demo: disable egress by default

.env.example

@@ -78,9 +78,13 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
 # Default: 404 (200 with permissive traffic policy mode)
 # export BOOKTHIEF_EXPECTED_RESPONSE_CODE=404
 
+# optional: ENABLE_EGRESS (true/false)
+# Default: false
+# export ENABLE_EGRESS=true
+
 # optional: Expected response code for HTTP egress. HTTPS egress will return 0 when egress is disabled.
-# Default: 200 (404 when egress is disabled)
-# export EGRESS_EXPECTED_RESPONSE_CODE=404
+# Default: 404 (200 when egress is disabled)
+# export EGRESS_EXPECTED_RESPONSE_CODE=200
 
 # optional: Maximum of iterations to test for expected return codes. 0 means unlimited.
 # export CI_MAX_ITERATIONS_THRESHOLD=0

.github/workflows/main.yml

@@ -170,13 +170,14 @@ jobs:
           CERT_MANAGER: "tresor"
           BOOKSTORE_SVC: "bookstore"
           BOOKTHIEF_EXPECTED_RESPONSE_CODE: "404"
+          ENABLE_EGRESS: "false"
           EGRESS_EXPECTED_RESPONSE_CODE: "404" # egress is disabled
           CI_WAIT_FOR_OK_SECONDS: 75
           DEPLOY_TRAFFIC_SPLIT: "true"
         run: |
           touch .env
           make kind-up
-          ./demo/run-osm-demo.sh --enable-egress=false
+          ./demo/run-osm-demo.sh
           go run ./ci/cmd/maestro.go
 
   integration-vault:
@@ -217,6 +218,7 @@ jobs:
           VAULT_ROLE: "openservicemesh"
           BOOKSTORE_SVC: "bookstore-v1"
           BOOKTHIEF_EXPECTED_RESPONSE_CODE: "200"
+          ENABLE_EGRESS: "true"
           EGRESS_EXPECTED_RESPONSE_CODE: "200" # egress is enabled
           DEPLOY_TRAFFIC_SPLIT: "true"
         run: |
@@ -258,11 +260,12 @@ jobs:
           CERT_MANAGER: "tresor"
           BOOKSTORE_SVC: "bookstore-v1"
           BOOKTHIEF_EXPECTED_RESPONSE_CODE: "404"
+          ENABLE_EGRESS: "false"
           EGRESS_EXPECTED_RESPONSE_CODE: "404" # egress is disabled
           CI_WAIT_FOR_OK_SECONDS: 75
           DEPLOY_TRAFFIC_SPLIT: "false"
         run: |
           touch .env
           make kind-up
-          ./demo/run-osm-demo.sh --enable-egress=false
+          ./demo/run-osm-demo.sh
           go run ./ci/cmd/maestro.go

demo/cmd/common/books.go

@@ -35,6 +35,7 @@ var (
 	bookstoreNamespace                     = os.Getenv(BookstoreNamespaceEnvVar)
 	warehouseServiceName                   = "bookwarehouse"
 	bookwarehouseNamespace                 = os.Getenv(BookwarehouseNamespaceEnvVar)
+	enableEgress                           = os.Getenv(EnableEgressEnvVar) == "true"
 
 	bookstoreService = fmt.Sprintf("%s.%s:%d", bookstoreServiceName, bookstoreNamespace, bookstorePort) // FQDN
 	warehouseService = fmt.Sprintf("%s.%s", warehouseServiceName, bookwarehouseNamespace)               // FQDN
@@ -102,10 +103,13 @@ func GetBooks(participantName string, meshExpectedResponseCode int, egressExpect
 
 	// The URLs this participant will attempt to query from the bookstore service
 	urlSuccessMap := map[string]bool{
-		booksBought:    false,
-		buyBook:        false,
-		httpEgressURL:  false,
-		httpsEgressURL: false,
+		booksBought: false,
+		buyBook:     false,
+	}
+
+	if enableEgress {
+		urlSuccessMap[httpEgressURL] = false
+		urlSuccessMap[httpsEgressURL] = false
 	}
 
 	urlExpectedRespCode := map[string]int{

demo/cmd/common/const.go

@@ -42,4 +42,7 @@ const (
 
 	// EgressExpectedResponseCodeEnvVar is the environment variable for the expected response code for egress HTTP requests
 	EgressExpectedResponseCodeEnvVar = "EGRESS_EXPECTED_RESPONSE_CODE"
+
+	// EnableEgressEnvVar is the envorinment variable to enable egress requests in the demo
+	EnableEgressEnvVar = "ENABLE_EGRESS"
 )

demo/deploy-bookbuyer.sh

@@ -7,7 +7,8 @@ source .env
 BOOKSTORE_SVC="${BOOKSTORE_SVC:-bookstore}"
 CI_MAX_ITERATIONS_THRESHOLD="${CI_MAX_ITERATIONS_THRESHOLD:-0}"
 CI_CLIENT_CONCURRENT_CONNECTIONS="${CI_CLIENT_CONCURRENT_CONNECTIONS:-1}"
-EGRESS_EXPECTED_RESPONSE_CODE="${EGRESS_EXPECTED_RESPONSE_CODE:-200}"
+ENABLE_EGRESS="${ENABLE_EGRESS:-false}"
+EGRESS_EXPECTED_RESPONSE_CODE="${EGRESS_EXPECTED_RESPONSE_CODE:-404}"
 
 kubectl delete deployment bookbuyer -n "$BOOKBUYER_NAMESPACE"  --ignore-not-found
 
@@ -73,6 +74,8 @@ spec:
               value: "$BOOKSTORE_SVC"
             - name: "CI_MAX_ITERATIONS_THRESHOLD"
               value: "$CI_MAX_ITERATIONS_THRESHOLD"
+            - name: "ENABLE_EGRESS"
+              value: "$ENABLE_EGRESS"
             - name: "EGRESS_EXPECTED_RESPONSE_CODE"
               value: "$EGRESS_EXPECTED_RESPONSE_CODE"
             - name: "CI_CLIENT_CONCURRENT_CONNECTIONS"

demo/deploy-bookthief.sh

@@ -9,7 +9,8 @@ BOOKSTORE_SVC="${BOOKSTORE_SVC:-bookstore}"
 BOOKTHIEF_EXPECTED_RESPONSE_CODE="${BOOKTHIEF_EXPECTED_RESPONSE_CODE:-404}"
 CI_MAX_ITERATIONS_THRESHOLD="${CI_MAX_ITERATIONS_THRESHOLD:-0}"
 CI_CLIENT_CONCURRENT_CONNECTIONS="${CI_CLIENT_CONCURRENT_CONNECTIONS:-1}"
-EGRESS_EXPECTED_RESPONSE_CODE="${EGRESS_EXPECTED_RESPONSE_CODE:-200}"
+ENABLE_EGRESS="${ENABLE_EGRESS:-false}"
+EGRESS_EXPECTED_RESPONSE_CODE="${EGRESS_EXPECTED_RESPONSE_CODE:-404}"
 
 kubectl delete deployment bookthief -n "$BOOKTHIEF_NAMESPACE"  --ignore-not-found
 
@@ -75,6 +76,8 @@ spec:
               value: "$BOOKTHIEF_EXPECTED_RESPONSE_CODE"
             - name: "CI_MAX_ITERATIONS_THRESHOLD"
               value: "$CI_MAX_ITERATIONS_THRESHOLD"
+            - name: "ENABLE_EGRESS"
+              value: "$ENABLE_EGRESS"
             - name: "EGRESS_EXPECTED_RESPONSE_CODE"
               value: "$EGRESS_EXPECTED_RESPONSE_CODE"
 

demo/run-osm-demo.sh

@@ -26,6 +26,7 @@ CTR_REGISTRY="${CTR_REGISTRY:-localhost:5000}"
 CTR_REGISTRY_CREDS_NAME="${CTR_REGISTRY_CREDS_NAME:-acr-creds}"
 CTR_TAG="${CTR_TAG:-latest}"
 DEPLOY_TRAFFIC_SPLIT="${DEPLOY_TRAFFIC_SPLIT:-true}"
+ENABLE_EGRESS="${ENABLE_EGRESS:-false}"
 MESH_CIDR=$(./scripts/get_mesh_cidr.sh)
 
 # For any additional installation arguments. Used heavily in CI.
@@ -102,7 +103,7 @@ if [ "$CERT_MANAGER" = "vault" ]; then
       --container-registry-secret "$CTR_REGISTRY_CREDS_NAME" \
       --osm-image-tag "$CTR_TAG" \
       --enable-debug-server \
-      --enable-egress \
+      --enable-egress="$ENABLE_EGRESS" \
       --mesh-cidr "$MESH_CIDR" \
       --deploy-zipkin \
       $optionalInstallArgs
@@ -115,7 +116,7 @@ else
       --container-registry-secret "$CTR_REGISTRY_CREDS_NAME" \
       --osm-image-tag "$CTR_TAG" \
       --enable-debug-server \
-      --enable-egress \
+      --enable-egress="$ENABLE_EGRESS" \
       --mesh-cidr "$MESH_CIDR" \
       --deploy-zipkin \
       $optionalInstallArgs