Skip to content

Commit

Permalink
Update acceptance test to support peering t-proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
thisisnotashwin committed Jul 22, 2022
1 parent ec1c405 commit 3d30d45
Show file tree
Hide file tree
Showing 7 changed files with 28 additions and 19 deletions.
8 changes: 4 additions & 4 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -651,7 +651,7 @@ jobs:
- run: mkdir -p $TEST_RESULTS

- run-acceptance-tests:
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig" -enable-pod-security-policies
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig" -enable-pod-security-policies -enable-transparent-proxy

- store_test_results:
path: /tmp/test-results
Expand Down Expand Up @@ -706,7 +706,7 @@ jobs:
- run: mkdir -p $TEST_RESULTS

- run-acceptance-tests:
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig" -disable-peering
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig" -disable-peering -enable-transparent-proxy

- store_test_results:
path: /tmp/test-results
Expand Down Expand Up @@ -767,7 +767,7 @@ jobs:
- run: mkdir -p $TEST_RESULTS

- run-acceptance-tests:
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig"
additional-flags: -kubeconfig="$primary_kubeconfig" -secondary-kubeconfig="$secondary_kubeconfig" -enable-transparent-proxy

- store_test_results:
path: /tmp/test-results
Expand Down Expand Up @@ -862,7 +862,7 @@ jobs:
- ~/.go_workspace/pkg/mod
- run: mkdir -p $TEST_RESULTS
- run-acceptance-tests:
additional-flags: -use-kind -kubecontext="kind-dc1" -secondary-kubecontext="kind-dc2"
additional-flags: -use-kind -kubecontext="kind-dc1" -secondary-kubecontext="kind-dc2" -enable-transparent-proxy
- store_test_results:
path: /tmp/test-results
- store_artifacts:
Expand Down
15 changes: 7 additions & 8 deletions acceptance/tests/peering/peering_connect_namespaces_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,6 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
t.Skipf("skipping this test because -enable-enterprise is not set")
}

if cfg.EnableTransparentProxy {
t.Skipf("skipping this test because Transparent Proxy is enabled")
}

ver, err := version.NewVersion("1.13.0")
require.NoError(t, err)
if cfg.ConsulVersion != nil && cfg.ConsulVersion.LessThan(ver) {
Expand Down Expand Up @@ -80,7 +76,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
"global.peering.enabled": "true",
"global.enableConsulNamespaces": "true",

"global.image": "hashicorp/consul-enterprise:1.13.0-alpha2-ent",
"global.image": "thisisnotashwin/consul@sha256:446aad6e02f66e3027756dfc0d34e8e6e2b11ac6ec5637b134b34644ca7cda64",

"global.tls.enabled": "false",
"global.tls.httpsOnly": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
Expand All @@ -98,6 +94,9 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
"meshGateway.replicas": "1",

"controller.enabled": "true",

"dns.enabled": "true",
"dns.enableRedirection": strconv.FormatBool(cfg.EnableTransparentProxy),
}

staticServerPeerHelmValues := map[string]string{
Expand Down Expand Up @@ -261,7 +260,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that connection is successful")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand All @@ -284,7 +283,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that the connection is not successful because there's no allow intention")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand Down Expand Up @@ -316,7 +315,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that connection is successful")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand Down
9 changes: 4 additions & 5 deletions acceptance/tests/peering/peering_connect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,6 @@ func TestPeering_Connect(t *testing.T) {
env := suite.Environment()
cfg := suite.Config()

if cfg.EnableTransparentProxy {
t.Skipf("skipping this test because Transparent Proxy is enabled")
}

ver, err := version.NewVersion("1.13.0")
require.NoError(t, err)
if cfg.ConsulVersion != nil && cfg.ConsulVersion.LessThan(ver) {
Expand All @@ -53,7 +49,7 @@ func TestPeering_Connect(t *testing.T) {
commonHelmValues := map[string]string{
"global.peering.enabled": "true",

"global.image": "hashicorp/consul:1.13.0-alpha2",
"global.image": "thisisnotashwin/consul@sha256:446aad6e02f66e3027756dfc0d34e8e6e2b11ac6ec5637b134b34644ca7cda64",

"global.tls.enabled": "false",
"global.tls.httpsOnly": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
Expand All @@ -67,6 +63,9 @@ func TestPeering_Connect(t *testing.T) {
"meshGateway.replicas": "1",

"controller.enabled": "true",

"dns.enabled": "true",
"dns.enableRedirection": strconv.FormatBool(cfg.EnableTransparentProxy),
}

staticServerPeerHelmValues := map[string]string{
Expand Down
2 changes: 2 additions & 0 deletions charts/consul/templates/server-podsecuritypolicy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
max: {{ .Values.server.ports.serflan.port }}
- min: 8302
max: 8302
- min: 8503
max: 8503
{{- end }}
hostIPC: false
hostPID: false
Expand Down
3 changes: 3 additions & 0 deletions charts/consul/templates/server-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ spec:
port: 8501
targetPort: 8501
{{- end }}
- name: grpc
port: 8503
targetPort: 8503
- name: serflan-tcp
protocol: "TCP"
port: 8301
Expand Down
6 changes: 6 additions & 0 deletions charts/consul/templates/server-statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ spec:
-config-dir=/consul/userconfig/{{ .name }} \
{{- end }}
{{- end }}
-hcl='ports { grpc = 8503 }' \
-config-file=/consul/extra-config/extra-from-values.json
volumeMounts:
- name: data-{{ .Release.Namespace | trunc 58 | trimSuffix "-" }}
Expand Down Expand Up @@ -334,6 +335,11 @@ spec:
- name: https
containerPort: 8501
{{- end }}
- containerPort: 8503
{{- if .Values.server.exposeGossipAndRPCPorts }}
hostPort: 8503
{{- end }}
name: grpc
- name: serflan-tcp
containerPort: {{ .Values.server.ports.serflan.port }}
{{- if .Values.server.exposeGossipAndRPCPorts }}
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/test/unit/server-podsecuritypolicy.bats
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ load _helpers
--set 'server.exposeGossipAndRPCPorts=true' \
. | tee /dev/stderr |
yq -c '.spec.hostPorts' | tee /dev/stderr)
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8301,"max":8301},{"min":8302,"max":8302}]' ]
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8301,"max":8301},{"min":8302,"max":8302},{"min":8503,"max":8503}]' ]
}

@test "server/PodSecurityPolicy: hostPort 8300, server.ports.serflan.port and 8302 allowed when exposeGossipAndRPCPorts=true" {
Expand All @@ -51,5 +51,5 @@ load _helpers
--set 'server.ports.serflan.port=8333' \
. | tee /dev/stderr |
yq -c '.spec.hostPorts' | tee /dev/stderr)
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8333,"max":8333},{"min":8302,"max":8302}]' ]
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8333,"max":8333},{"min":8302,"max":8302},{"min":8503,"max":8503}]' ]
}

0 comments on commit 3d30d45

Please sign in to comment.