You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
consul/test/integration/connect/envoy/case-l7-intentions/verify.bats

124 lines
5.2 KiB

#!/usr/bin/env bats
load helpers
@test "s1 proxy admin is up on :19000" {
retry_default curl -f -s localhost:19000/stats -o /dev/null
}
@test "s2 proxy admin is up on :19001" {
retry_default curl -f -s localhost:19001/stats -o /dev/null
}
@test "s1 proxy listener should be up and have right cert" {
assert_proxy_presents_cert_uri localhost:21000 s1
}
@test "s2 proxy listener should be up and have right cert" {
assert_proxy_presents_cert_uri localhost:21001 s2
}
@test "s2 proxies should be healthy" {
assert_service_has_healthy_instances s2 1
}
@test "s1 upstream should have healthy endpoints for s2" {
assert_upstream_has_endpoints_in_status 127.0.0.1:19000 s2.default.primary HEALTHY 1
}
@test "s2 should have http rbac rules loaded from xDS" {
retry_default assert_envoy_http_rbac_policy_count localhost:19001 1
}
# these all use the same context: "s1 upstream should be able to connect to s2 via upstream s2"
@test "test exact path" {
retry_default must_pass_http_request GET localhost:5000/exact
retry_default must_fail_http_request 403 GET localhost:5000/exact-nope
}
@test "test prefix path" {
retry_default must_pass_http_request GET localhost:5000/prefix
retry_default must_fail_http_request 403 GET localhost:5000/nope-prefix
}
@test "test regex path" {
retry_default must_pass_http_request GET localhost:5000/regex
retry_default must_fail_http_request 403 GET localhost:5000/reggex
}
@test "test present header" {
retry_default must_pass_http_request GET localhost:5000/hdr-present x-test-debug:anything
retry_default must_fail_http_request 403 GET localhost:5000/hdr-present x-test-debug:
}
@test "test exact header" {
retry_default must_pass_http_request GET localhost:5000/hdr-exact x-test-debug:exact
retry_default must_fail_http_request 403 GET localhost:5000/hdr-exact x-test-debug:exact-nope
}
@test "test prefix header" {
retry_default must_pass_http_request GET localhost:5000/hdr-prefix x-test-debug:prefix
retry_default must_fail_http_request 403 GET localhost:5000/hdr-prefix x-test-debug:nope-prefix
}
@test "test suffix header" {
retry_default must_pass_http_request GET localhost:5000/hdr-suffix x-test-debug:suffix
retry_default must_fail_http_request 403 GET localhost:5000/hdr-suffix x-test-debug:suffix-nope
}
@test "test contains header" {
retry_default must_pass_http_request GET localhost:5000/hdr-contains x-test-debug:contains
retry_default must_pass_http_request GET localhost:5000/hdr-contains x-test-debug:ccontainss
retry_default must_pass_http_request GET localhost:5000/hdr-contains x-test-debug:still-contains-value
retry_default must_fail_http_request 403 GET localhost:5000/hdr-contains x-test-debug:conntains
}
@test "test regex header" {
retry_default must_pass_http_request GET localhost:5000/hdr-regex x-test-debug:regex
retry_default must_fail_http_request 403 GET localhost:5000/hdr-regex x-test-debug:reggex
}
@test "test exact ignore case header" {
retry_default must_pass_http_request GET localhost:5000/hdr-exact-ignore-case x-test-debug:foo.bar.com
retry_default must_pass_http_request GET localhost:5000/hdr-exact-ignore-case x-test-debug:foo.BAR.com
retry_default must_pass_http_request GET localhost:5000/hdr-exact-ignore-case x-test-debug:fOo.bAr.coM
retry_default must_fail_http_request 403 GET localhost:5000/hdr-exact-ignore-case x-test-debug:fOo.bAr.coM.nope
}
@test "test prefix ignore case header" {
retry_default must_pass_http_request GET localhost:5000/hdr-prefix-ignore-case x-test-debug:foo.bar.com
retry_default must_pass_http_request GET localhost:5000/hdr-prefix-ignore-case x-test-debug:foo.BAR.com
retry_default must_pass_http_request GET localhost:5000/hdr-prefix-ignore-case x-test-debug:fOo.bAr.coM
retry_default must_fail_http_request 403 GET localhost:5000/hdr-prefix-ignore-case x-test-debug:nope.fOo.bAr.coM
}
@test "test suffix ignore case header" {
retry_default must_pass_http_request GET localhost:5000/hdr-suffix-ignore-case x-test-debug:foo.bar.com
retry_default must_pass_http_request GET localhost:5000/hdr-suffix-ignore-case x-test-debug:foo.BAR.com
retry_default must_pass_http_request GET localhost:5000/hdr-suffix-ignore-case x-test-debug:fOo.bAr.coM
retry_default must_fail_http_request 403 GET localhost:5000/hdr-suffix-ignore-case x-test-debug:fOo.bAr.coM.nope
}
@test "test contains ignore case header" {
retry_default must_pass_http_request GET localhost:5000/hdr-contains-ignore-case x-test-debug:cOntAins
retry_default must_pass_http_request GET localhost:5000/hdr-contains-ignore-case x-test-debug:CconTainsS
retry_default must_pass_http_request GET localhost:5000/hdr-contains-ignore-case x-test-debug:still-cOntAins-value
retry_default must_fail_http_request 403 GET localhost:5000/hdr-contains-ignore-case x-test-debug:cOnntAins
}
@test "test method match" {
retry_default must_pass_http_request GET localhost:5000/method-match
retry_default must_pass_http_request PUT localhost:5000/method-match
retry_default must_fail_http_request 403 POST localhost:5000/method-match
retry_default must_fail_http_request 403 HEAD localhost:5000/method-match
}
# @test "s1 upstream should NOT be able to connect to s2" {
# run retry_default must_fail_tcp_connection localhost:5000
# echo "OUTPUT $output"
# [ "$status" == "0" ]
# }