Attributes["consul.datacenter"] = "foo"
|
|
node.Attributes["consul.revision"] = "foo"
|
|
node.Attributes["consul.segment"] = "foo"
|
|
node.Attributes["consul.server"] = "foo"
|
|
node.Attributes["consul.sku"] = "foo"
|
|
node.Attributes["consul.version"] = "foo"
|
|
node.Attributes["consul.connect"] = "foo"
|
|
node.Attributes["connect.grpc"] = "foo"
|
|
node.Attributes["unique.consul.name"] = "foo"
|
|
|
|
// execute second query with error
|
|
err2 := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp2)
|
|
require.NoError(t, err2) // does not return error
|
|
require.Nil(t, resp2.Attributes) // attributes unset so they don't change
|
|
require.True(t, resp.Detected) // never downgrade
|
|
|
|
// consul no longer available
|
|
require.Equal(t, consulUnavailable, cf.lastState)
|
|
|
|
// execute third query no error
|
|
var resp3 FingerprintResponse
|
|
err3 := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp3)
|
|
require.NoError(t, err3)
|
|
require.Equal(t, map[string]string{
|
|
"consul.datacenter": "dc1",
|
|
"consul.revision": "3c1c22679",
|
|
"consul.segment": "seg1",
|
|
"consul.server": "true",
|
|
"consul.sku": "oss",
|
|
"consul.version": "1.9.5",
|
|
"consul.connect": "true",
|
|
"consul.grpc": "8502",
|
|
"consul.ft.namespaces": "false",
|
|
"unique.consul.name": "HAL9000",
|
|
}, resp3.Attributes)
|
|
|
|
// consul now available again
|
|
require.Equal(t, consulAvailable, cf.lastState)
|
|
require.True(t, resp.Detected)
|
|
}
|
|
|
|
func TestConsulFingerprint_Fingerprint_ent(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
cf := newConsulFingerPrint(t)
|
|
|
|
ts, cfg := fakeConsul(fakeConsulPayload(t, "test_fixtures/consul/agent_self_ent.json"))
|
|
defer ts.Close()
|
|
|
|
node := &structs.Node{Attributes: make(map[string]string)}
|
|
|
|
// consul not available before first run
|
|
require.Equal(t, consulUnavailable, cf.lastState)
|
|
|
|
// execute first query with good response
|
|
var resp FingerprintResponse
|
|
err := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp)
|
|
require.NoError(t, err)
|
|
require.Equal(t, map[string]string{
|
|
"consul.datacenter": "dc1",
|
|
"consul.revision": "22ce6c6ad",
|
|
"consul.segment": "seg1",
|
|
"consul.server": "true",
|
|
"consul.sku": "ent",
|
|
"consul.version": "1.9.5+ent",
|
|
"consul.ft.namespaces": "true",
|
|
"consul.connect": "true",
|
|
"consul.grpc": "8502",
|
|
"unique.consul.name": "HAL9000",
|
|
}, resp.Attributes)
|
|
require.True(t, resp.Detected)
|
|
|
|
// consul now available
|
|
require.Equal(t, consulAvailable, cf.lastState)
|
|
|
|
var resp2 FingerprintResponse
|
|
|
|
// pretend attributes set for failing request
|
|
node.Attributes["consul.datacenter"] = "foo"
|
|
node.Attributes["consul.revision"] = "foo"
|
|
node.Attributes["consul.segment"] = "foo"
|
|
node.Attributes["consul.server"] = "foo"
|
|
node.Attributes["consul.sku"] = "foo"
|
|
node.Attributes["consul.version"] = "foo"
|
|
node.Attributes["consul.ft.namespaces"] = "foo"
|
|
node.Attributes["consul.connect"] = "foo"
|
|
node.Attributes["connect.grpc"] = "foo"
|
|
node.Attributes["unique.consul.name"] = "foo"
|
|
|
|
// execute second query with error
|
|
err2 := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp2)
|
|
require.NoError(t, err2) // does not return error
|
|
require.Nil(t, resp2.Attributes) // attributes unset so they don't change
|
|
require.True(t, resp.Detected) // never downgrade
|
|
|
|
// consul no longer available
|
|
require.Equal(t, consulUnavailable, cf.lastState)
|
|
|
|
// execute third query no error
|
|
var resp3 FingerprintResponse
|
|
err3 := cf.Fingerprint(&FingerprintRequest{Config: cfg, Node: node}, &resp3)
|
|
require.NoError(t, err3)
|
|
require.Equal(t, map[string]string{
|
|
"consul.datacenter": "dc1",
|
|
"consul.revision": "22ce6c6ad",
|
|
"consul.segment": "seg1",
|
|
"consul.server": "true",
|
|
"consul.sku": "ent",
|
|
"consul.version": "1.9.5+ent",
|
|
"consul.ft.namespaces": "true",
|
|
"consul.connect": "true",
|
|
"consul.grpc": "8502",
|
|
"unique.consul.name": "HAL9000",
|
|
}, resp3.Attributes)
|
|
|
|
// consul now available again
|
|
require.Equal(t, consulAvailable, cf.lastState)
|
|
require.True(t, resp.Detected)
|
|
}
|