Skip to content

Commit

Permalink
Add support for t-proxy to peering acceptance tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
thisisnotashwin committed Jul 21, 2022
1 parent d4b4de6 commit 8160752
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 15 deletions.
35 changes: 26 additions & 9 deletions acceptance/tests/peering/peering_connect_namespaces_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package peering

import (
"context"
"github.com/hashicorp/go-version"
"fmt"
"strconv"
"testing"

Expand All @@ -13,6 +13,7 @@ import (
"github.com/hashicorp/consul-k8s/acceptance/framework/k8s"
"github.com/hashicorp/consul-k8s/acceptance/framework/logger"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/go-version"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -87,8 +88,8 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

"global.acls.manageSystemACLs": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),

"connectInject.enabled": "true",
"connectInject.transparentProxy.defaultEnabled": "false",
"connectInject.enabled": "true",

// When mirroringK8S is set, this setting is ignored.
"connectInject.consulNamespaces.consulDestinationNamespace": c.destinationNamespace,
"connectInject.consulNamespaces.mirroringK8S": strconv.FormatBool(c.mirrorK8S),
Expand Down Expand Up @@ -205,10 +206,14 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
k8s.DeployKustomize(t, staticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject")

logger.Log(t, "creating static-client deployments in client peer")
if c.destinationNamespace == defaultNamespace {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/default-namespace")
if cfg.EnableTransparentProxy {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy")
} else {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/non-default-namespace")
if c.destinationNamespace == defaultNamespace {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/default-namespace")
} else {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/non-default-namespace")
}
}
// Check that both static-server and static-client have been injected and now have 2 containers.
podList, err := staticServerPeerClusterContext.KubernetesClient(t).CoreV1().Pods(metav1.NamespaceAll).List(context.Background(), metav1.ListOptions{
Expand Down Expand Up @@ -255,7 +260,11 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
}

logger.Log(t, "checking that connection is successful")
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}

denyAllIntention := &api.ServiceIntentionsConfigEntry{
Name: "*",
Expand All @@ -274,7 +283,11 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
require.NoError(t, err)

logger.Log(t, "checking that the connection is not successful because there's no allow intention")
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
}

intention := &api.ServiceIntentionsConfigEntry{
Name: staticServerName,
Expand Down Expand Up @@ -302,7 +315,11 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
require.NoError(t, err)

logger.Log(t, "checking that connection is successful")
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
})
}
}
28 changes: 22 additions & 6 deletions acceptance/tests/peering/peering_connect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package peering

import (
"context"
"fmt"
"strconv"
"testing"

Expand Down Expand Up @@ -60,8 +61,7 @@ func TestPeering_Connect(t *testing.T) {

"global.acls.manageSystemACLs": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),

"connectInject.enabled": "true",
"connectInject.transparentProxy.defaultEnabled": "false",
"connectInject.enabled": "true",

"meshGateway.enabled": "true",
"meshGateway.replicas": "1",
Expand Down Expand Up @@ -170,7 +170,11 @@ func TestPeering_Connect(t *testing.T) {
k8s.DeployKustomize(t, staticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject")

logger.Log(t, "creating static-client deployments in client peer")
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/default")
if cfg.EnableTransparentProxy {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy")
} else {
k8s.DeployKustomize(t, staticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-peers/default")
}
// Check that both static-server and static-client have been injected and now have 2 containers.
podList, err := staticServerPeerClusterContext.KubernetesClient(t).CoreV1().Pods(metav1.NamespaceAll).List(context.Background(), metav1.ListOptions{
LabelSelector: "app=static-server",
Expand Down Expand Up @@ -203,7 +207,11 @@ func TestPeering_Connect(t *testing.T) {
k8s.KubectlDeleteK(t, staticServerPeerClusterContext.KubectlOptions(t), "../fixtures/cases/crd-peers/default")
})
logger.Log(t, "checking that connection is successful")
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.consul", staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}

denyAllIntention := &api.ServiceIntentionsConfigEntry{
Name: "*",
Expand All @@ -220,7 +228,11 @@ func TestPeering_Connect(t *testing.T) {
require.NoError(t, err)

logger.Log(t, "checking that the connection is not successful because there's no allow intention")
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.consul", staticServerPeer))
} else {
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
}

intention := &api.ServiceIntentionsConfigEntry{
Name: staticServerName,
Expand All @@ -239,7 +251,11 @@ func TestPeering_Connect(t *testing.T) {
require.NoError(t, err)

logger.Log(t, "checking that connection is successful")
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.consul", staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
})
}
}

0 comments on commit 8160752

Please sign in to comment.