mirror of https://github.com/hashicorp/consul
mesh: add validation for the new pbmesh resources (#18410)
Adds validation for HTTPRoute, GRPCRoute, TCPRoute, DestinationPolicy, and ComputedRoutes.pull/18448/head
parent
570c84d032
commit
55723c541e
|
@ -4,6 +4,8 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
|
@ -27,6 +29,49 @@ func RegisterComputedRoutes(r resource.Registry) {
|
|||
r.Register(resource.Registration{
|
||||
Type: ComputedRoutesV1Alpha1Type,
|
||||
Proto: &pbmesh.ComputedRoutes{},
|
||||
Validate: nil,
|
||||
Validate: ValidateComputedRoutes,
|
||||
})
|
||||
}
|
||||
|
||||
func ValidateComputedRoutes(res *pbresource.Resource) error {
|
||||
var config pbmesh.ComputedRoutes
|
||||
|
||||
if err := res.Data.UnmarshalTo(&config); err != nil {
|
||||
return resource.NewErrDataParse(&config, err)
|
||||
}
|
||||
|
||||
var merr error
|
||||
|
||||
if len(config.PortedConfigs) == 0 {
|
||||
merr = multierror.Append(merr, resource.ErrInvalidField{
|
||||
Name: "ported_configs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
})
|
||||
}
|
||||
|
||||
// TODO(rb): do more elaborate validation
|
||||
|
||||
for port, pmc := range config.PortedConfigs {
|
||||
wrapErr := func(err error) error {
|
||||
return resource.ErrInvalidMapValue{
|
||||
Map: "ported_configs",
|
||||
Key: port,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
if pmc.Config == nil {
|
||||
merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
|
||||
Name: "config",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
}))
|
||||
}
|
||||
if len(pmc.Targets) == 0 {
|
||||
merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
|
||||
Name: "targets",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
|
|
@ -0,0 +1,92 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource/resourcetest"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto/private/prototest"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
)
|
||||
|
||||
func TestValidateComputedRoutes(t *testing.T) {
|
||||
type testcase struct {
|
||||
routes *pbmesh.ComputedRoutes
|
||||
expectErr string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(ComputedRoutesType, "api").
|
||||
WithData(t, tc.routes).
|
||||
Build()
|
||||
|
||||
err := ValidateComputedRoutes(res)
|
||||
|
||||
// Verify that validate didn't actually change the object.
|
||||
got := resourcetest.MustDecode[*pbmesh.ComputedRoutes](t, res)
|
||||
prototest.AssertDeepEqual(t, tc.routes, got.Data)
|
||||
|
||||
if tc.expectErr == "" {
|
||||
require.NoError(t, err)
|
||||
} else {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
"empty": {
|
||||
routes: &pbmesh.ComputedRoutes{},
|
||||
expectErr: `invalid "ported_configs" field: cannot be empty`,
|
||||
},
|
||||
"empty config": {
|
||||
routes: &pbmesh.ComputedRoutes{
|
||||
PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
|
||||
"http": {
|
||||
Config: nil,
|
||||
Targets: map[string]*pbmesh.BackendTargetDetails{
|
||||
"foo": {},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within ported_configs: invalid "config" field: cannot be empty`,
|
||||
},
|
||||
"empty targets": {
|
||||
routes: &pbmesh.ComputedRoutes{
|
||||
PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
|
||||
"http": {
|
||||
Config: &pbmesh.ComputedPortRoutes_Tcp{
|
||||
Tcp: &pbmesh.InterpretedTCPRoute{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within ported_configs: invalid "targets" field: cannot be empty`,
|
||||
},
|
||||
"valid": {
|
||||
routes: &pbmesh.ComputedRoutes{
|
||||
PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
|
||||
"http": {
|
||||
Config: &pbmesh.ComputedPortRoutes_Tcp{
|
||||
Tcp: &pbmesh.InterpretedTCPRoute{},
|
||||
},
|
||||
Targets: map[string]*pbmesh.BackendTargetDetails{
|
||||
"foo": {},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -4,6 +4,11 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
|
@ -27,6 +32,195 @@ func RegisterDestinationPolicy(r resource.Registry) {
|
|||
r.Register(resource.Registration{
|
||||
Type: DestinationPolicyV1Alpha1Type,
|
||||
Proto: &pbmesh.DestinationPolicy{},
|
||||
Validate: nil,
|
||||
Validate: ValidateDestinationPolicy,
|
||||
})
|
||||
}
|
||||
|
||||
func ValidateDestinationPolicy(res *pbresource.Resource) error {
|
||||
var policy pbmesh.DestinationPolicy
|
||||
|
||||
if err := res.Data.UnmarshalTo(&policy); err != nil {
|
||||
return resource.NewErrDataParse(&policy, err)
|
||||
}
|
||||
|
||||
var merr error
|
||||
|
||||
if len(policy.PortConfigs) == 0 {
|
||||
merr = multierror.Append(merr, resource.ErrInvalidField{
|
||||
Name: "port_configs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
})
|
||||
}
|
||||
|
||||
for port, pc := range policy.PortConfigs {
|
||||
wrapErr := func(err error) error {
|
||||
return resource.ErrInvalidMapValue{
|
||||
Map: "port_configs",
|
||||
Key: port,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
|
||||
if dur := pc.ConnectTimeout.AsDuration(); dur < 0 {
|
||||
merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
|
||||
Name: "connect_timeout",
|
||||
Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
|
||||
}))
|
||||
}
|
||||
if dur := pc.RequestTimeout.AsDuration(); dur < 0 {
|
||||
merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
|
||||
Name: "request_timeout",
|
||||
Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
|
||||
}))
|
||||
}
|
||||
|
||||
if pc.LoadBalancer != nil {
|
||||
lb := pc.LoadBalancer
|
||||
wrapLBErr := func(err error) error {
|
||||
return wrapErr(resource.ErrInvalidField{
|
||||
Name: "load_balancer",
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
switch lb.Policy {
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED:
|
||||
// means just do the default
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM:
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_ROUND_ROBIN:
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST:
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV:
|
||||
case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
|
||||
Name: "policy",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", lb.Policy),
|
||||
}))
|
||||
}
|
||||
|
||||
if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH && lb.Config != nil {
|
||||
if _, ok := lb.Config.(*pbmesh.LoadBalancer_RingHashConfig); ok {
|
||||
merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
|
||||
Name: "config",
|
||||
Wrapped: fmt.Errorf("ring_hash_config specified for incompatible load balancing policy %q", lb.Policy),
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST && lb.Config != nil {
|
||||
if _, ok := lb.Config.(*pbmesh.LoadBalancer_LeastRequestConfig); ok {
|
||||
merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
|
||||
Name: "config",
|
||||
Wrapped: fmt.Errorf("least_request_config specified for incompatible load balancing policy %q", lb.Policy),
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
if !lb.Policy.IsHashBased() && len(lb.HashPolicies) > 0 {
|
||||
merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
|
||||
Name: "hash_policies",
|
||||
Wrapped: fmt.Errorf("hash_policies specified for non-hash-based policy %q", lb.Policy),
|
||||
}))
|
||||
}
|
||||
|
||||
LOOP:
|
||||
for i, hp := range lb.HashPolicies {
|
||||
wrapHPErr := func(err error) error {
|
||||
return wrapLBErr(resource.ErrInvalidListElement{
|
||||
Name: "hash_policies",
|
||||
Index: i,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
var hasField bool
|
||||
switch hp.Field {
|
||||
case pbmesh.HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED:
|
||||
case pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
|
||||
pbmesh.HashPolicyField_HASH_POLICY_FIELD_QUERY_PARAMETER:
|
||||
hasField = true
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", hp.Field),
|
||||
}))
|
||||
continue LOOP // no need to keep validating
|
||||
}
|
||||
|
||||
if hp.SourceIp {
|
||||
if hasField {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field",
|
||||
Wrapped: fmt.Errorf("a single hash policy cannot hash both a source address and a %q", hp.Field),
|
||||
}))
|
||||
}
|
||||
if hp.FieldValue != "" {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field_value",
|
||||
Wrapped: errors.New("cannot be specified when hashing source_ip"),
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
if hasField && hp.FieldValue == "" {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field_value",
|
||||
Wrapped: fmt.Errorf("field %q was specified without a field_value", hp.Field),
|
||||
}))
|
||||
}
|
||||
if hp.FieldValue != "" && !hasField {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field",
|
||||
Wrapped: resource.ErrMissing,
|
||||
}))
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "field_value",
|
||||
Wrapped: errors.New("requires a field to apply to"),
|
||||
}))
|
||||
}
|
||||
if hp.CookieConfig != nil {
|
||||
if hp.Field != pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "cookie_config",
|
||||
Wrapped: fmt.Errorf("incompatible with field %q", hp.Field),
|
||||
}))
|
||||
}
|
||||
if hp.CookieConfig.Session && hp.CookieConfig.Ttl.AsDuration() != 0 {
|
||||
merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
|
||||
Name: "cookie_config",
|
||||
Wrapped: resource.ErrInvalidField{
|
||||
Name: "ttl",
|
||||
Wrapped: fmt.Errorf("a session cookie cannot have an associated TTL"),
|
||||
},
|
||||
}))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if pc.LocalityPrioritization != nil {
|
||||
lp := pc.LocalityPrioritization
|
||||
wrapLPErr := func(err error) error {
|
||||
return wrapErr(resource.ErrInvalidField{
|
||||
Name: "locality_prioritization",
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
switch lp.Mode {
|
||||
case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED:
|
||||
// means pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE
|
||||
case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE:
|
||||
case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER:
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapLPErr(resource.ErrInvalidField{
|
||||
Name: "mode",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", lp.Mode),
|
||||
}))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
|
|
@ -0,0 +1,510 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/protobuf/types/known/durationpb"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource/resourcetest"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto/private/prototest"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
)
|
||||
|
||||
func TestValidateDestinationPolicy(t *testing.T) {
|
||||
type testcase struct {
|
||||
policy *pbmesh.DestinationPolicy
|
||||
expectErr string
|
||||
expectErrs []string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(DestinationPolicyType, "api").
|
||||
WithData(t, tc.policy).
|
||||
Build()
|
||||
|
||||
err := ValidateDestinationPolicy(res)
|
||||
|
||||
// Verify that validate didn't actually change the object.
|
||||
got := resourcetest.MustDecode[*pbmesh.DestinationPolicy](t, res)
|
||||
prototest.AssertDeepEqual(t, tc.policy, got.Data)
|
||||
|
||||
if tc.expectErr != "" && len(tc.expectErrs) > 0 {
|
||||
t.Fatalf("cannot test singular and list errors at the same time")
|
||||
}
|
||||
|
||||
if tc.expectErr == "" && len(tc.expectErrs) == 0 {
|
||||
require.NoError(t, err)
|
||||
} else if tc.expectErr != "" {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
} else {
|
||||
for _, expectErr := range tc.expectErrs {
|
||||
testutil.RequireErrorContains(t, err, expectErr)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
// emptiness
|
||||
"empty": {
|
||||
policy: &pbmesh.DestinationPolicy{},
|
||||
expectErr: `invalid "port_configs" field: cannot be empty`,
|
||||
},
|
||||
"good connect timeout": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"bad connect timeout": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(-55 * time.Second),
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "connect_timeout" field: '-55s', must be >= 0`,
|
||||
},
|
||||
"good request timeout": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
RequestTimeout: durationpb.New(55 * time.Second),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"bad request timeout": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
RequestTimeout: durationpb.New(-55 * time.Second),
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "request_timeout" field: '-55s', must be >= 0`,
|
||||
},
|
||||
// load balancer
|
||||
"lbpolicy: missing enum": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbpolicy: bad enum": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: 99,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "policy" field: not a supported enum value: 99`,
|
||||
},
|
||||
"lbpolicy: supported": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbpolicy: bad for least request config": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
|
||||
Config: &pbmesh.LoadBalancer_LeastRequestConfig{
|
||||
LeastRequestConfig: &pbmesh.LeastRequestConfig{
|
||||
ChoiceCount: 10,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: least_request_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_RING_HASH"`,
|
||||
},
|
||||
"lbpolicy: bad for ring hash config": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
|
||||
Config: &pbmesh.LoadBalancer_RingHashConfig{
|
||||
RingHashConfig: &pbmesh.RingHashConfig{
|
||||
MinimumRingSize: 1024,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: ring_hash_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_LEAST_REQUEST"`,
|
||||
},
|
||||
"lbpolicy: good for least request config": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
|
||||
Config: &pbmesh.LoadBalancer_LeastRequestConfig{
|
||||
LeastRequestConfig: &pbmesh.LeastRequestConfig{
|
||||
ChoiceCount: 10,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbpolicy: good for ring hash config": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
|
||||
Config: &pbmesh.LoadBalancer_RingHashConfig{
|
||||
RingHashConfig: &pbmesh.RingHashConfig{
|
||||
MinimumRingSize: 1024,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbpolicy: empty policy with hash policy": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{SourceIp: true},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "hash_policies" field: hash_policies specified for non-hash-based policy "LOAD_BALANCER_POLICY_UNSPECIFIED"`,
|
||||
},
|
||||
"lbconfig: cookie config with header policy": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
FieldValue: "x-user-id",
|
||||
CookieConfig: &pbmesh.CookieConfig{
|
||||
Ttl: durationpb.New(10 * time.Second),
|
||||
Path: "/root",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: incompatible with field "HASH_POLICY_FIELD_HEADER"`,
|
||||
},
|
||||
"lbconfig: cannot generate session cookie with ttl": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
|
||||
FieldValue: "good-cookie",
|
||||
CookieConfig: &pbmesh.CookieConfig{
|
||||
Session: true,
|
||||
Ttl: durationpb.New(10 * time.Second),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: invalid "ttl" field: a session cookie cannot have an associated TTL`,
|
||||
},
|
||||
"lbconfig: valid cookie policy": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
|
||||
FieldValue: "good-cookie",
|
||||
CookieConfig: &pbmesh.CookieConfig{
|
||||
Ttl: durationpb.New(10 * time.Second),
|
||||
Path: "/oven",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbconfig: bad match field": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: 99,
|
||||
FieldValue: "X-Consul-Token",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: not a supported enum value: 99`,
|
||||
},
|
||||
"lbconfig: supported match field": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
FieldValue: "X-Consul-Token",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbconfig: missing match field": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
FieldValue: "X-Consul-Token",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErrs: []string{
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: missing required field`,
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
|
||||
},
|
||||
},
|
||||
"lbconfig: cannot match on source address and custom field": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
SourceIp: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErrs: []string{
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: a single hash policy cannot hash both a source address and a "HASH_POLICY_FIELD_HEADER"`,
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
|
||||
},
|
||||
},
|
||||
"lbconfig: matchvalue not compatible with source address": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
FieldValue: "X-Consul-Token",
|
||||
SourceIp: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErrs: []string{
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: cannot be specified when hashing source_ip`,
|
||||
`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
|
||||
},
|
||||
},
|
||||
"lbconfig: field without match value": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
|
||||
},
|
||||
"lbconfig: matchvalue without field": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
FieldValue: "my-cookie",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
|
||||
},
|
||||
"lbconfig: ring hash kitchen sink": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
|
||||
Config: &pbmesh.LoadBalancer_RingHashConfig{
|
||||
RingHashConfig: &pbmesh.RingHashConfig{
|
||||
MaximumRingSize: 10,
|
||||
MinimumRingSize: 2,
|
||||
},
|
||||
},
|
||||
HashPolicies: []*pbmesh.HashPolicy{
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
|
||||
FieldValue: "my-cookie",
|
||||
},
|
||||
{
|
||||
Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
|
||||
FieldValue: "alt-header",
|
||||
Terminal: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"lbconfig: least request kitchen sink": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
ConnectTimeout: durationpb.New(55 * time.Second),
|
||||
LoadBalancer: &pbmesh.LoadBalancer{
|
||||
Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
|
||||
Config: &pbmesh.LoadBalancer_LeastRequestConfig{
|
||||
LeastRequestConfig: &pbmesh.LeastRequestConfig{
|
||||
ChoiceCount: 10,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"locality: good mode": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
LocalityPrioritization: &pbmesh.LocalityPrioritization{
|
||||
Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"locality: unset mode": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
LocalityPrioritization: &pbmesh.LocalityPrioritization{
|
||||
Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"locality: bad mode": {
|
||||
policy: &pbmesh.DestinationPolicy{
|
||||
PortConfigs: map[string]*pbmesh.DestinationConfig{
|
||||
"http": {
|
||||
LocalityPrioritization: &pbmesh.LocalityPrioritization{
|
||||
Mode: 99,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectErr: `invalid value of key "http" within port_configs: invalid "locality_prioritization" field: invalid "mode" field: not a supported enum value: 99`,
|
||||
},
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -4,6 +4,11 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
|
@ -25,8 +30,208 @@ var (
|
|||
|
||||
func RegisterGRPCRoute(r resource.Registry) {
|
||||
r.Register(resource.Registration{
|
||||
Type: GRPCRouteV1Alpha1Type,
|
||||
Proto: &pbmesh.GRPCRoute{},
|
||||
Validate: nil,
|
||||
Type: GRPCRouteV1Alpha1Type,
|
||||
Proto: &pbmesh.GRPCRoute{},
|
||||
// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
|
||||
Validate: ValidateGRPCRoute,
|
||||
})
|
||||
}
|
||||
|
||||
func ValidateGRPCRoute(res *pbresource.Resource) error {
|
||||
var route pbmesh.GRPCRoute
|
||||
|
||||
if err := res.Data.UnmarshalTo(&route); err != nil {
|
||||
return resource.NewErrDataParse(&route, err)
|
||||
}
|
||||
|
||||
var merr error
|
||||
if err := validateParentRefs(route.ParentRefs); err != nil {
|
||||
merr = multierror.Append(merr, err)
|
||||
}
|
||||
|
||||
if len(route.Hostnames) > 0 {
|
||||
merr = multierror.Append(merr, resource.ErrInvalidField{
|
||||
Name: "hostnames",
|
||||
Wrapped: errors.New("should not populate hostnames"),
|
||||
})
|
||||
}
|
||||
|
||||
for i, rule := range route.Rules {
|
||||
wrapRuleErr := func(err error) error {
|
||||
return resource.ErrInvalidListElement{
|
||||
Name: "rules",
|
||||
Index: i,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
|
||||
for j, match := range rule.Matches {
|
||||
wrapMatchErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "matches",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
if match.Method != nil {
|
||||
switch match.Method.Type {
|
||||
case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED:
|
||||
merr = multierror.Append(merr, wrapMatchErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: resource.ErrMissing,
|
||||
},
|
||||
))
|
||||
case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT:
|
||||
case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_REGEX:
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapMatchErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", match.Method.Type),
|
||||
},
|
||||
))
|
||||
}
|
||||
if match.Method.Service == "" && match.Method.Method == "" {
|
||||
merr = multierror.Append(merr, wrapMatchErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "service",
|
||||
Wrapped: errors.New("at least one of \"service\" or \"method\" must be set"),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
for k, header := range match.Headers {
|
||||
wrapMatchHeaderErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "headers",
|
||||
Index: k,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
if err := validateHeaderMatchType(header.Type); err != nil {
|
||||
merr = multierror.Append(merr, wrapMatchHeaderErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: err,
|
||||
}),
|
||||
)
|
||||
}
|
||||
|
||||
if header.Name == "" {
|
||||
merr = multierror.Append(merr, wrapMatchHeaderErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "name",
|
||||
Wrapped: resource.ErrMissing,
|
||||
}),
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for j, filter := range rule.Filters {
|
||||
wrapFilterErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "filters",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
set := 0
|
||||
if filter.RequestHeaderModifier != nil {
|
||||
set++
|
||||
}
|
||||
if filter.ResponseHeaderModifier != nil {
|
||||
set++
|
||||
}
|
||||
if filter.UrlRewrite != nil {
|
||||
set++
|
||||
if filter.UrlRewrite.PathPrefix == "" {
|
||||
merr = multierror.Append(merr, wrapFilterErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "url_rewrite",
|
||||
Wrapped: resource.ErrInvalidField{
|
||||
Name: "path_prefix",
|
||||
Wrapped: errors.New("field should not be empty if enclosing section is set"),
|
||||
},
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
if set != 1 {
|
||||
merr = multierror.Append(merr, wrapFilterErr(
|
||||
errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
if len(rule.BackendRefs) == 0 {
|
||||
/*
|
||||
BackendRefs (optional)¶
|
||||
|
||||
BackendRefs defines API objects where matching requests should be
|
||||
sent. If unspecified, the rule performs no forwarding. If
|
||||
unspecified and no filters are specified that would result in a
|
||||
response being sent, a 404 error code is returned.
|
||||
*/
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_refs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
},
|
||||
))
|
||||
}
|
||||
for j, hbref := range rule.BackendRefs {
|
||||
wrapBackendRefErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "backend_refs",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
for _, err := range validateBackendRef(hbref.BackendRef) {
|
||||
merr = multierror.Append(merr, wrapBackendRefErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_ref",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
|
||||
if len(hbref.Filters) > 0 {
|
||||
merr = multierror.Append(merr, wrapBackendRefErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "filters",
|
||||
Wrapped: errors.New("filters are not supported at this level yet"),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
if rule.Timeouts != nil {
|
||||
for _, err := range validateHTTPTimeouts(rule.Timeouts) {
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "timeouts",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
if rule.Retries != nil {
|
||||
for _, err := range validateHTTPRetries(rule.Retries) {
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "retries",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
|
|
@ -0,0 +1,523 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/internal/catalog"
|
||||
"github.com/hashicorp/consul/internal/resource/resourcetest"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto/private/prototest"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
)
|
||||
|
||||
func TestValidateGRPCRoute(t *testing.T) {
|
||||
type testcase struct {
|
||||
route *pbmesh.GRPCRoute
|
||||
expectErr string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(GRPCRouteType, "api").
|
||||
WithData(t, tc.route).
|
||||
Build()
|
||||
|
||||
err := ValidateGRPCRoute(res)
|
||||
|
||||
// Verify that validate didn't actually change the object.
|
||||
got := resourcetest.MustDecode[*pbmesh.GRPCRoute](t, res)
|
||||
prototest.AssertDeepEqual(t, tc.route, got.Data)
|
||||
|
||||
if tc.expectErr == "" {
|
||||
require.NoError(t, err)
|
||||
} else {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
"hostnames not supported for services": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Hostnames: []string{"foo.local"},
|
||||
},
|
||||
expectErr: `invalid "hostnames" field: should not populate hostnames`,
|
||||
},
|
||||
"no rules": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
},
|
||||
},
|
||||
"rules with no matches": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"rules with matches that are empty": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
// none
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"method match with no type is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Service: "foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: missing required field`,
|
||||
},
|
||||
"method match with unknown type is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Type: 99,
|
||||
Service: "foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: not a supported enum value: 99`,
|
||||
},
|
||||
"method match with no service nor method is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "service" field: at least one of "service" or "method" must be set`,
|
||||
},
|
||||
"method match is good (1)": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
|
||||
Service: "foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"method match is good (2)": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
|
||||
Method: "bar",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"method match is good (3)": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Method: &pbmesh.GRPCMethodMatch{
|
||||
Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
|
||||
Service: "foo",
|
||||
Method: "bar",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"header match with no type is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Headers: []*pbmesh.GRPCHeaderMatch{{
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
|
||||
},
|
||||
"header match with unknown type is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Headers: []*pbmesh.GRPCHeaderMatch{{
|
||||
Type: 99,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
|
||||
},
|
||||
"header match with no name is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Headers: []*pbmesh.GRPCHeaderMatch{{
|
||||
Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
|
||||
},
|
||||
"header match is good": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Matches: []*pbmesh.GRPCRouteMatch{{
|
||||
Headers: []*pbmesh.GRPCHeaderMatch{{
|
||||
Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter empty is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
// none
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req header mod is ok": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter resp header mod is ok": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter rewrite header mod missing path prefix": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
|
||||
},
|
||||
"filter rewrite header mod is ok": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter req+resp header mod is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req+rewrite header mod is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter resp+rewrite header mod is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req+resp+rewrite header mod is bad": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"backend ref with filters is unsupported": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
Filters: []*pbmesh.GRPCRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
|
||||
},
|
||||
"nil backend ref": {
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{nil},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
|
||||
},
|
||||
}
|
||||
|
||||
// Add common timeouts test cases.
|
||||
for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
|
||||
cases["timeouts: "+name] = testcase{
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Timeouts: timeoutsTC.timeouts,
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: timeoutsTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
// Add common retries test cases.
|
||||
for name, retriesTC := range getXRouteRetriesTestCases() {
|
||||
cases["retries: "+name] = testcase{
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{{
|
||||
Retries: retriesTC.retries,
|
||||
BackendRefs: []*pbmesh.GRPCBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: retriesTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
// Add common parent refs test cases.
|
||||
for name, parentTC := range getXRouteParentRefTestCases() {
|
||||
cases["parent-ref: "+name] = testcase{
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: parentTC.refs,
|
||||
},
|
||||
expectErr: parentTC.expectErr,
|
||||
}
|
||||
}
|
||||
// add common backend ref test cases.
|
||||
for name, backendTC := range getXRouteBackendRefTestCases() {
|
||||
var refs []*pbmesh.GRPCBackendRef
|
||||
for _, br := range backendTC.refs {
|
||||
refs = append(refs, &pbmesh.GRPCBackendRef{
|
||||
BackendRef: br,
|
||||
})
|
||||
}
|
||||
cases["backend-ref: "+name] = testcase{
|
||||
route: &pbmesh.GRPCRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.GRPCRouteRule{
|
||||
{BackendRefs: refs},
|
||||
},
|
||||
},
|
||||
expectErr: backendTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -4,6 +4,13 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
|
@ -27,6 +34,316 @@ func RegisterHTTPRoute(r resource.Registry) {
|
|||
r.Register(resource.Registration{
|
||||
Type: HTTPRouteV1Alpha1Type,
|
||||
Proto: &pbmesh.HTTPRoute{},
|
||||
Validate: nil,
|
||||
Mutate: MutateHTTPRoute,
|
||||
Validate: ValidateHTTPRoute,
|
||||
})
|
||||
}
|
||||
|
||||
func MutateHTTPRoute(res *pbresource.Resource) error {
|
||||
var route pbmesh.HTTPRoute
|
||||
|
||||
if err := res.Data.UnmarshalTo(&route); err != nil {
|
||||
return resource.NewErrDataParse(&route, err)
|
||||
}
|
||||
|
||||
changed := false
|
||||
|
||||
for _, rule := range route.Rules {
|
||||
for _, match := range rule.Matches {
|
||||
if match.Method != "" {
|
||||
norm := strings.ToUpper(match.Method)
|
||||
if match.Method != norm {
|
||||
match.Method = norm
|
||||
changed = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO(rb): normalize parent/backend ref tenancies
|
||||
|
||||
if !changed {
|
||||
return nil
|
||||
}
|
||||
|
||||
return res.Data.MarshalFrom(&route)
|
||||
}
|
||||
|
||||
func ValidateHTTPRoute(res *pbresource.Resource) error {
|
||||
var route pbmesh.HTTPRoute
|
||||
|
||||
if err := res.Data.UnmarshalTo(&route); err != nil {
|
||||
return resource.NewErrDataParse(&route, err)
|
||||
}
|
||||
|
||||
var merr error
|
||||
if err := validateParentRefs(route.ParentRefs); err != nil {
|
||||
merr = multierror.Append(merr, err)
|
||||
}
|
||||
|
||||
if len(route.Hostnames) > 0 {
|
||||
merr = multierror.Append(merr, resource.ErrInvalidField{
|
||||
Name: "hostnames",
|
||||
Wrapped: errors.New("should not populate hostnames"),
|
||||
})
|
||||
}
|
||||
|
||||
for i, rule := range route.Rules {
|
||||
wrapRuleErr := func(err error) error {
|
||||
return resource.ErrInvalidListElement{
|
||||
Name: "rules",
|
||||
Index: i,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
|
||||
for j, match := range rule.Matches {
|
||||
wrapMatchErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "matches",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
if match.Path != nil {
|
||||
wrapMatchPathErr := func(err error) error {
|
||||
return wrapMatchErr(resource.ErrInvalidField{
|
||||
Name: "path",
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
switch match.Path.Type {
|
||||
case pbmesh.PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED:
|
||||
merr = multierror.Append(merr, wrapMatchPathErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: resource.ErrMissing,
|
||||
},
|
||||
))
|
||||
case pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT:
|
||||
if !strings.HasPrefix(match.Path.Value, "/") {
|
||||
merr = multierror.Append(merr, wrapMatchPathErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "value",
|
||||
Wrapped: fmt.Errorf("exact patch value does not start with '/': %q", match.Path.Value),
|
||||
},
|
||||
))
|
||||
}
|
||||
case pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX:
|
||||
if !strings.HasPrefix(match.Path.Value, "/") {
|
||||
merr = multierror.Append(merr, wrapMatchPathErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "value",
|
||||
Wrapped: fmt.Errorf("prefix patch value does not start with '/': %q", match.Path.Value),
|
||||
},
|
||||
))
|
||||
}
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapMatchPathErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", match.Path.Type),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
for k, hdr := range match.Headers {
|
||||
wrapMatchHeaderErr := func(err error) error {
|
||||
return wrapMatchErr(resource.ErrInvalidListElement{
|
||||
Name: "headers",
|
||||
Index: k,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
if err := validateHeaderMatchType(hdr.Type); err != nil {
|
||||
merr = multierror.Append(merr, wrapMatchHeaderErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: err,
|
||||
}),
|
||||
)
|
||||
}
|
||||
|
||||
if hdr.Name == "" {
|
||||
merr = multierror.Append(merr, wrapMatchHeaderErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "name",
|
||||
Wrapped: resource.ErrMissing,
|
||||
}),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
for k, qm := range match.QueryParams {
|
||||
wrapMatchParamErr := func(err error) error {
|
||||
return wrapMatchErr(resource.ErrInvalidListElement{
|
||||
Name: "query_params",
|
||||
Index: k,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
switch qm.Type {
|
||||
case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED:
|
||||
merr = multierror.Append(merr, wrapMatchParamErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: resource.ErrMissing,
|
||||
}),
|
||||
)
|
||||
case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT:
|
||||
case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_REGEX:
|
||||
case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_PRESENT:
|
||||
default:
|
||||
merr = multierror.Append(merr, wrapMatchParamErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "type",
|
||||
Wrapped: fmt.Errorf("not a supported enum value: %v", qm.Type),
|
||||
},
|
||||
))
|
||||
}
|
||||
|
||||
if qm.Name == "" {
|
||||
merr = multierror.Append(merr, wrapMatchParamErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "name",
|
||||
Wrapped: resource.ErrMissing,
|
||||
}),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
if match.Method != "" && !isValidHTTPMethod(match.Method) {
|
||||
merr = multierror.Append(merr, wrapMatchErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "method",
|
||||
Wrapped: fmt.Errorf("not a valid http method: %q", match.Method),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
for j, filter := range rule.Filters {
|
||||
wrapFilterErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "filters",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
set := 0
|
||||
if filter.RequestHeaderModifier != nil {
|
||||
set++
|
||||
}
|
||||
if filter.ResponseHeaderModifier != nil {
|
||||
set++
|
||||
}
|
||||
if filter.UrlRewrite != nil {
|
||||
set++
|
||||
if filter.UrlRewrite.PathPrefix == "" {
|
||||
merr = multierror.Append(merr, wrapFilterErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "url_rewrite",
|
||||
Wrapped: resource.ErrInvalidField{
|
||||
Name: "path_prefix",
|
||||
Wrapped: errors.New("field should not be empty if enclosing section is set"),
|
||||
},
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
if set != 1 {
|
||||
merr = multierror.Append(merr, wrapFilterErr(
|
||||
errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
if len(rule.BackendRefs) == 0 {
|
||||
/*
|
||||
BackendRefs (optional)¶
|
||||
|
||||
BackendRefs defines API objects where matching requests should be
|
||||
sent. If unspecified, the rule performs no forwarding. If
|
||||
unspecified and no filters are specified that would result in a
|
||||
response being sent, a 404 error code is returned.
|
||||
*/
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_refs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
},
|
||||
))
|
||||
}
|
||||
for j, hbref := range rule.BackendRefs {
|
||||
wrapBackendRefErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "backend_refs",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
|
||||
for _, err := range validateBackendRef(hbref.BackendRef) {
|
||||
merr = multierror.Append(merr, wrapBackendRefErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_ref",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
|
||||
if len(hbref.Filters) > 0 {
|
||||
merr = multierror.Append(merr, wrapBackendRefErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "filters",
|
||||
Wrapped: errors.New("filters are not supported at this level yet"),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
if rule.Timeouts != nil {
|
||||
for _, err := range validateHTTPTimeouts(rule.Timeouts) {
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "timeouts",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
if rule.Retries != nil {
|
||||
for _, err := range validateHTTPRetries(rule.Retries) {
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "retries",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
||||
func isValidHTTPMethod(method string) bool {
|
||||
switch method {
|
||||
case http.MethodGet,
|
||||
http.MethodHead,
|
||||
http.MethodPost,
|
||||
http.MethodPut,
|
||||
http.MethodPatch,
|
||||
http.MethodDelete,
|
||||
http.MethodConnect,
|
||||
http.MethodOptions,
|
||||
http.MethodTrace:
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,980 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"google.golang.org/protobuf/types/known/durationpb"
|
||||
|
||||
"github.com/hashicorp/consul/internal/catalog"
|
||||
"github.com/hashicorp/consul/internal/resource/resourcetest"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
"github.com/hashicorp/consul/proto/private/prototest"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
)
|
||||
|
||||
func TestMutateHTTPRoute(t *testing.T) {
|
||||
type testcase struct {
|
||||
route *pbmesh.HTTPRoute
|
||||
expect *pbmesh.HTTPRoute
|
||||
expectErr string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(HTTPRouteType, "api").
|
||||
WithData(t, tc.route).
|
||||
Build()
|
||||
|
||||
err := MutateHTTPRoute(res)
|
||||
|
||||
got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
|
||||
|
||||
if tc.expectErr == "" {
|
||||
require.NoError(t, err)
|
||||
|
||||
if tc.expect == nil {
|
||||
tc.expect = proto.Clone(tc.route).(*pbmesh.HTTPRoute)
|
||||
}
|
||||
|
||||
prototest.AssertDeepEqual(t, tc.expect, got.Data)
|
||||
} else {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
"no-rules": {
|
||||
route: &pbmesh.HTTPRoute{},
|
||||
},
|
||||
"rules-with-no-matches": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
// none
|
||||
}},
|
||||
},
|
||||
},
|
||||
"rules-with-matches-no-methods": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/foo",
|
||||
},
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"rules-with-matches-methods-uppercase": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/foo",
|
||||
},
|
||||
Method: "GET",
|
||||
},
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/bar",
|
||||
},
|
||||
Method: "POST",
|
||||
},
|
||||
},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"rules-with-matches-methods-lowercase": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/foo",
|
||||
},
|
||||
Method: "get",
|
||||
},
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/bar",
|
||||
},
|
||||
Method: "post",
|
||||
},
|
||||
},
|
||||
}},
|
||||
},
|
||||
expect: &pbmesh.HTTPRoute{
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/foo",
|
||||
},
|
||||
Method: "GET",
|
||||
},
|
||||
{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/bar",
|
||||
},
|
||||
Method: "POST",
|
||||
},
|
||||
},
|
||||
}},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateHTTPRoute(t *testing.T) {
|
||||
type testcase struct {
|
||||
route *pbmesh.HTTPRoute
|
||||
expectErr string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(HTTPRouteType, "api").
|
||||
WithData(t, tc.route).
|
||||
Build()
|
||||
|
||||
err := MutateHTTPRoute(res)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = ValidateHTTPRoute(res)
|
||||
|
||||
// Verify that validate didn't actually change the object.
|
||||
got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
|
||||
prototest.AssertDeepEqual(t, tc.route, got.Data)
|
||||
|
||||
if tc.expectErr == "" {
|
||||
require.NoError(t, err)
|
||||
} else {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
"hostnames not supported for services": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Hostnames: []string{"foo.local"},
|
||||
},
|
||||
expectErr: `invalid "hostnames" field: should not populate hostnames`,
|
||||
},
|
||||
"no rules": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
},
|
||||
},
|
||||
"rules with no matches": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"rules with matches that are empty": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
// none
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"path match with no type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Value: "/foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: missing required field`,
|
||||
},
|
||||
"path match with unknown type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: 99,
|
||||
Value: "/foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: not a supported enum value: 99`,
|
||||
},
|
||||
"exact path match with no leading slash is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
|
||||
Value: "foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: exact patch value does not start with '/': "foo"`,
|
||||
},
|
||||
"prefix path match with no leading slash is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: prefix patch value does not start with '/': "foo"`,
|
||||
},
|
||||
"exact path match with leading slash is good": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
|
||||
Value: "/foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"prefix path match with leading slash is good": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Path: &pbmesh.HTTPPathMatch{
|
||||
Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
|
||||
Value: "/foo",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"header match with no type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Headers: []*pbmesh.HTTPHeaderMatch{{
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
|
||||
},
|
||||
"header match with unknown type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Headers: []*pbmesh.HTTPHeaderMatch{{
|
||||
Type: 99,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
|
||||
},
|
||||
"header match with no name is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Headers: []*pbmesh.HTTPHeaderMatch{{
|
||||
Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
|
||||
},
|
||||
"header match is good": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Headers: []*pbmesh.HTTPHeaderMatch{{
|
||||
Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"queryparam match with no type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
QueryParams: []*pbmesh.HTTPQueryParamMatch{{
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: missing required field`,
|
||||
},
|
||||
"queryparam match with unknown type is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
QueryParams: []*pbmesh.HTTPQueryParamMatch{{
|
||||
Type: 99,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: not a supported enum value: 99`,
|
||||
},
|
||||
"queryparam match with no name is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
QueryParams: []*pbmesh.HTTPQueryParamMatch{{
|
||||
Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "name" field: missing required field`,
|
||||
},
|
||||
"queryparam match is good": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
QueryParams: []*pbmesh.HTTPQueryParamMatch{{
|
||||
Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
|
||||
Name: "x-foo",
|
||||
}},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"method match is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Method: "BOB",
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "method" field: not a valid http method: "BOB"`,
|
||||
},
|
||||
"method match is good": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Matches: []*pbmesh.HTTPRouteMatch{{
|
||||
Method: "DELETE",
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter empty is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
// none
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req header mod is ok": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter resp header mod is ok": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter rewrite header mod missing path prefix": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
|
||||
},
|
||||
"filter rewrite header mod is ok": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
},
|
||||
"filter req+resp header mod is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req+rewrite header mod is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter resp+rewrite header mod is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"filter req+resp+rewrite header mod is bad": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
|
||||
PathPrefix: "/blah",
|
||||
},
|
||||
}},
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
|
||||
},
|
||||
"backend ref with filters is unsupported": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
Filters: []*pbmesh.HTTPRouteFilter{{
|
||||
RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
|
||||
}},
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
|
||||
},
|
||||
"nil backend ref": {
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{nil},
|
||||
}},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
|
||||
},
|
||||
}
|
||||
|
||||
// Add common timeouts test cases.
|
||||
for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
|
||||
cases["timeouts: "+name] = testcase{
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Timeouts: timeoutsTC.timeouts,
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: timeoutsTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
// Add common retries test cases.
|
||||
for name, retriesTC := range getXRouteRetriesTestCases() {
|
||||
cases["retries: "+name] = testcase{
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{{
|
||||
Retries: retriesTC.retries,
|
||||
BackendRefs: []*pbmesh.HTTPBackendRef{{
|
||||
BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
|
||||
}},
|
||||
}},
|
||||
},
|
||||
expectErr: retriesTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
// Add common parent refs test cases.
|
||||
for name, parentTC := range getXRouteParentRefTestCases() {
|
||||
cases["parent-ref: "+name] = testcase{
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: parentTC.refs,
|
||||
},
|
||||
expectErr: parentTC.expectErr,
|
||||
}
|
||||
}
|
||||
// add common backend ref test cases.
|
||||
for name, backendTC := range getXRouteBackendRefTestCases() {
|
||||
var refs []*pbmesh.HTTPBackendRef
|
||||
for _, br := range backendTC.refs {
|
||||
refs = append(refs, &pbmesh.HTTPBackendRef{
|
||||
BackendRef: br,
|
||||
})
|
||||
}
|
||||
cases["backend-ref: "+name] = testcase{
|
||||
route: &pbmesh.HTTPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.HTTPRouteRule{
|
||||
{BackendRefs: refs},
|
||||
},
|
||||
},
|
||||
expectErr: backendTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
type xRouteParentRefTestcase struct {
|
||||
refs []*pbmesh.ParentReference
|
||||
expectErr string
|
||||
}
|
||||
|
||||
func getXRouteParentRefTestCases() map[string]xRouteParentRefTestcase {
|
||||
return map[string]xRouteParentRefTestcase{
|
||||
"no parent refs": {
|
||||
expectErr: `invalid "parent_refs" field: cannot be empty`,
|
||||
},
|
||||
"parent ref with nil ref": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: nil,
|
||||
Port: "http",
|
||||
},
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: missing required field`,
|
||||
},
|
||||
"parent ref with bad type ref": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
newParentRef(catalog.WorkloadType, "api", ""),
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
|
||||
},
|
||||
"parent ref with section": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
|
||||
Port: "http",
|
||||
},
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: invalid "section" field: section not supported for service parent refs`,
|
||||
},
|
||||
"duplicate exact parents": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" exists twice`,
|
||||
},
|
||||
"duplicate wild parents": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for wildcard port exists twice`,
|
||||
},
|
||||
"duplicate parents via exact+wild overlap": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for ports [http] covered by wildcard port already`,
|
||||
},
|
||||
"duplicate parents via exact+wild overlap (reversed)": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", ""),
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
},
|
||||
expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" covered by wildcard port already`,
|
||||
},
|
||||
"good single parent ref": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
},
|
||||
},
|
||||
"good muliple parent refs": {
|
||||
refs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "api", "http"),
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type xRouteBackendRefTestcase struct {
|
||||
refs []*pbmesh.BackendReference
|
||||
expectErr string
|
||||
}
|
||||
|
||||
func getXRouteBackendRefTestCases() map[string]xRouteBackendRefTestcase {
|
||||
return map[string]xRouteBackendRefTestcase{
|
||||
"no backend refs": {
|
||||
expectErr: `invalid "backend_refs" field: cannot be empty`,
|
||||
},
|
||||
"backend ref with nil ref": {
|
||||
refs: []*pbmesh.BackendReference{
|
||||
newBackendRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: nil,
|
||||
Port: "http",
|
||||
},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: missing required field`,
|
||||
},
|
||||
"backend ref with bad type ref": {
|
||||
refs: []*pbmesh.BackendReference{
|
||||
newBackendRef(catalog.ServiceType, "api", ""),
|
||||
newBackendRef(catalog.WorkloadType, "api", ""),
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
|
||||
},
|
||||
"backend ref with section": {
|
||||
refs: []*pbmesh.BackendReference{
|
||||
newBackendRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
|
||||
Port: "http",
|
||||
},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: invalid "section" field: section not supported for service backend refs`,
|
||||
},
|
||||
"backend ref with datacenter": {
|
||||
refs: []*pbmesh.BackendReference{
|
||||
newBackendRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: newRef(catalog.ServiceType, "db"),
|
||||
Port: "http",
|
||||
Datacenter: "dc2",
|
||||
},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "datacenter" field: datacenter is not yet supported on backend refs`,
|
||||
},
|
||||
"good backend ref": {
|
||||
refs: []*pbmesh.BackendReference{
|
||||
newBackendRef(catalog.ServiceType, "api", ""),
|
||||
{
|
||||
Ref: newRef(catalog.ServiceType, "db"),
|
||||
Port: "http",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type xRouteTimeoutsTestcase struct {
|
||||
timeouts *pbmesh.HTTPRouteTimeouts
|
||||
expectErr string
|
||||
}
|
||||
|
||||
func getXRouteTimeoutsTestCases() map[string]xRouteTimeoutsTestcase {
|
||||
return map[string]xRouteTimeoutsTestcase{
|
||||
"bad request": {
|
||||
timeouts: &pbmesh.HTTPRouteTimeouts{
|
||||
Request: durationpb.New(-1 * time.Second),
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "request" field: timeout cannot be negative: -1s`,
|
||||
},
|
||||
"bad backend request": {
|
||||
timeouts: &pbmesh.HTTPRouteTimeouts{
|
||||
BackendRequest: durationpb.New(-1 * time.Second),
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "backend_request" field: timeout cannot be negative: -1s`,
|
||||
},
|
||||
"bad idle": {
|
||||
timeouts: &pbmesh.HTTPRouteTimeouts{
|
||||
Idle: durationpb.New(-1 * time.Second),
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "idle" field: timeout cannot be negative: -1s`,
|
||||
},
|
||||
"good all": {
|
||||
timeouts: &pbmesh.HTTPRouteTimeouts{
|
||||
Request: durationpb.New(1 * time.Second),
|
||||
BackendRequest: durationpb.New(2 * time.Second),
|
||||
Idle: durationpb.New(3 * time.Second),
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type xRouteRetriesTestcase struct {
|
||||
retries *pbmesh.HTTPRouteRetries
|
||||
expectErr string
|
||||
}
|
||||
|
||||
func getXRouteRetriesTestCases() map[string]xRouteRetriesTestcase {
|
||||
return map[string]xRouteRetriesTestcase{
|
||||
"bad number": {
|
||||
retries: &pbmesh.HTTPRouteRetries{
|
||||
Number: -5,
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid "number" field: cannot be negative: -5`,
|
||||
},
|
||||
"bad conditions": {
|
||||
retries: &pbmesh.HTTPRouteRetries{
|
||||
OnConditions: []string{"garbage"},
|
||||
},
|
||||
expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid element at index 0 of list "on_conditions": not a valid retry condition: "garbage"`,
|
||||
},
|
||||
"good all": {
|
||||
retries: &pbmesh.HTTPRouteRetries{
|
||||
Number: 5,
|
||||
OnConditions: []string{"internal"},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
|
||||
return resourcetest.Resource(typ, name).Reference("")
|
||||
}
|
||||
|
||||
func newBackendRef(typ *pbresource.Type, name, port string) *pbmesh.BackendReference {
|
||||
return &pbmesh.BackendReference{
|
||||
Ref: newRef(typ, name),
|
||||
Port: port,
|
||||
}
|
||||
}
|
||||
|
||||
func newParentRef(typ *pbresource.Type, name, port string) *pbmesh.ParentReference {
|
||||
return &pbmesh.ParentReference{
|
||||
Ref: newRef(typ, name),
|
||||
Port: port,
|
||||
}
|
||||
}
|
|
@ -25,8 +25,9 @@ var (
|
|||
|
||||
func RegisterProxyConfiguration(r resource.Registry) {
|
||||
r.Register(resource.Registration{
|
||||
Type: ProxyConfigurationV1Alpha1Type,
|
||||
Proto: &pbmesh.ProxyConfiguration{},
|
||||
Type: ProxyConfigurationV1Alpha1Type,
|
||||
Proto: &pbmesh.ProxyConfiguration{},
|
||||
// TODO(rb): add validation for proxy configuration
|
||||
Validate: nil,
|
||||
})
|
||||
}
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
|
@ -25,8 +27,69 @@ var (
|
|||
|
||||
func RegisterTCPRoute(r resource.Registry) {
|
||||
r.Register(resource.Registration{
|
||||
Type: TCPRouteV1Alpha1Type,
|
||||
Proto: &pbmesh.TCPRoute{},
|
||||
Validate: nil,
|
||||
Type: TCPRouteV1Alpha1Type,
|
||||
Proto: &pbmesh.TCPRoute{},
|
||||
// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
|
||||
Validate: ValidateTCPRoute,
|
||||
})
|
||||
}
|
||||
|
||||
func ValidateTCPRoute(res *pbresource.Resource) error {
|
||||
var route pbmesh.TCPRoute
|
||||
|
||||
if err := res.Data.UnmarshalTo(&route); err != nil {
|
||||
return resource.NewErrDataParse(&route, err)
|
||||
}
|
||||
|
||||
var merr error
|
||||
|
||||
if err := validateParentRefs(route.ParentRefs); err != nil {
|
||||
merr = multierror.Append(merr, err)
|
||||
}
|
||||
|
||||
for i, rule := range route.Rules {
|
||||
wrapRuleErr := func(err error) error {
|
||||
return resource.ErrInvalidListElement{
|
||||
Name: "rules",
|
||||
Index: i,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
|
||||
if len(rule.BackendRefs) == 0 {
|
||||
/*
|
||||
BackendRefs (optional)¶
|
||||
|
||||
BackendRefs defines API objects where matching requests should be
|
||||
sent. If unspecified, the rule performs no forwarding. If
|
||||
unspecified and no filters are specified that would result in a
|
||||
response being sent, a 404 error code is returned.
|
||||
*/
|
||||
merr = multierror.Append(merr, wrapRuleErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_refs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
},
|
||||
))
|
||||
}
|
||||
for j, hbref := range rule.BackendRefs {
|
||||
wrapBackendRefErr := func(err error) error {
|
||||
return wrapRuleErr(resource.ErrInvalidListElement{
|
||||
Name: "backend_refs",
|
||||
Index: j,
|
||||
Wrapped: err,
|
||||
})
|
||||
}
|
||||
for _, err := range validateBackendRef(hbref.BackendRef) {
|
||||
merr = multierror.Append(merr, wrapBackendRefErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "backend_ref",
|
||||
Wrapped: err,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/internal/catalog"
|
||||
"github.com/hashicorp/consul/internal/resource/resourcetest"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
"github.com/hashicorp/consul/proto/private/prototest"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
)
|
||||
|
||||
func TestValidateTCPRoute(t *testing.T) {
|
||||
type testcase struct {
|
||||
route *pbmesh.TCPRoute
|
||||
expectErr string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
res := resourcetest.Resource(TCPRouteType, "api").
|
||||
WithData(t, tc.route).
|
||||
Build()
|
||||
|
||||
err := ValidateTCPRoute(res)
|
||||
|
||||
// Verify that validate didn't actually change the object.
|
||||
got := resourcetest.MustDecode[*pbmesh.TCPRoute](t, res)
|
||||
prototest.AssertDeepEqual(t, tc.route, got.Data)
|
||||
|
||||
if tc.expectErr == "" {
|
||||
require.NoError(t, err)
|
||||
} else {
|
||||
testutil.RequireErrorContains(t, err, tc.expectErr)
|
||||
}
|
||||
}
|
||||
|
||||
cases := map[string]testcase{}
|
||||
|
||||
// Add common parent refs test cases.
|
||||
for name, parentTC := range getXRouteParentRefTestCases() {
|
||||
cases["parent-ref: "+name] = testcase{
|
||||
route: &pbmesh.TCPRoute{
|
||||
ParentRefs: parentTC.refs,
|
||||
},
|
||||
expectErr: parentTC.expectErr,
|
||||
}
|
||||
}
|
||||
// add common backend ref test cases.
|
||||
for name, backendTC := range getXRouteBackendRefTestCases() {
|
||||
var refs []*pbmesh.TCPBackendRef
|
||||
for _, br := range backendTC.refs {
|
||||
refs = append(refs, &pbmesh.TCPBackendRef{
|
||||
BackendRef: br,
|
||||
})
|
||||
}
|
||||
cases["backend-ref: "+name] = testcase{
|
||||
route: &pbmesh.TCPRoute{
|
||||
ParentRefs: []*pbmesh.ParentReference{
|
||||
newParentRef(catalog.ServiceType, "web", ""),
|
||||
},
|
||||
Rules: []*pbmesh.TCPRouteRule{
|
||||
{BackendRefs: refs},
|
||||
},
|
||||
},
|
||||
expectErr: backendTC.expectErr,
|
||||
}
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/internal/catalog"
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
"github.com/hashicorp/consul/proto-public/pbresource"
|
||||
)
|
||||
|
||||
func IsRouteType(typ *pbresource.Type) bool {
|
||||
switch {
|
||||
case resource.EqualType(typ, HTTPRouteType),
|
||||
resource.EqualType(typ, GRPCRouteType),
|
||||
resource.EqualType(typ, TCPRouteType):
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func IsFailoverPolicyType(typ *pbresource.Type) bool {
|
||||
switch {
|
||||
case resource.EqualType(typ, catalog.FailoverPolicyType):
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func IsDestinationPolicyType(typ *pbresource.Type) bool {
|
||||
switch {
|
||||
case resource.EqualType(typ, DestinationPolicyType):
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func IsServiceType(typ *pbresource.Type) bool {
|
||||
switch {
|
||||
case resource.EqualType(typ, catalog.ServiceType):
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func IsComputedRoutesType(typ *pbresource.Type) bool {
|
||||
switch {
|
||||
case resource.EqualType(typ, ComputedRoutesType):
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -0,0 +1,296 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package types
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/hashicorp/consul/internal/catalog"
|
||||
"github.com/hashicorp/consul/internal/resource"
|
||||
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
|
||||
)
|
||||
|
||||
type XRouteData interface {
|
||||
proto.Message
|
||||
XRouteWithRefs
|
||||
}
|
||||
|
||||
type XRouteWithRefs interface {
|
||||
GetParentRefs() []*pbmesh.ParentReference
|
||||
GetUnderlyingBackendRefs() []*pbmesh.BackendReference
|
||||
}
|
||||
|
||||
type portedRefKey struct {
|
||||
Key resource.ReferenceKey
|
||||
Port string
|
||||
}
|
||||
|
||||
func validateParentRefs(parentRefs []*pbmesh.ParentReference) error {
|
||||
var merr error
|
||||
if len(parentRefs) == 0 {
|
||||
merr = multierror.Append(merr, resource.ErrInvalidField{
|
||||
Name: "parent_refs",
|
||||
Wrapped: resource.ErrEmpty,
|
||||
})
|
||||
}
|
||||
|
||||
var (
|
||||
seen = make(map[portedRefKey]struct{})
|
||||
seenAny = make(map[resource.ReferenceKey][]string)
|
||||
)
|
||||
for i, parent := range parentRefs {
|
||||
wrapErr := func(err error) error {
|
||||
return resource.ErrInvalidListElement{
|
||||
Name: "parent_refs",
|
||||
Index: i,
|
||||
Wrapped: err,
|
||||
}
|
||||
}
|
||||
if parent.Ref == nil {
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrMissing,
|
||||
},
|
||||
))
|
||||
} else {
|
||||
if !IsServiceType(parent.Ref.Type) {
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrInvalidReferenceType{
|
||||
AllowedType: catalog.ServiceType,
|
||||
},
|
||||
},
|
||||
))
|
||||
}
|
||||
if parent.Ref.Section != "" {
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrInvalidField{
|
||||
Name: "section",
|
||||
Wrapped: errors.New("section not supported for service parent refs"),
|
||||
},
|
||||
},
|
||||
))
|
||||
}
|
||||
|
||||
prk := portedRefKey{
|
||||
Key: resource.NewReferenceKey(parent.Ref),
|
||||
Port: parent.Port,
|
||||
}
|
||||
|
||||
_, portExist := seen[prk]
|
||||
|
||||
if parent.Port == "" {
|
||||
coveredPorts, exactExists := seenAny[prk.Key]
|
||||
|
||||
if portExist { // check for duplicate wild
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: fmt.Errorf(
|
||||
"parent ref %q for wildcard port exists twice",
|
||||
resource.ReferenceToString(parent.Ref),
|
||||
),
|
||||
},
|
||||
))
|
||||
} else if exactExists { // check for existing exact
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: fmt.Errorf(
|
||||
"parent ref %q for ports %v covered by wildcard port already",
|
||||
resource.ReferenceToString(parent.Ref),
|
||||
coveredPorts,
|
||||
),
|
||||
},
|
||||
))
|
||||
} else {
|
||||
seen[prk] = struct{}{}
|
||||
}
|
||||
|
||||
} else {
|
||||
prkWild := prk
|
||||
prkWild.Port = ""
|
||||
_, wildExist := seen[prkWild]
|
||||
|
||||
if portExist { // check for duplicate exact
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: fmt.Errorf(
|
||||
"parent ref %q for port %q exists twice",
|
||||
resource.ReferenceToString(parent.Ref),
|
||||
parent.Port,
|
||||
),
|
||||
},
|
||||
))
|
||||
} else if wildExist { // check for existing wild
|
||||
merr = multierror.Append(merr, wrapErr(
|
||||
resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: fmt.Errorf(
|
||||
"parent ref %q for port %q covered by wildcard port already",
|
||||
resource.ReferenceToString(parent.Ref),
|
||||
parent.Port,
|
||||
),
|
||||
},
|
||||
))
|
||||
} else {
|
||||
seen[prk] = struct{}{}
|
||||
seenAny[prk.Key] = append(seenAny[prk.Key], parent.Port)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return merr
|
||||
}
|
||||
|
||||
func validateBackendRef(backendRef *pbmesh.BackendReference) []error {
|
||||
var errs []error
|
||||
if backendRef == nil {
|
||||
errs = append(errs, resource.ErrMissing)
|
||||
|
||||
} else if backendRef.Ref == nil {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrMissing,
|
||||
})
|
||||
|
||||
} else {
|
||||
if !IsServiceType(backendRef.Ref.Type) {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrInvalidReferenceType{
|
||||
AllowedType: catalog.ServiceType,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if backendRef.Ref.Section != "" {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "ref",
|
||||
Wrapped: resource.ErrInvalidField{
|
||||
Name: "section",
|
||||
Wrapped: errors.New("section not supported for service backend refs"),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if backendRef.Datacenter != "" {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "datacenter",
|
||||
Wrapped: errors.New("datacenter is not yet supported on backend refs"),
|
||||
})
|
||||
}
|
||||
}
|
||||
return errs
|
||||
}
|
||||
|
||||
func validateHeaderMatchType(typ pbmesh.HeaderMatchType) error {
|
||||
switch typ {
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED:
|
||||
return resource.ErrMissing
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT:
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_REGEX:
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PRESENT:
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PREFIX:
|
||||
case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_SUFFIX:
|
||||
default:
|
||||
return fmt.Errorf("not a supported enum value: %v", typ)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func validateHTTPTimeouts(timeouts *pbmesh.HTTPRouteTimeouts) []error {
|
||||
if timeouts == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
var errs []error
|
||||
|
||||
if timeouts.Request != nil {
|
||||
val := timeouts.Request.AsDuration()
|
||||
if val < 0 {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "request",
|
||||
Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
|
||||
})
|
||||
}
|
||||
}
|
||||
if timeouts.BackendRequest != nil {
|
||||
val := timeouts.BackendRequest.AsDuration()
|
||||
if val < 0 {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "backend_request",
|
||||
Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
|
||||
})
|
||||
}
|
||||
}
|
||||
if timeouts.Idle != nil {
|
||||
val := timeouts.Idle.AsDuration()
|
||||
if val < 0 {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "idle",
|
||||
Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
||||
func validateHTTPRetries(retries *pbmesh.HTTPRouteRetries) []error {
|
||||
if retries == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
var errs []error
|
||||
|
||||
if retries.Number < 0 {
|
||||
errs = append(errs, resource.ErrInvalidField{
|
||||
Name: "number",
|
||||
Wrapped: fmt.Errorf("cannot be negative: %v", retries.Number),
|
||||
})
|
||||
}
|
||||
|
||||
for i, condition := range retries.OnConditions {
|
||||
if !isValidRetryCondition(condition) {
|
||||
errs = append(errs, resource.ErrInvalidListElement{
|
||||
Name: "on_conditions",
|
||||
Index: i,
|
||||
Wrapped: fmt.Errorf("not a valid retry condition: %q", condition),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
||||
func isValidRetryCondition(retryOn string) bool {
|
||||
switch retryOn {
|
||||
case "5xx",
|
||||
"gateway-error",
|
||||
"reset",
|
||||
"connect-failure",
|
||||
"envoy-ratelimited",
|
||||
"retriable-4xx",
|
||||
"refused-stream",
|
||||
"cancelled",
|
||||
"deadline-exceeded",
|
||||
"internal",
|
||||
"resource-exhausted",
|
||||
"unavailable":
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package meshv1alpha1
|
||||
|
||||
// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
|
||||
// bundle them up in one slice, unwrapping the HTTP-specifics in the process.
|
||||
//
|
||||
// This implements an XRouteWithRefs interface in the internal/mesh package.
|
||||
//
|
||||
// NOTE: no deduplication occurs.
|
||||
func (x *HTTPRoute) GetUnderlyingBackendRefs() []*BackendReference {
|
||||
if x == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
estimate := 0
|
||||
for _, rule := range x.Rules {
|
||||
estimate += len(rule.BackendRefs)
|
||||
}
|
||||
|
||||
backendRefs := make([]*BackendReference, 0, estimate)
|
||||
for _, rule := range x.Rules {
|
||||
for _, backendRef := range rule.BackendRefs {
|
||||
backendRefs = append(backendRefs, backendRef.BackendRef)
|
||||
}
|
||||
}
|
||||
return backendRefs
|
||||
}
|
||||
|
||||
// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
|
||||
// bundle them up in one slice, unwrapping the GRPC-specifics in the process.
|
||||
//
|
||||
// This implements an XRouteWithRefs interface in the internal/mesh package.
|
||||
//
|
||||
// NOTE: no deduplication occurs.
|
||||
func (x *GRPCRoute) GetUnderlyingBackendRefs() []*BackendReference {
|
||||
if x == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
estimate := 0
|
||||
for _, rule := range x.Rules {
|
||||
estimate += len(rule.BackendRefs)
|
||||
}
|
||||
|
||||
backendRefs := make([]*BackendReference, 0, estimate)
|
||||
for _, rule := range x.Rules {
|
||||
for _, backendRef := range rule.BackendRefs {
|
||||
backendRefs = append(backendRefs, backendRef.BackendRef)
|
||||
}
|
||||
}
|
||||
return backendRefs
|
||||
}
|
||||
|
||||
// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
|
||||
// bundle them up in one slice, unwrapping the TCP-specifics in the process.
|
||||
//
|
||||
// This implements an XRouteWithRefs interface in the internal/mesh package.
|
||||
//
|
||||
// NOTE: no deduplication occurs.
|
||||
func (x *TCPRoute) GetUnderlyingBackendRefs() []*BackendReference {
|
||||
if x == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
estimate := 0
|
||||
for _, rule := range x.Rules {
|
||||
estimate += len(rule.BackendRefs)
|
||||
}
|
||||
|
||||
backendRefs := make([]*BackendReference, 0, estimate)
|
||||
|
||||
for _, rule := range x.Rules {
|
||||
for _, backendRef := range rule.BackendRefs {
|
||||
backendRefs = append(backendRefs, backendRef.BackendRef)
|
||||
}
|
||||
}
|
||||
return backendRefs
|
||||
}
|
||||
|
||||
// IsHashBased returns true if the policy is a hash-based policy such as maglev
|
||||
// or ring hash.
|
||||
func (p LoadBalancerPolicy) IsHashBased() bool {
|
||||
switch p {
|
||||
case LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
|
||||
LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -0,0 +1,174 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package meshv1alpha1
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/protobuf/encoding/protojson"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
pbresource "github.com/hashicorp/consul/proto-public/pbresource"
|
||||
)
|
||||
|
||||
type routeWithAddons interface {
|
||||
proto.Message
|
||||
GetUnderlyingBackendRefs() []*BackendReference
|
||||
}
|
||||
|
||||
func TestXRoute_GetUnderlyingBackendRefs(t *testing.T) {
|
||||
type testcase struct {
|
||||
route routeWithAddons
|
||||
expect []*BackendReference
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testcase) {
|
||||
got := tc.route.GetUnderlyingBackendRefs()
|
||||
require.ElementsMatch(t, stringifyList(tc.expect), stringifyList(got))
|
||||
}
|
||||
|
||||
cases := map[string]testcase{
|
||||
"http: nil": {
|
||||
route: (*HTTPRoute)(nil),
|
||||
},
|
||||
"grpc: nil": {
|
||||
route: (*GRPCRoute)(nil),
|
||||
},
|
||||
"tcp: nil": {
|
||||
route: (*TCPRoute)(nil),
|
||||
},
|
||||
"http: kitchen sink": {
|
||||
route: &HTTPRoute{
|
||||
Rules: []*HTTPRouteRule{
|
||||
{BackendRefs: []*HTTPBackendRef{
|
||||
{BackendRef: newBackendRef("aa")},
|
||||
}},
|
||||
{BackendRefs: []*HTTPBackendRef{
|
||||
{BackendRef: newBackendRef("bb")},
|
||||
}},
|
||||
{BackendRefs: []*HTTPBackendRef{
|
||||
{BackendRef: newBackendRef("cc")},
|
||||
{BackendRef: newBackendRef("dd")},
|
||||
}},
|
||||
{BackendRefs: []*HTTPBackendRef{
|
||||
{BackendRef: newBackendRef("ee")},
|
||||
{BackendRef: newBackendRef("ff")},
|
||||
}},
|
||||
},
|
||||
},
|
||||
expect: []*BackendReference{
|
||||
newBackendRef("aa"),
|
||||
newBackendRef("bb"),
|
||||
newBackendRef("cc"),
|
||||
newBackendRef("dd"),
|
||||
newBackendRef("ee"),
|
||||
newBackendRef("ff"),
|
||||
},
|
||||
},
|
||||
"grpc: kitchen sink": {
|
||||
route: &GRPCRoute{
|
||||
Rules: []*GRPCRouteRule{
|
||||
{BackendRefs: []*GRPCBackendRef{
|
||||
{BackendRef: newBackendRef("aa")},
|
||||
}},
|
||||
{BackendRefs: []*GRPCBackendRef{
|
||||
{BackendRef: newBackendRef("bb")},
|
||||
}},
|
||||
{BackendRefs: []*GRPCBackendRef{
|
||||
{BackendRef: newBackendRef("cc")},
|
||||
{BackendRef: newBackendRef("dd")},
|
||||
}},
|
||||
{BackendRefs: []*GRPCBackendRef{
|
||||
{BackendRef: newBackendRef("ee")},
|
||||
{BackendRef: newBackendRef("ff")},
|
||||
}},
|
||||
},
|
||||
},
|
||||
expect: []*BackendReference{
|
||||
newBackendRef("aa"),
|
||||
newBackendRef("bb"),
|
||||
newBackendRef("cc"),
|
||||
newBackendRef("dd"),
|
||||
newBackendRef("ee"),
|
||||
newBackendRef("ff"),
|
||||
},
|
||||
},
|
||||
"tcp: kitchen sink": {
|
||||
route: &TCPRoute{
|
||||
Rules: []*TCPRouteRule{
|
||||
{BackendRefs: []*TCPBackendRef{
|
||||
{BackendRef: newBackendRef("aa")},
|
||||
}},
|
||||
{BackendRefs: []*TCPBackendRef{
|
||||
{BackendRef: newBackendRef("bb")},
|
||||
}},
|
||||
{BackendRefs: []*TCPBackendRef{
|
||||
{BackendRef: newBackendRef("cc")},
|
||||
{BackendRef: newBackendRef("dd")},
|
||||
}},
|
||||
{BackendRefs: []*TCPBackendRef{
|
||||
{BackendRef: newBackendRef("ee")},
|
||||
{BackendRef: newBackendRef("ff")},
|
||||
}},
|
||||
},
|
||||
},
|
||||
expect: []*BackendReference{
|
||||
newBackendRef("aa"),
|
||||
newBackendRef("bb"),
|
||||
newBackendRef("cc"),
|
||||
newBackendRef("dd"),
|
||||
newBackendRef("ee"),
|
||||
newBackendRef("ff"),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, tc := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func protoToString[V proto.Message](pb V) string {
|
||||
m := protojson.MarshalOptions{
|
||||
Indent: " ",
|
||||
}
|
||||
gotJSON, err := m.Marshal(pb)
|
||||
if err != nil {
|
||||
return "<ERR: " + err.Error() + ">"
|
||||
}
|
||||
return string(gotJSON)
|
||||
}
|
||||
|
||||
func newRouteRef(name string) *pbresource.Reference {
|
||||
return &pbresource.Reference{
|
||||
Type: &pbresource.Type{
|
||||
Group: "fake",
|
||||
GroupVersion: "v1alpha1",
|
||||
Kind: "fake",
|
||||
},
|
||||
Tenancy: &pbresource.Tenancy{
|
||||
Partition: "default",
|
||||
Namespace: "default",
|
||||
PeerName: "local",
|
||||
},
|
||||
Name: name,
|
||||
}
|
||||
}
|
||||
|
||||
func newBackendRef(name string) *BackendReference {
|
||||
return &BackendReference{
|
||||
Ref: newRouteRef(name),
|
||||
}
|
||||
}
|
||||
|
||||
func stringifyList[V proto.Message](list []V) []string {
|
||||
out := make([]string, 0, len(list))
|
||||
for _, item := range list {
|
||||
out = append(out, protoToString(item))
|
||||
}
|
||||
return out
|
||||
}
|
Loading…
Reference in New Issue