Router check tool with two input json files

bazel/envoy_build_system.bzl

@@ -59,6 +59,7 @@ def envoy_cc_library(name,
 def envoy_cc_binary(name,
  srcs = [],
  data = [],
+ testonly = 0,
  visibility = None,
  deps = []):
  native.cc_binary(
@@ -70,6 +71,7 @@ def envoy_cc_binary(name,
  "-pthread",
  "-lrt",
  ],
+ testonly = testonly,
  linkstatic = 1,
  visibility = visibility,
  deps = deps + [

docs/configuration/configuration.rst

@@ -13,3 +13,4 @@ Configuration reference
  http_conn_man/http_conn_man
  http_filters/http_filters
  cluster_manager/cluster_manager
+ tools/router_check

docs/configuration/tools/router_check.rst

@@ -0,0 +1,109 @@
+.. _config_tools_router_check_tool:
+
+Route table check tool
+======================
+
+**NOTE: The following configuration is for the router table check tool only and is not part of the Envoy binary.
+The route table check tool is used for testing purposes only.**
+
+Input for the route table check tool. The route table check tool checks if the route returned
+by a router matches what is expected. The tool can be used to check cluster name, virtual cluster name,
+virtual host name, path rewrite, host rewrite, and path redirect matches. Extensions for other
+test cases can be added. The "check" field specifies the expected values in each test case. At least one test
+case is required. In addition, the authority and path fields specify the url sent to the router
+and are also required. A simple configuration has one test case and is writen as follows. The test
+expects a cluster name match of "instant-server".::
+
+ [
+ {
+ "authority":"api.lyft.com",
+ "path": "/api/locations",
+ "check": {"cluster_name": "instant-server"}
+ }
+ ]
+
+.. code-block:: json
+
+ [
+ {
+ "authority": "...",
+ "path": "...",
+ "additional_headers": [
+ {
+ "name": "...",
+ "value": "..."
+ },
+ {
+ "..."
+ }
+ ],
+ "method": "...",
+ "random_value" : "...",
+ "ssl" : "...",
+ "internal" : "...",
+ "check": {
+ "cluster_name": "...",
+ "virtual_cluster_name": "...",
+ "virtual_host_name": "...",
+ "path_rewrite": "...",
+ "host_rewrite": "...",
+ "path_redirect": "..."
+ }
+ },
+ {
+ "..."
+ }
+ ]
+
+authority
+ *(required, string)* The url authority. This value along with the path parameter define
+ the url to be matched. An example authority value is "api.lyft.com".
+
+path
+ *(required, string)* The url path. An example path value is "/foo".
+
+additional_headers
+ *(optional, array)* Additional headers to be added as input for route determination. The :authority,
+ :path, :method, x-forwarded-proto, and x-envoy-internal fields are specified by the other config
+ options and should not be set here.
+
+method
+ *(optional, string)* The request method. If not specified, the default method is GET. The options
+ are GET, PUT, or POST.
+
+random_value
+ *(optional, integer)* An integer used to supply the random seed to use if a runtime choice is
+ required. The default value of random_value is 0.
+
+ssl
+ *(optional, boolean)* A flag that determines whether to set x-forwarded-proto to https or http.
+ By setting x-forwarded-proto to a given protocol, the tool is able to simulate the behavior of
+ a client issuing a request via http or https. By default ssl is false which corresponds to
+ x-forwarded-proto set to http.
+
+internal
+ *(optional, boolean)* A flag that determines whether to set x-envoy-internal to "true".
+ If not specified, or if internal is equal to false, x-envoy-internal is not set.
+
+check
+ *(required, object)* The check object specifies the returned router parameters to match. At least one
+ test parameter must be specificed. Use "none" to indicate that no return value is expected. For example,
+ to test that no cluster match is expected use {"cluster_name": "none"}.
+
+ cluster_name
+ *(optional, string)* Match the cluster name.
+
+ virutal_cluster_name
+ *(optional, string)* Match the virtual cluster name.
+
+ virtual_host_name
+ *(optional, string)* Match the virtual host name.
+
+ path_rewrite
+ *(optional, string)* Match the path header field after rewrite.
+
+ host_rewrite
+ *(optional, string)* Match the host header field after rewrite.
+
+ path_redirect
+ *(optional, string)* Match the returned redirect path.

docs/install/install.rst

@@ -11,3 +11,4 @@ Building and installation
  installation
  ref_configs
  sandboxes
+ tools

docs/install/tools.rst

@@ -0,0 +1,58 @@
+.. _install_tools:
+
+Router Table Check Tool
+=======================
+
+The router check tool checks whether the route parameters returned by a router match what is expected.
+The tool can also be used to check whether a path redirect, path rewrite, or host rewrite
+match what is expected.
+
+Input
+ The tool expects two input JSON files:
+
+ 1. A router config JSON file. The router config JSON file schema is found :ref:`here <config_http_conn_man_route_table>`.
+
+ 2. A tool config JSON file. The tool config JSON file schema is found :ref:`here <config_tools_router_check_tool>`.
+ The tool config input file specifies urls (composed of authorities and paths)
+ and expected route parameter values. Additonal parameters such as additonal headers are optional.
+
+Output
+ The program exits with status EXIT_FAILURE if any test case does not match the expected route parameter
+ value.
+
+ The ``--details`` option prints out details for each test case. The first field indicates
+ a P for a correct match and a F for a failed match. The second field is the expected route parameter value.
+ The third field is the actual route parameter value. The fourth field indicates the parameter that is
+ compared. For example: ::
+
+ P instant-server instant-server cluster_name
+ F default other virtual_host_name
+ P api.lyft.com api.lyft.com host_rewrite
+ P https://redirect.lyft.com/new_bar https://redirect.lyft.com/new_bar path_redirect
+ F locations ats cluster_name
+ P locations locations cluster_name
+
+ Testing with valid :ref:`runtime values <config_http_conn_man_route_table_route>` is not currently supported but can be added.
+
+Building
+ The tool can be built locally using Bazel. ::
+
+ bazel build //test/tools/router_check:router_check_tool
+
+Running
+ The tool takes two input json files and an optional command line parameter ``--details``. The
+ expected order of command line arguements is:
+ 1. The router configuration json file.
+ 2. The tool configuration json file.
+ 3. The optional details flag. ::
+
+ bazel-bin/test/tools/router_check/router_check_tool router_config.json tool_config.json
+
+ bazel-bin/test/tools/router_check/router_check_tool router_config.json tool_config.json --details
+
+Testing
+ A bash shell script test can be run with bazel. The test compares routes using different router and
+ tool configuration json files. The configuration json files can be found in
+ test/tools/router_check/test/config/... . ::
+
+ bazel test //test/tools/router_check/...

source/common/router/config_impl.cc

@@ -494,10 +494,13 @@ RouteMatcher::RouteMatcher(const Json::Object& json_config, const ConfigImpl& gl
 RouteConstSharedPtr VirtualHostImpl::getRouteFromEntries(const Http::HeaderMap& headers,
  uint64_t random_value) const {
  // First check for ssl redirect.
- if (ssl_requirements_ == SslRequirements::ALL && headers.ForwardedProto()->value() != "https") {
+ if (ssl_requirements_ == SslRequirements::ALL && headers.ForwardedProto() != nullptr &&
+ headers.ForwardedProto()->value() != "https") {
+
  return SSL_REDIRECT_ROUTE;
  } else if (ssl_requirements_ == SslRequirements::EXTERNAL_ONLY &&
- headers.ForwardedProto()->value() != "https" && !headers.EnvoyInternalRequest()) {
+ headers.ForwardedProto() != nullptr && headers.ForwardedProto()->value() != "https" &&
+ !headers.EnvoyInternalRequest()) {
  return SSL_REDIRECT_ROUTE;
  }
 

source/common/router/config_impl.h

@@ -408,6 +408,8 @@ class ConfigImpl : public Config {
  std::list<std::pair<Http::LowerCaseString, std::string>> request_headers_to_add_;
 };
 
+typedef std::unique_ptr<ConfigImpl> ConfigImplPtr;
+
 /**
  * Implementation of Config that is empty.
  */

test/tools/router_check/BUILD

@@ -0,0 +1,34 @@
+package(default_visibility = ["//visibility:public"])
+
+load("//bazel:envoy_build_system.bzl", "envoy_cc_binary", "envoy_cc_test_library")
+
+envoy_cc_binary(
+ name = "router_check_tool",
+ testonly = 1,
+ deps = [":router_check_main_lib"],
+)
+
+envoy_cc_test_library(
+ name = "router_check_main_lib",
+ srcs = ["router_check.cc"],
+ deps = [
+ ":router_tool_lib",
+ ],
+)
+
+envoy_cc_test_library(
+ name = "router_tool_lib",
+ srcs = ["router.cc"],
+ hdrs = ["router.h"],
+ deps = [
+ "//source/common/http:header_map_lib",
+ "//source/common/http:headers_lib",
+ "//source/common/json:json_loader_lib",
+ "//source/common/router:config_lib",
+ "//test/mocks/runtime:runtime_mocks",
+ "//test/mocks/upstream:upstream_mocks",
+ "//test/test_common:printers_lib",
+ "//test/test_common:utility_lib",
+ "//test/tools/router_check/json:tool_config_schemas_lib",
+ ],
+)

test/tools/router_check/json/BUILD

@@ -0,0 +1,9 @@
+package(default_visibility = ["//visibility:public"])
+
+load("//bazel:envoy_build_system.bzl", "envoy_cc_library")
+
+envoy_cc_library(
+ name = "tool_config_schemas_lib",
+ srcs = ["tool_config_schemas.cc"],
+ hdrs = ["tool_config_schemas.h"],
+)

test/tools/router_check/json/tool_config_schemas.cc

@@ -0,0 +1,52 @@
+#include "test/tools/router_check/json/tool_config_schemas.h"
+
+const std::string& Json::ToolSchema::routerCheckSchema() {
+ static const std::string* router_check_schema = new std::string(R"EOF(
+ {
+ "$schema": "http://json-schema.org/schema#",
+ "type": "array",
+ "minItems": 1,
+ "items": {
+ "type": "object",
+ "properties": {
+ "authority": {"type": "string"},
+ "path": {"type": "string"},
+ "additional_headers": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {"type": "string"},
+ "value": {"type": "string"}
+ },
+ "additionalProperties": false,
+ "required": ["name", "value"],
+ "maxProperties": 2
+ }
+ },
+ "method": {"type": "string", "enum": ["GET", "PUT", "POST"]},
+ "random_value": {"type": "integer"},
+ "ssl": {"type": "boolean"},
+ "internal": {"type": "boolean"},
+ "check": {
+ "type": "object",
+ "properties": {
+ "cluster_name": {"type": "string"},
+ "virtual_cluster_name": {"type": "string"},
+ "virtual_host_name": {"type": "string"},
+ "path_rewrite": {"type": "string"},
+ "host_rewrite": {"type": "string"},
+ "path_redirect": {"type": "string"}
+ },
+ "minProperties": 1,
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false,
+ "required": ["authority", "path", "check"]
+ }
+ }
+ )EOF");
+
+ return *router_check_schema;
+}

test/tools/router_check/json/tool_config_schemas.h

@@ -0,0 +1,15 @@
+#pragma once
+
+namespace Json {
+
+class ToolSchema {
+
+public:
+ /**
+ * Obtain the router check json schema
+ * @return const std::string& of the schema string
+ */
+ static const std::string& routerCheckSchema();
+};
+
+} // Json