Add terminating gateway tests without ACL/TLS (hashicorp#571)

* adding terminating gw test without tls/acls Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
duckhan · Aug 26, 2020 · acb1bf7 · acb1bf7
1 parent 7d348f9
commit acb1bf7
Show file tree

Hide file tree

Showing 3 changed files with 138 additions and 0 deletions.
diff --git a/test/acceptance/tests/terminating-gateway/fixtures/static-client.yaml b/test/acceptance/tests/terminating-gateway/fixtures/static-client.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: static-client
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-client
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: static-client
+  template:
+    metadata:
+      name: static-client
+      labels:
+        app: static-client
+      annotations:
+        "consul.hashicorp.com/connect-inject": "true"
+        "consul.hashicorp.com/connect-service-upstreams": "example-http:1234"
+    spec:
+      containers:
+        # This name will be the service name in Consul.
+        - name: static-client
+          image: tutum/curl:latest
+          # Just spin & wait forever, we'll use  to demo
+          command: [ "/bin/sh", "-c", "--" ]
+          args: [ "while true; do sleep 30; done;" ]
+       # If ACLs are enabled, the serviceAccountName must match the Consul service name.
+      serviceAccountName: static-client
diff --git a/test/acceptance/tests/terminating-gateway/main_test.go b/test/acceptance/tests/terminating-gateway/main_test.go
@@ -0,0 +1,15 @@
+package connect
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/consul-helm/test/acceptance/framework"
+)
+
+var suite framework.Suite
+
+func TestMain(m *testing.M) {
+	suite = framework.NewSuite(m)
+	os.Exit(suite.Run())
+}
diff --git a/test/acceptance/tests/terminating-gateway/terminating_gateway_test.go b/test/acceptance/tests/terminating-gateway/terminating_gateway_test.go
@@ -0,0 +1,91 @@
+package connect
+
+import (
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/hashicorp/consul-helm/test/acceptance/framework"
+	"github.com/hashicorp/consul-helm/test/acceptance/helpers"
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+// Test that terminating gateways work in a default installation.
+func TestTerminatingGateway(t *testing.T) {
+	env := suite.Environment()
+	helmValues := map[string]string{
+		"connectInject.enabled":                    "true",
+		"terminatingGateways.enabled":              "true",
+		"terminatingGateways.gateways[0].name":     "terminating-gateway",
+		"terminatingGateways.gateways[0].replicas": "1",
+	}
+
+	t.Log("creating consul cluster")
+	releaseName := helpers.RandomName()
+	consulCluster := framework.NewHelmCluster(t, helmValues, env.DefaultContext(t), suite.Config(), releaseName)
+	consulCluster.Create(t)
+
+	// Once the cluster is up register the external service, then create the config entry.
+	consulClient := consulCluster.SetupConsulClient(t, false)
+
+	// Register the external service
+	t.Log("registering the external service")
+	_, err := consulClient.Catalog().Register(&api.CatalogRegistration{
+		Node: "legacy_node",
+		//ID:       "example-http",
+		Address:  "example.com",
+		NodeMeta: map[string]string{"external-node": "true", "external-probe": "true"},
+		Service: &api.AgentService{
+			ID:      "example-http",
+			Service: "example-http",
+			Port:    80,
+		},
+	}, &api.WriteOptions{})
+	require.NoError(t, err)
+
+	// Create the config entry for the terminating gateway
+	t.Log("creating config entry")
+	created, _, err := consulClient.ConfigEntries().Set(&api.TerminatingGatewayConfigEntry{
+		Kind:     api.TerminatingGateway,
+		Name:     "terminating-gateway",
+		Services: []api.LinkedService{{Name: "example-http"}},
+	}, nil)
+	require.NoError(t, err)
+	require.True(t, created, "config entry failed")
+
+	k8sClient := env.DefaultContext(t).KubernetesClient(t)
+	k8sOptions := env.DefaultContext(t).KubectlOptions()
+
+	// Deploy the static client
+	t.Log("deploying static client")
+	deployStaticClient(t, suite.Config(), env.DefaultContext(t).KubectlOptions())
+
+	// Test that we can make a call to the terminating gateway
+	t.Log("trying calls to terminating gateway")
+	checkConnection(t, k8sOptions, k8sClient)
+}
+
+// checkConnection checks if static-client can connect to the external service through the terminating gateway.
+func checkConnection(t *testing.T, options *k8s.KubectlOptions, client kubernetes.Interface) {
+	pods, err := client.CoreV1().Pods(options.Namespace).List(metav1.ListOptions{LabelSelector: "app=static-client"})
+	require.NoError(t, err)
+	require.Len(t, pods.Items, 1)
+	retry.Run(t, func(r *retry.R) {
+		output, err := helpers.RunKubectlAndGetOutputE(t, options, "exec", pods.Items[0].Name, "--",
+			"curl", "-vvvs", "-H", "Host: example.com", "http://localhost:1234/")
+		require.NoError(r, err)
+		require.Contains(r, output, "Example Domain")
+	})
+}
+
+func deployStaticClient(t *testing.T, cfg *framework.TestConfig, options *k8s.KubectlOptions) {
+	helpers.KubectlApply(t, options, "fixtures/static-client.yaml")
+
+	helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() {
+		helpers.KubectlDelete(t, options, "fixtures/static-client.yaml")
+	})
+	helpers.RunKubectl(t, options, "wait", "--for=condition=available", "deploy/static-client")
+}