Skip to content

Commit

Permalink
Update acceptance test to support peering t-proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
thisisnotashwin committed Jul 21, 2022
1 parent 8160752 commit d9b6b18
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 15 deletions.
17 changes: 9 additions & 8 deletions acceptance/tests/peering/peering_connect_namespaces_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,6 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
t.Skipf("skipping this test because -enable-enterprise is not set")
}

if cfg.EnableTransparentProxy {
t.Skipf("skipping this test because Transparent Proxy is enabled")
}

ver, err := version.NewVersion("1.13.0")
require.NoError(t, err)
if cfg.ConsulVersion != nil && cfg.ConsulVersion.LessThan(ver) {
Expand Down Expand Up @@ -80,7 +76,9 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
"global.peering.enabled": "true",
"global.enableConsulNamespaces": "true",

"global.image": "hashicorp/consul-enterprise:1.13.0-alpha2-ent",
// "global.image": "hashicorp/consul-enterprise:1.13.0-alpha2-ent",
"global.image": "thisisnotashwin/consul@sha256:0733380a1a177d269c53fff62464e3a4840ea0c3ca24c6164282f8a822ec8825",
"global.imageK8S": "thisisnotashwin/consul-k8s@sha256:6fe1ec532876073813c824f27b2c972c03a41376e0729a502f6f3302dc352379",

"global.tls.enabled": "false",
"global.tls.httpsOnly": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
Expand All @@ -98,6 +96,9 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
"meshGateway.replicas": "1",

"controller.enabled": "true",

"dns.enabled": "true",
"dns.enableRedirection": strconv.FormatBool(cfg.EnableTransparentProxy),
}

staticServerPeerHelmValues := map[string]string{
Expand Down Expand Up @@ -261,7 +262,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that connection is successful")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand All @@ -284,7 +285,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that the connection is not successful because there's no allow intention")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionMultipleFailureMessages(t, staticClientOpts, staticClientName, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, "", fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand Down Expand Up @@ -316,7 +317,7 @@ func TestPeering_ConnectNamespaces(t *testing.T) {

logger.Log(t, "checking that connection is successful")
if cfg.EnableTransparentProxy {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", staticServerNamespace, staticServerPeer))
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, fmt.Sprintf("http://static-server.virtual.%s.%s.consul", c.destinationNamespace, staticServerPeer))
} else {
k8s.CheckStaticServerConnectionSuccessful(t, staticClientOpts, staticClientName, "http://localhost:1234")
}
Expand Down
11 changes: 6 additions & 5 deletions acceptance/tests/peering/peering_connect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,6 @@ func TestPeering_Connect(t *testing.T) {
env := suite.Environment()
cfg := suite.Config()

if cfg.EnableTransparentProxy {
t.Skipf("skipping this test because Transparent Proxy is enabled")
}

ver, err := version.NewVersion("1.13.0")
require.NoError(t, err)
if cfg.ConsulVersion != nil && cfg.ConsulVersion.LessThan(ver) {
Expand All @@ -53,7 +49,9 @@ func TestPeering_Connect(t *testing.T) {
commonHelmValues := map[string]string{
"global.peering.enabled": "true",

"global.image": "hashicorp/consul:1.13.0-alpha2",
// "global.image": "hashicorp/consul:1.13.0-alpha2",
"global.image": "thisisnotashwin/consul@sha256:0733380a1a177d269c53fff62464e3a4840ea0c3ca24c6164282f8a822ec8825",
"global.imageK8S": "thisisnotashwin/consul-k8s@sha256:6fe1ec532876073813c824f27b2c972c03a41376e0729a502f6f3302dc352379",

"global.tls.enabled": "false",
"global.tls.httpsOnly": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
Expand All @@ -67,6 +65,9 @@ func TestPeering_Connect(t *testing.T) {
"meshGateway.replicas": "1",

"controller.enabled": "true",

"dns.enabled": "true",
"dns.enableRedirection": strconv.FormatBool(cfg.EnableTransparentProxy),
}

staticServerPeerHelmValues := map[string]string{
Expand Down
2 changes: 2 additions & 0 deletions charts/consul/templates/server-podsecuritypolicy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
max: {{ .Values.server.ports.serflan.port }}
- min: 8302
max: 8302
- min: 8503
max: 8503
{{- end }}
hostIPC: false
hostPID: false
Expand Down
3 changes: 3 additions & 0 deletions charts/consul/templates/server-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ spec:
port: 8501
targetPort: 8501
{{- end }}
- name: grpc
port: 8503
targetPort: 8503
- name: serflan-tcp
protocol: "TCP"
port: 8301
Expand Down
6 changes: 6 additions & 0 deletions charts/consul/templates/server-statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ spec:
-config-dir=/consul/userconfig/{{ .name }} \
{{- end }}
{{- end }}
-hcl='ports { grpc = 8503 }' \
-config-file=/consul/extra-config/extra-from-values.json
volumeMounts:
- name: data-{{ .Release.Namespace | trunc 58 | trimSuffix "-" }}
Expand Down Expand Up @@ -334,6 +335,11 @@ spec:
- name: https
containerPort: 8501
{{- end }}
- containerPort: 8503
{{- if .Values.server.exposeGossipAndRPCPorts }}
hostPort: 8503
{{- end }}
name: grpc
- name: serflan-tcp
containerPort: {{ .Values.server.ports.serflan.port }}
{{- if .Values.server.exposeGossipAndRPCPorts }}
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/test/unit/server-podsecuritypolicy.bats
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ load _helpers
--set 'server.exposeGossipAndRPCPorts=true' \
. | tee /dev/stderr |
yq -c '.spec.hostPorts' | tee /dev/stderr)
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8301,"max":8301},{"min":8302,"max":8302}]' ]
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8301,"max":8301},{"min":8302,"max":8302},{"min":8503,"max":8503}]' ]
}

@test "server/PodSecurityPolicy: hostPort 8300, server.ports.serflan.port and 8302 allowed when exposeGossipAndRPCPorts=true" {
Expand All @@ -51,5 +51,5 @@ load _helpers
--set 'server.ports.serflan.port=8333' \
. | tee /dev/stderr |
yq -c '.spec.hostPorts' | tee /dev/stderr)
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8333,"max":8333},{"min":8302,"max":8302}]' ]
[ "${actual}" = '[{"min":8300,"max":8300},{"min":8333,"max":8333},{"min":8302,"max":8302},{"min":8503,"max":8503}]' ]
}

0 comments on commit d9b6b18

Please sign in to comment.