2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 13:12:13 +00:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 18:39:22 +00:00
|
|
|
|
2018-10-03 12:36:38 +00:00
|
|
|
package proxycfg
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
2023-03-30 14:08:38 +00:00
|
|
|
"github.com/hashicorp/consul/agent/configentry"
|
2019-08-19 18:03:03 +00:00
|
|
|
"github.com/hashicorp/consul/agent/connect"
|
2019-07-15 15:09:52 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/discoverychain"
|
2023-06-13 15:54:45 +00:00
|
|
|
"github.com/hashicorp/consul/agent/leafcert"
|
2022-07-13 16:14:57 +00:00
|
|
|
"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
|
2018-10-03 12:36:38 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2021-12-13 17:43:33 +00:00
|
|
|
"github.com/hashicorp/consul/api"
|
2023-02-17 21:14:46 +00:00
|
|
|
"github.com/hashicorp/consul/proto/private/pbpeering"
|
2020-01-28 23:50:41 +00:00
|
|
|
"github.com/hashicorp/consul/sdk/testutil"
|
2018-10-03 12:36:38 +00:00
|
|
|
)
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
const testSource ProxySource = "test"
|
|
|
|
|
2020-02-06 15:52:25 +00:00
|
|
|
func mustCopyProxyConfig(t *testing.T, ns *structs.NodeService) structs.ConnectProxyConfig {
|
|
|
|
cfg, err := copyProxyConfig(ns)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return cfg
|
|
|
|
}
|
|
|
|
|
2018-10-03 12:36:38 +00:00
|
|
|
// assertLastReqArgs verifies that each request type had the correct source
|
|
|
|
// parameters (e.g. Datacenter name) and token.
|
2022-06-01 15:18:06 +00:00
|
|
|
func assertLastReqArgs(t *testing.T, dataSources *TestDataSources, token string, source *structs.QuerySource) {
|
2018-10-03 12:36:38 +00:00
|
|
|
t.Helper()
|
|
|
|
// Roots needs correct DC and token
|
2022-06-01 15:18:06 +00:00
|
|
|
rootReq := dataSources.CARoots.LastReq()
|
|
|
|
require.Equal(t, token, rootReq.Token)
|
|
|
|
require.Equal(t, source.Datacenter, rootReq.Datacenter)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Leaf needs correct DC and token
|
2022-06-01 15:18:06 +00:00
|
|
|
leafReq := dataSources.LeafCertificate.LastReq()
|
|
|
|
require.Equal(t, token, leafReq.Token)
|
|
|
|
require.Equal(t, source.Datacenter, leafReq.Datacenter)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Intentions needs correct DC and token
|
2022-06-01 15:18:06 +00:00
|
|
|
intReq := dataSources.Intentions.LastReq()
|
|
|
|
require.Equal(t, token, intReq.Token)
|
|
|
|
require.Equal(t, source.Datacenter, intReq.Datacenter)
|
2018-10-03 12:36:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestManager_BasicLifecycle(t *testing.T) {
|
2020-12-07 18:42:55 +00:00
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
}
|
|
|
|
|
2019-07-12 19:16:21 +00:00
|
|
|
// Create a bunch of common data for the various test cases.
|
2018-10-03 12:36:38 +00:00
|
|
|
roots, leaf := TestCerts(t)
|
|
|
|
|
2019-07-12 19:16:21 +00:00
|
|
|
dbDefaultChain := func() *structs.CompiledDiscoveryChain {
|
2023-03-30 14:08:38 +00:00
|
|
|
set := configentry.NewDiscoveryChainSet()
|
|
|
|
set.AddEntries(&structs.ServiceResolverConfigEntry{
|
2021-09-07 20:29:32 +00:00
|
|
|
Kind: structs.ServiceResolver,
|
|
|
|
Name: "db",
|
|
|
|
})
|
2023-03-30 14:08:38 +00:00
|
|
|
return discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", func(req *discoverychain.CompileRequest) {
|
2021-09-07 20:29:32 +00:00
|
|
|
// This is because structs.TestUpstreams uses an opaque config
|
|
|
|
// to override connect timeouts.
|
|
|
|
req.OverrideConnectTimeout = 1 * time.Second
|
2023-03-30 14:08:38 +00:00
|
|
|
}, set)
|
|
|
|
}
|
|
|
|
dbSplitChain := func() *structs.CompiledDiscoveryChain {
|
|
|
|
set := configentry.NewDiscoveryChainSet()
|
|
|
|
set.AddEntries(&structs.ProxyConfigEntry{
|
2021-09-07 20:29:32 +00:00
|
|
|
Kind: structs.ProxyDefaults,
|
|
|
|
Name: structs.ProxyConfigGlobal,
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"protocol": "http",
|
2019-08-02 03:03:34 +00:00
|
|
|
},
|
2021-09-07 20:29:32 +00:00
|
|
|
}, &structs.ServiceResolverConfigEntry{
|
|
|
|
Kind: structs.ServiceResolver,
|
|
|
|
Name: "db",
|
|
|
|
Subsets: map[string]structs.ServiceResolverSubset{
|
|
|
|
"v1": {
|
|
|
|
Filter: "Service.Meta.version == v1",
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2021-09-07 20:29:32 +00:00
|
|
|
"v2": {
|
|
|
|
Filter: "Service.Meta.version == v2",
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
|
|
|
},
|
2021-09-07 20:29:32 +00:00
|
|
|
}, &structs.ServiceSplitterConfigEntry{
|
|
|
|
Kind: structs.ServiceSplitter,
|
|
|
|
Name: "db",
|
|
|
|
Splits: []structs.ServiceSplit{
|
|
|
|
{Weight: 60, ServiceSubset: "v1"},
|
|
|
|
{Weight: 40, ServiceSubset: "v2"},
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2021-09-07 20:29:32 +00:00
|
|
|
})
|
2023-03-30 14:08:38 +00:00
|
|
|
return discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", "trustdomain.consul", func(req *discoverychain.CompileRequest) {
|
|
|
|
// This is because structs.TestUpstreams uses an opaque config
|
|
|
|
// to override connect timeouts.
|
|
|
|
req.OverrideConnectTimeout = 1 * time.Second
|
|
|
|
}, set)
|
2019-07-12 19:16:21 +00:00
|
|
|
}
|
2021-03-17 19:40:39 +00:00
|
|
|
|
2023-03-22 18:56:18 +00:00
|
|
|
upstreams := structs.TestUpstreams(t, false)
|
2021-03-17 19:40:39 +00:00
|
|
|
for i := range upstreams {
|
|
|
|
upstreams[i].DestinationNamespace = structs.IntentionDefaultNamespace
|
2021-12-13 17:43:33 +00:00
|
|
|
upstreams[i].DestinationPartition = api.PartitionDefaultName
|
2021-03-17 19:40:39 +00:00
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
webProxy := &structs.NodeService{
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
|
|
|
ID: "web-sidecar-proxy",
|
|
|
|
Service: "web-sidecar-proxy",
|
|
|
|
Port: 9999,
|
2020-03-09 20:59:02 +00:00
|
|
|
Meta: map[string]string{},
|
2019-07-12 19:16:21 +00:00
|
|
|
Proxy: structs.ConnectProxyConfig{
|
|
|
|
DestinationServiceID: "web",
|
|
|
|
DestinationServiceName: "web",
|
|
|
|
LocalServiceAddress: "127.0.0.1",
|
|
|
|
LocalServicePort: 8080,
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"foo": "bar",
|
|
|
|
},
|
2021-03-17 19:40:39 +00:00
|
|
|
Upstreams: upstreams,
|
2019-07-02 03:10:51 +00:00
|
|
|
},
|
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
rootsReq := &structs.DCSpecificRequest{
|
2019-07-12 19:16:21 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token"},
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
2023-06-13 15:54:45 +00:00
|
|
|
leafReq := &leafcert.ConnectCALeafRequest{
|
2019-07-12 19:16:21 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
Token: "my-token",
|
|
|
|
Service: "web",
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
|
|
|
|
2022-07-01 15:15:49 +00:00
|
|
|
intentionReq := &structs.ServiceSpecificRequest{
|
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token"},
|
|
|
|
EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
|
|
|
|
ServiceName: "web",
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
meshConfigReq := &structs.ConfigEntryQuery{
|
2022-03-30 18:43:59 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token"},
|
|
|
|
Kind: structs.MeshConfig,
|
|
|
|
Name: structs.MeshConfigMesh,
|
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
dbChainReq := &structs.DiscoveryChainRequest{
|
2019-08-02 03:03:34 +00:00
|
|
|
Name: "db",
|
|
|
|
EvaluateInDatacenter: "dc1",
|
2020-02-06 15:52:25 +00:00
|
|
|
EvaluateInNamespace: "default",
|
2021-09-07 20:29:32 +00:00
|
|
|
EvaluateInPartition: "default",
|
2019-08-02 03:03:34 +00:00
|
|
|
// This is because structs.TestUpstreams uses an opaque config
|
|
|
|
// to override connect timeouts.
|
|
|
|
OverrideConnectTimeout: 1 * time.Second,
|
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token"},
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
dbHealthReq := &structs.ServiceSpecificRequest{
|
2020-01-24 15:04:58 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token", Filter: ""},
|
|
|
|
ServiceName: "db",
|
|
|
|
Connect: true,
|
2021-07-22 18:20:45 +00:00
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
|
|
|
db_v1_HealthReq := &structs.ServiceSpecificRequest{
|
2019-07-12 19:16:21 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token",
|
|
|
|
Filter: "Service.Meta.version == v1",
|
|
|
|
},
|
2020-01-24 15:04:58 +00:00
|
|
|
ServiceName: "db",
|
|
|
|
Connect: true,
|
2021-07-22 18:20:45 +00:00
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
|
|
|
db_v2_HealthReq := &structs.ServiceSpecificRequest{
|
2019-07-12 19:16:21 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "my-token",
|
|
|
|
Filter: "Service.Meta.version == v2",
|
2019-07-02 03:10:51 +00:00
|
|
|
},
|
2020-01-24 15:04:58 +00:00
|
|
|
ServiceName: "db",
|
|
|
|
Connect: true,
|
2021-07-22 18:20:45 +00:00
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2021-04-15 19:54:40 +00:00
|
|
|
db := structs.NewServiceName("db", nil)
|
2022-01-20 16:12:04 +00:00
|
|
|
dbUID := NewUpstreamIDFromServiceName(db)
|
2021-04-15 19:54:40 +00:00
|
|
|
|
2019-07-12 19:16:21 +00:00
|
|
|
// Create test cases using some of the common data above.
|
|
|
|
tests := []*testcase_BasicLifecycle{
|
|
|
|
{
|
|
|
|
name: "simple-default-resolver",
|
2022-06-01 15:18:06 +00:00
|
|
|
setup: func(t *testing.T, dataSources *TestDataSources) {
|
2019-07-12 19:16:21 +00:00
|
|
|
// Note that we deliberately leave the 'geo-cache' prepared query to time out
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.Health.Set(dbHealthReq, &structs.IndexedCheckServiceNodes{
|
2021-08-19 00:03:22 +00:00
|
|
|
Nodes: TestUpstreamNodes(t, db.Name),
|
2019-07-12 19:16:21 +00:00
|
|
|
})
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.CompiledDiscoveryChain.Set(dbChainReq, &structs.DiscoveryChainResponse{
|
2019-07-12 19:16:21 +00:00
|
|
|
Chain: dbDefaultChain(),
|
|
|
|
})
|
|
|
|
},
|
|
|
|
expectSnap: &ConfigSnapshot{
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
|
|
|
Service: webProxy.Service,
|
2022-05-27 11:38:52 +00:00
|
|
|
ProxyID: ProxyID{ServiceID: webProxy.CompoundServiceID()},
|
2019-07-12 19:16:21 +00:00
|
|
|
Address: webProxy.Address,
|
|
|
|
Port: webProxy.Port,
|
2020-02-06 15:52:25 +00:00
|
|
|
Proxy: mustCopyProxyConfig(t, webProxy),
|
2020-03-09 20:59:02 +00:00
|
|
|
ServiceMeta: webProxy.Meta,
|
2019-07-12 19:16:21 +00:00
|
|
|
TaggedAddresses: make(map[string]structs.ServiceAddress),
|
|
|
|
Roots: roots,
|
|
|
|
ConnectProxy: configSnapshotConnectProxy{
|
2020-04-16 21:00:48 +00:00
|
|
|
ConfigSnapshotUpstreams: ConfigSnapshotUpstreams{
|
2022-03-30 18:43:59 +00:00
|
|
|
Leaf: leaf,
|
|
|
|
MeshConfigSet: true,
|
2022-01-20 16:12:04 +00:00
|
|
|
DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{
|
|
|
|
dbUID: dbDefaultChain(),
|
2020-04-16 21:00:48 +00:00
|
|
|
},
|
2022-01-20 16:12:04 +00:00
|
|
|
WatchedUpstreamEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{
|
|
|
|
dbUID: {
|
2021-09-07 20:29:32 +00:00
|
|
|
"db.default.default.dc1": TestUpstreamNodes(t, db.Name),
|
2020-04-16 21:00:48 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
WatchedGateways: nil, // Clone() clears this out
|
2022-01-20 16:12:04 +00:00
|
|
|
WatchedGatewayEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{
|
|
|
|
dbUID: {},
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2022-09-27 13:49:28 +00:00
|
|
|
WatchedLocalGWEndpoints: watch.NewMap[string, structs.CheckServiceNodes](),
|
2022-01-20 16:12:04 +00:00
|
|
|
UpstreamConfig: map[UpstreamID]*structs.Upstream{
|
|
|
|
NewUpstreamID(&upstreams[0]): &upstreams[0],
|
|
|
|
NewUpstreamID(&upstreams[1]): &upstreams[1],
|
|
|
|
NewUpstreamID(&upstreams[2]): &upstreams[2],
|
2021-03-17 19:40:39 +00:00
|
|
|
},
|
2022-06-10 21:11:40 +00:00
|
|
|
PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{},
|
|
|
|
PassthroughIndices: map[string]indexedTarget{},
|
2022-07-13 16:14:57 +00:00
|
|
|
UpstreamPeerTrustBundles: watch.NewMap[PeerName, *pbpeering.PeeringTrustBundle](),
|
|
|
|
PeerUpstreamEndpoints: watch.NewMap[UpstreamID, structs.CheckServiceNodes](),
|
2022-06-10 21:11:40 +00:00
|
|
|
PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{},
|
2019-08-05 18:30:35 +00:00
|
|
|
},
|
2022-01-20 16:12:04 +00:00
|
|
|
PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{},
|
2022-07-14 18:45:51 +00:00
|
|
|
DestinationsUpstream: watch.NewMap[UpstreamID, *structs.ServiceConfigEntry](),
|
|
|
|
DestinationGateways: watch.NewMap[UpstreamID, structs.CheckServiceNodes](),
|
2020-01-24 15:04:58 +00:00
|
|
|
WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{},
|
2022-07-01 15:15:49 +00:00
|
|
|
Intentions: TestIntentions(),
|
2020-08-27 17:20:58 +00:00
|
|
|
IntentionsSet: true,
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
|
|
|
Datacenter: "dc1",
|
2022-04-05 21:10:06 +00:00
|
|
|
Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")},
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2019-07-02 03:10:51 +00:00
|
|
|
},
|
2019-07-12 19:16:21 +00:00
|
|
|
{
|
|
|
|
name: "chain-resolver-with-version-split",
|
2022-06-01 15:18:06 +00:00
|
|
|
setup: func(t *testing.T, dataSources *TestDataSources) {
|
2019-07-12 19:16:21 +00:00
|
|
|
// Note that we deliberately leave the 'geo-cache' prepared query to time out
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.Health.Set(db_v1_HealthReq, &structs.IndexedCheckServiceNodes{
|
2021-08-19 00:03:22 +00:00
|
|
|
Nodes: TestUpstreamNodes(t, db.Name),
|
2019-07-12 19:16:21 +00:00
|
|
|
})
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.Health.Set(db_v2_HealthReq, &structs.IndexedCheckServiceNodes{
|
2019-07-12 19:16:21 +00:00
|
|
|
Nodes: TestUpstreamNodesAlternate(t),
|
|
|
|
})
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.CompiledDiscoveryChain.Set(dbChainReq, &structs.DiscoveryChainResponse{
|
2019-07-12 19:16:21 +00:00
|
|
|
Chain: dbSplitChain(),
|
|
|
|
})
|
|
|
|
},
|
|
|
|
expectSnap: &ConfigSnapshot{
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
|
|
|
Service: webProxy.Service,
|
2022-05-27 11:38:52 +00:00
|
|
|
ProxyID: ProxyID{ServiceID: webProxy.CompoundServiceID()},
|
2019-07-12 19:16:21 +00:00
|
|
|
Address: webProxy.Address,
|
|
|
|
Port: webProxy.Port,
|
2020-02-06 15:52:25 +00:00
|
|
|
Proxy: mustCopyProxyConfig(t, webProxy),
|
2020-03-09 20:59:02 +00:00
|
|
|
ServiceMeta: webProxy.Meta,
|
2019-07-12 19:16:21 +00:00
|
|
|
TaggedAddresses: make(map[string]structs.ServiceAddress),
|
|
|
|
Roots: roots,
|
|
|
|
ConnectProxy: configSnapshotConnectProxy{
|
2020-04-16 21:00:48 +00:00
|
|
|
ConfigSnapshotUpstreams: ConfigSnapshotUpstreams{
|
2022-03-30 18:43:59 +00:00
|
|
|
Leaf: leaf,
|
|
|
|
MeshConfigSet: true,
|
2022-01-20 16:12:04 +00:00
|
|
|
DiscoveryChain: map[UpstreamID]*structs.CompiledDiscoveryChain{
|
|
|
|
dbUID: dbSplitChain(),
|
2020-04-16 21:00:48 +00:00
|
|
|
},
|
2022-01-20 16:12:04 +00:00
|
|
|
WatchedUpstreamEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{
|
|
|
|
dbUID: {
|
2021-09-07 20:29:32 +00:00
|
|
|
"v1.db.default.default.dc1": TestUpstreamNodes(t, db.Name),
|
|
|
|
"v2.db.default.default.dc1": TestUpstreamNodesAlternate(t),
|
2020-04-16 21:00:48 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
WatchedGateways: nil, // Clone() clears this out
|
2022-01-20 16:12:04 +00:00
|
|
|
WatchedGatewayEndpoints: map[UpstreamID]map[string]structs.CheckServiceNodes{
|
|
|
|
dbUID: {},
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2022-09-27 13:49:28 +00:00
|
|
|
WatchedLocalGWEndpoints: watch.NewMap[string, structs.CheckServiceNodes](),
|
2022-01-20 16:12:04 +00:00
|
|
|
UpstreamConfig: map[UpstreamID]*structs.Upstream{
|
|
|
|
NewUpstreamID(&upstreams[0]): &upstreams[0],
|
|
|
|
NewUpstreamID(&upstreams[1]): &upstreams[1],
|
|
|
|
NewUpstreamID(&upstreams[2]): &upstreams[2],
|
2021-03-17 19:40:39 +00:00
|
|
|
},
|
2022-06-10 21:11:40 +00:00
|
|
|
PassthroughUpstreams: map[UpstreamID]map[string]map[string]struct{}{},
|
|
|
|
PassthroughIndices: map[string]indexedTarget{},
|
2022-07-13 16:14:57 +00:00
|
|
|
UpstreamPeerTrustBundles: watch.NewMap[PeerName, *pbpeering.PeeringTrustBundle](),
|
|
|
|
PeerUpstreamEndpoints: watch.NewMap[UpstreamID, structs.CheckServiceNodes](),
|
2022-06-10 21:11:40 +00:00
|
|
|
PeerUpstreamEndpointsUseHostnames: map[UpstreamID]struct{}{},
|
2019-08-05 18:30:35 +00:00
|
|
|
},
|
2022-01-20 16:12:04 +00:00
|
|
|
PreparedQueryEndpoints: map[UpstreamID]structs.CheckServiceNodes{},
|
2022-07-14 18:45:51 +00:00
|
|
|
DestinationsUpstream: watch.NewMap[UpstreamID, *structs.ServiceConfigEntry](),
|
|
|
|
DestinationGateways: watch.NewMap[UpstreamID, structs.CheckServiceNodes](),
|
2020-01-24 15:04:58 +00:00
|
|
|
WatchedServiceChecks: map[structs.ServiceID][]structs.CheckType{},
|
2022-07-01 15:15:49 +00:00
|
|
|
Intentions: TestIntentions(),
|
2020-08-27 17:20:58 +00:00
|
|
|
IntentionsSet: true,
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
|
|
|
Datacenter: "dc1",
|
2022-04-05 21:10:06 +00:00
|
|
|
Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")},
|
2019-07-12 19:16:21 +00:00
|
|
|
},
|
2019-07-02 03:10:51 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2019-07-12 19:16:21 +00:00
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
require.NotNil(t, tt.setup)
|
|
|
|
require.NotNil(t, tt.expectSnap)
|
|
|
|
|
|
|
|
// Setup initial values
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources := NewTestDataSources()
|
|
|
|
dataSources.LeafCertificate.Set(leafReq, leaf)
|
|
|
|
dataSources.CARoots.Set(rootsReq, roots)
|
|
|
|
dataSources.Intentions.Set(intentionReq, TestIntentions())
|
|
|
|
dataSources.ConfigEntry.Set(meshConfigReq, &structs.ConfigEntryResponse{Entry: nil})
|
|
|
|
tt.setup(t, dataSources)
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-10-14 09:26:42 +00:00
|
|
|
expectSnapCopy := tt.expectSnap.Clone()
|
|
|
|
webProxyCopy := webProxy.DeepCopy()
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
testManager_BasicLifecycle(t,
|
|
|
|
dataSources,
|
|
|
|
rootsReq, leafReq,
|
2020-06-23 17:18:22 +00:00
|
|
|
roots,
|
2022-10-14 09:26:42 +00:00
|
|
|
webProxyCopy,
|
2022-06-03 21:42:50 +00:00
|
|
|
expectSnapCopy,
|
2019-07-12 19:16:21 +00:00
|
|
|
)
|
2018-10-03 12:36:38 +00:00
|
|
|
})
|
2019-07-12 19:16:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type testcase_BasicLifecycle struct {
|
|
|
|
name string
|
2022-06-01 15:18:06 +00:00
|
|
|
setup func(t *testing.T, dataSources *TestDataSources)
|
2019-07-12 19:16:21 +00:00
|
|
|
webProxy *structs.NodeService
|
|
|
|
expectSnap *ConfigSnapshot
|
|
|
|
}
|
|
|
|
|
|
|
|
func testManager_BasicLifecycle(
|
|
|
|
t *testing.T,
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources *TestDataSources,
|
|
|
|
rootsReq *structs.DCSpecificRequest,
|
2023-06-13 15:54:45 +00:00
|
|
|
leafReq *leafcert.ConnectCALeafRequest,
|
2019-07-12 19:16:21 +00:00
|
|
|
roots *structs.IndexedCARoots,
|
|
|
|
webProxy *structs.NodeService,
|
|
|
|
expectSnap *ConfigSnapshot,
|
|
|
|
) {
|
2020-01-28 23:50:41 +00:00
|
|
|
logger := testutil.Logger(t)
|
2021-04-19 21:14:19 +00:00
|
|
|
source := &structs.QuerySource{Datacenter: "dc1"}
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Create manager
|
2020-11-10 23:57:35 +00:00
|
|
|
m, err := NewManager(ManagerConfig{
|
2022-06-01 15:18:06 +00:00
|
|
|
Source: source,
|
|
|
|
Logger: logger,
|
|
|
|
DataSources: dataSources.ToDataSources(),
|
2020-11-10 23:57:35 +00:00
|
|
|
})
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.NoError(t, err)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
webProxyID := ProxyID{
|
|
|
|
ServiceID: webProxy.CompoundServiceID(),
|
|
|
|
}
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// BEFORE we register, we should be able to get a watch channel
|
2022-05-27 11:38:52 +00:00
|
|
|
wCh, cancel := m.Watch(webProxyID)
|
2018-10-03 12:36:38 +00:00
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
// And it should block with nothing sent on it yet
|
|
|
|
assertWatchChanBlocks(t, wCh)
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, m.Register(webProxyID, webProxy, testSource, "my-token", false))
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// We should see the initial config delivered but not until after the
|
|
|
|
// coalesce timeout
|
|
|
|
start := time.Now()
|
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.True(t, time.Since(start) >= coalesceTimeout)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
assertLastReqArgs(t, dataSources, "my-token", source)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Update NodeConfig
|
|
|
|
webProxy.Port = 7777
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, m.Register(webProxyID, webProxy, testSource, "my-token", false))
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
expectSnap.Port = 7777
|
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
|
|
|
|
|
|
|
// Register a second watcher
|
2022-05-27 11:38:52 +00:00
|
|
|
wCh2, cancel2 := m.Watch(webProxyID)
|
2018-10-03 12:36:38 +00:00
|
|
|
defer cancel2()
|
|
|
|
|
|
|
|
// New watcher should immediately receive the current state
|
|
|
|
assertWatchChanRecvs(t, wCh2, expectSnap)
|
|
|
|
|
|
|
|
// Change token
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, m.Register(webProxyID, webProxy, testSource, "other-token", false))
|
2018-10-03 12:36:38 +00:00
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
|
|
|
assertWatchChanRecvs(t, wCh2, expectSnap)
|
|
|
|
|
|
|
|
// This is actually sort of timing dependent - the cache background fetcher
|
|
|
|
// will still be fetching with the old token, but we rely on the fact that our
|
|
|
|
// mock type will have been blocked on those for a while.
|
2022-06-01 15:18:06 +00:00
|
|
|
assertLastReqArgs(t, dataSources, "other-token", source)
|
2018-10-03 12:36:38 +00:00
|
|
|
// Update roots
|
|
|
|
newRoots, newLeaf := TestCerts(t)
|
|
|
|
newRoots.Roots = append(newRoots.Roots, roots.Roots...)
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.CARoots.Set(rootsReq, newRoots)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Expect new roots in snapshot
|
|
|
|
expectSnap.Roots = newRoots
|
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
|
|
|
assertWatchChanRecvs(t, wCh2, expectSnap)
|
|
|
|
|
|
|
|
// Update leaf
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources.LeafCertificate.Set(leafReq, newLeaf)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Expect new roots in snapshot
|
2019-07-01 23:47:58 +00:00
|
|
|
expectSnap.ConnectProxy.Leaf = newLeaf
|
2018-10-03 12:36:38 +00:00
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
|
|
|
assertWatchChanRecvs(t, wCh2, expectSnap)
|
|
|
|
|
|
|
|
// Remove the proxy
|
2022-05-27 11:38:52 +00:00
|
|
|
m.Deregister(webProxyID, testSource)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Chan should NOT close
|
|
|
|
assertWatchChanBlocks(t, wCh)
|
|
|
|
assertWatchChanBlocks(t, wCh2)
|
|
|
|
|
|
|
|
// Re-add the proxy with another new port
|
|
|
|
webProxy.Port = 3333
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, m.Register(webProxyID, webProxy, testSource, "other-token", false))
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Same watch chan should be notified again
|
|
|
|
expectSnap.Port = 3333
|
|
|
|
assertWatchChanRecvs(t, wCh, expectSnap)
|
|
|
|
assertWatchChanRecvs(t, wCh2, expectSnap)
|
|
|
|
|
|
|
|
// Cancel watch
|
|
|
|
cancel()
|
|
|
|
|
|
|
|
// Watch chan should be closed
|
|
|
|
assertWatchChanRecvs(t, wCh, nil)
|
|
|
|
|
|
|
|
// We specifically don't remove the proxy or cancel the second watcher to
|
|
|
|
// ensure both are cleaned up by close.
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.NoError(t, m.Close())
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Sanity check the state is clean
|
|
|
|
m.mu.Lock()
|
|
|
|
defer m.mu.Unlock()
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.Len(t, m.proxies, 0)
|
|
|
|
require.Len(t, m.watchers, 0)
|
2018-10-03 12:36:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func assertWatchChanBlocks(t *testing.T, ch <-chan *ConfigSnapshot) {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-ch:
|
|
|
|
t.Fatal("Should be nothing sent on watch chan yet")
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func assertWatchChanRecvs(t *testing.T, ch <-chan *ConfigSnapshot, expect *ConfigSnapshot) {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case got, ok := <-ch:
|
|
|
|
require.Equal(t, expect, got)
|
|
|
|
if expect == nil {
|
|
|
|
require.False(t, ok, "watch chan should be closed")
|
|
|
|
}
|
2019-07-01 23:02:00 +00:00
|
|
|
case <-time.After(100*time.Millisecond + coalesceTimeout):
|
2018-10-03 12:36:38 +00:00
|
|
|
t.Fatal("recv timeout")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestManager_deliverLatest(t *testing.T) {
|
|
|
|
// None of these need to do anything to test this method just be valid
|
2020-01-28 23:50:41 +00:00
|
|
|
logger := testutil.Logger(t)
|
2018-10-03 12:36:38 +00:00
|
|
|
cfg := ManagerConfig{
|
|
|
|
Source: &structs.QuerySource{
|
|
|
|
Node: "node1",
|
|
|
|
Datacenter: "dc1",
|
|
|
|
},
|
|
|
|
Logger: logger,
|
|
|
|
}
|
|
|
|
|
|
|
|
m, err := NewManager(cfg)
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.NoError(t, err)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
snap1 := &ConfigSnapshot{
|
2022-05-27 11:38:52 +00:00
|
|
|
ProxyID: ProxyID{ServiceID: structs.NewServiceID("test-proxy", nil)},
|
2018-10-03 12:36:38 +00:00
|
|
|
Port: 1111,
|
|
|
|
}
|
|
|
|
snap2 := &ConfigSnapshot{
|
2022-05-27 11:38:52 +00:00
|
|
|
ProxyID: ProxyID{ServiceID: structs.NewServiceID("test-proxy", nil)},
|
2018-10-03 12:36:38 +00:00
|
|
|
Port: 2222,
|
|
|
|
}
|
|
|
|
|
|
|
|
// test 1 buffered chan
|
|
|
|
ch1 := make(chan *ConfigSnapshot, 1)
|
|
|
|
|
|
|
|
// Sending to an unblocked chan should work
|
|
|
|
m.deliverLatest(snap1, ch1)
|
|
|
|
|
|
|
|
// Check it was delivered
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.Equal(t, snap1, <-ch1)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Now send both without reading simulating a slow client
|
|
|
|
m.deliverLatest(snap1, ch1)
|
|
|
|
m.deliverLatest(snap2, ch1)
|
|
|
|
|
|
|
|
// Check we got the _second_ one
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.Equal(t, snap2, <-ch1)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Same again for 5-buffered chan
|
|
|
|
ch5 := make(chan *ConfigSnapshot, 5)
|
|
|
|
|
|
|
|
// Sending to an unblocked chan should work
|
|
|
|
m.deliverLatest(snap1, ch5)
|
|
|
|
|
|
|
|
// Check it was delivered
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.Equal(t, snap1, <-ch5)
|
2018-10-03 12:36:38 +00:00
|
|
|
|
|
|
|
// Now send enough to fill the chan simulating a slow client
|
|
|
|
for i := 0; i < 5; i++ {
|
|
|
|
m.deliverLatest(snap1, ch5)
|
|
|
|
}
|
|
|
|
m.deliverLatest(snap2, ch5)
|
|
|
|
|
|
|
|
// Check we got the _second_ one
|
bulk rewrite using this script
set -euo pipefail
unset CDPATH
cd "$(dirname "$0")"
for f in $(git grep '\brequire := require\.New(' | cut -d':' -f1 | sort -u); do
echo "=== require: $f ==="
sed -i '/require := require.New(t)/d' $f
# require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\([^tr]\)/require.\1(t,\2/g' $f
# require.XXX(tblah) but not require.XXX(t, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/require.\1(t,\2/g' $f
# require.XXX(rblah) but not require.XXX(r, blah)
sed -i 's/\brequire\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/require.\1(t,\2/g' $f
gofmt -s -w $f
done
for f in $(git grep '\bassert := assert\.New(' | cut -d':' -f1 | sort -u); do
echo "=== assert: $f ==="
sed -i '/assert := assert.New(t)/d' $f
# assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\([^tr]\)/assert.\1(t,\2/g' $f
# assert.XXX(tblah) but not assert.XXX(t, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(t[^,]\)/assert.\1(t,\2/g' $f
# assert.XXX(rblah) but not assert.XXX(r, blah)
sed -i 's/\bassert\.\([a-zA-Z0-9_]*\)(\(r[^,]\)/assert.\1(t,\2/g' $f
gofmt -s -w $f
done
2022-01-20 16:46:23 +00:00
|
|
|
require.Equal(t, snap2, <-ch5)
|
2018-10-03 12:36:38 +00:00
|
|
|
}
|
2019-07-12 19:16:21 +00:00
|
|
|
|
2022-01-05 17:17:47 +00:00
|
|
|
func TestManager_SyncState_No_Notify(t *testing.T) {
|
2022-06-01 15:18:06 +00:00
|
|
|
dataSources := NewTestDataSources()
|
2022-01-05 17:17:47 +00:00
|
|
|
logger := testutil.Logger(t)
|
|
|
|
|
|
|
|
m, err := NewManager(ManagerConfig{
|
2022-06-01 15:18:06 +00:00
|
|
|
Source: &structs.QuerySource{Datacenter: "dc1"},
|
|
|
|
Logger: logger,
|
|
|
|
DataSources: dataSources.ToDataSources(),
|
2022-01-05 17:17:47 +00:00
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
defer m.Close()
|
|
|
|
|
|
|
|
srv := &structs.NodeService{
|
|
|
|
Kind: structs.ServiceKindConnectProxy,
|
|
|
|
ID: "web-sidecar-proxy",
|
|
|
|
Service: "web-sidecar-proxy",
|
|
|
|
Port: 9999,
|
|
|
|
Meta: map[string]string{},
|
|
|
|
Proxy: structs.ConnectProxyConfig{
|
|
|
|
DestinationServiceID: "web",
|
|
|
|
DestinationServiceName: "web",
|
|
|
|
LocalServiceAddress: "127.0.0.1",
|
|
|
|
LocalServicePort: 8080,
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"foo": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
proxyID := ProxyID{
|
|
|
|
ServiceID: srv.CompoundServiceID(),
|
|
|
|
}
|
2022-01-05 17:17:47 +00:00
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
require.NoError(t, m.Register(proxyID, srv, testSource, "", false))
|
2022-01-05 17:17:47 +00:00
|
|
|
|
2022-05-27 11:38:52 +00:00
|
|
|
watchCh, cancelWatch := m.Watch(proxyID)
|
|
|
|
t.Cleanup(cancelWatch)
|
2022-01-05 17:17:47 +00:00
|
|
|
|
|
|
|
// Get the relevant notification Channel, should only have 1
|
2022-05-27 11:38:52 +00:00
|
|
|
notifyCH := m.proxies[proxyID].ch
|
2022-01-05 17:17:47 +00:00
|
|
|
|
|
|
|
// update the leaf certs
|
|
|
|
roots, issuedCert := TestCerts(t)
|
2022-05-20 14:47:40 +00:00
|
|
|
notifyCH <- UpdateEvent{
|
2022-01-05 17:17:47 +00:00
|
|
|
CorrelationID: leafWatchID,
|
|
|
|
Result: issuedCert,
|
|
|
|
Err: nil,
|
|
|
|
}
|
|
|
|
// at this point the snapshot should not be valid and not be sent
|
|
|
|
after := time.After(200 * time.Millisecond)
|
|
|
|
select {
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-watchCh:
|
2022-01-05 17:17:47 +00:00
|
|
|
t.Fatal("snap should not be valid")
|
|
|
|
case <-after:
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the root certs
|
2022-05-20 14:47:40 +00:00
|
|
|
notifyCH <- UpdateEvent{
|
2022-01-05 17:17:47 +00:00
|
|
|
CorrelationID: rootsWatchID,
|
|
|
|
Result: roots,
|
|
|
|
Err: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
// at this point the snapshot should not be valid and not be sent
|
|
|
|
after = time.After(200 * time.Millisecond)
|
|
|
|
select {
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-watchCh:
|
2022-01-05 17:17:47 +00:00
|
|
|
t.Fatal("snap should not be valid")
|
|
|
|
case <-after:
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2022-03-30 18:43:59 +00:00
|
|
|
// update the mesh config entry
|
2022-05-20 14:47:40 +00:00
|
|
|
notifyCH <- UpdateEvent{
|
2022-03-30 18:43:59 +00:00
|
|
|
CorrelationID: meshConfigEntryID,
|
|
|
|
Result: &structs.ConfigEntryResponse{},
|
|
|
|
Err: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
// at this point the snapshot should not be valid and not be sent
|
|
|
|
after = time.After(200 * time.Millisecond)
|
|
|
|
select {
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-watchCh:
|
2022-03-30 18:43:59 +00:00
|
|
|
t.Fatal("snap should not be valid")
|
|
|
|
case <-after:
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2022-01-05 17:17:47 +00:00
|
|
|
// update the intentions
|
2022-05-20 14:47:40 +00:00
|
|
|
notifyCH <- UpdateEvent{
|
2022-01-05 17:17:47 +00:00
|
|
|
CorrelationID: intentionsWatchID,
|
2023-04-20 16:16:04 +00:00
|
|
|
Result: structs.SimplifiedIntentions{},
|
2022-01-05 17:17:47 +00:00
|
|
|
Err: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
// at this point we have a valid snapshot
|
|
|
|
after = time.After(500 * time.Millisecond)
|
|
|
|
select {
|
2022-05-27 11:38:52 +00:00
|
|
|
case <-watchCh:
|
2022-01-05 17:17:47 +00:00
|
|
|
case <-after:
|
|
|
|
t.Fatal("snap should be valid")
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|