From 2dd71c27bc50db9ec10c75c5cf35532b96ae1a14 Mon Sep 17 00:00:00 2001 From: Przemyslaw Piorkowski Date: Tue, 15 Dec 2020 10:09:37 +0100 Subject: [PATCH 1/4] generate_request_id and preserve_external_request_id config added --- .../allegro/tech/servicemesh/envoycontrol/groups/Groups.kt | 4 ++++ .../servicemesh/envoycontrol/groups/MetadataNodeGroup.kt | 6 ++++++ .../snapshot/resource/listeners/EnvoyListenersFactory.kt | 2 ++ 3 files changed, 12 insertions(+) diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/Groups.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/Groups.kt index bdccd822a..a1d69f96c 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/Groups.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/Groups.kt @@ -34,6 +34,8 @@ data class ListenersConfig( val egressHost: String, val egressPort: Int, val useRemoteAddress: Boolean = defaultUseRemoteAddress, + val generateRequestId: Boolean = defaultGenerateRequestId, + val preserveExternalRequestId: Boolean = defaultPreserveExternalRequestId, val accessLogEnabled: Boolean = defaultAccessLogEnabled, val enableLuaScript: Boolean = defaultEnableLuaScript, val accessLogPath: String = defaultAccessLogPath, @@ -46,6 +48,8 @@ data class ListenersConfig( companion object { const val defaultAccessLogPath = "/dev/stdout" const val defaultUseRemoteAddress = false + const val defaultGenerateRequestId = false + const val defaultPreserveExternalRequestId = false const val defaultAccessLogEnabled = false const val defaultEnableLuaScript = false const val defaultAddUpstreamExternalAddressHeader = false diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/MetadataNodeGroup.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/MetadataNodeGroup.kt index c3ec263b8..ea5216f6d 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/MetadataNodeGroup.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/groups/MetadataNodeGroup.kt @@ -101,6 +101,10 @@ class MetadataNodeGroup( val useRemoteAddress = metadata.fieldsMap["use_remote_address"]?.boolValue ?: ListenersConfig.defaultUseRemoteAddress + val generateRequestId = metadata.fieldsMap["generate_request_id"]?.boolValue + ?: ListenersConfig.defaultGenerateRequestId + val preserveExternalRequestId = metadata.fieldsMap["preserve_external_request_id"]?.boolValue + ?: ListenersConfig.defaultPreserveExternalRequestId val accessLogEnabled = metadata.fieldsMap["access_log_enabled"]?.boolValue ?: ListenersConfig.defaultAccessLogEnabled val enableLuaScript = metadata.fieldsMap["enable_lua_script"]?.boolValue @@ -120,6 +124,8 @@ class MetadataNodeGroup( listenersHostPort.egressHost, listenersHostPort.egressPort, useRemoteAddress, + generateRequestId, + preserveExternalRequestId, accessLogEnabled, enableLuaScript, accessLogPath, diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt index be669b9ae..309531208 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt @@ -296,6 +296,8 @@ class EnvoyListenersFactory( val connectionManagerBuilder = HttpConnectionManager.newBuilder() .setStatPrefix(statPrefix) .setUseRemoteAddress(boolValue(listenersConfig.useRemoteAddress)) + .setGenerateRequestId(boolValue(listenersConfig.generateRequestId)) + .setPreserveExternalRequestId(listenersConfig.preserveExternalRequestId) .setDelayedCloseTimeout(durationInSeconds(0)) .setCommonHttpProtocolOptions(httpProtocolOptions) .setCodecType(HttpConnectionManager.CodecType.AUTO) From fdec37dbcc3cda848bc3f5bffeefa2ebef8f855c Mon Sep 17 00:00:00 2001 From: Przemyslaw Piorkowski Date: Wed, 16 Dec 2020 17:40:31 +0100 Subject: [PATCH 2/4] new flags added to test configs --- envoy-control-tests/src/main/resources/envoy/config_ads.yaml | 2 ++ .../src/main/resources/envoy/config_ads_all_dependencies.yaml | 2 ++ .../envoy/config_ads_disabled_endpoint_permissions.yaml | 2 ++ .../src/main/resources/envoy/config_ads_no_dependencies.yaml | 2 ++ envoy-control-tests/src/main/resources/envoy/config_ads_v2.yaml | 2 ++ envoy-control-tests/src/main/resources/envoy/config_auth.yaml | 2 ++ envoy-control-tests/src/main/resources/envoy/config_xds.yaml | 2 ++ 7 files changed, 14 insertions(+) diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads.yaml index a2cc14ea1..26c4d0a95 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads.yaml @@ -26,6 +26,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false add_upstream_external_address_header: true resources_dir: "/etc/envoy/extra" diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml index 943fb5e92..b6a5788a6 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml @@ -25,6 +25,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false resources_dir: "/etc/envoy/extra" service_name: test-service diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml index 620f4c989..ddee4bdbc 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml @@ -25,6 +25,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false resources_dir: "/etc/envoy/extra" proxy_settings: diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml index 1e698af19..3f34c2520 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml @@ -25,6 +25,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false resources_dir: "/etc/envoy/extra" diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_v2.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_v2.yaml index f49c24bba..5ea7254ee 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_v2.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_v2.yaml @@ -23,6 +23,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false add_upstream_external_address_header: true resources_dir: "/etc/envoy/extra" diff --git a/envoy-control-tests/src/main/resources/envoy/config_auth.yaml b/envoy-control-tests/src/main/resources/envoy/config_auth.yaml index 03f88b2f5..b6c8c5ff8 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_auth.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_auth.yaml @@ -26,6 +26,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false add_upstream_external_address_header: true has_static_secrets_defined: true diff --git a/envoy-control-tests/src/main/resources/envoy/config_xds.yaml b/envoy-control-tests/src/main/resources/envoy/config_xds.yaml index a326ffa3a..1b8e116b9 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_xds.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_xds.yaml @@ -28,6 +28,8 @@ node: egress_host: "0.0.0.0" egress_port: 5000 use_remote_address: true + generate_request_id: true + preserve_external_request_id: true access_log_enabled: false add_upstream_external_address_header: true resources_dir: "/etc/envoy/extra" From 60f8c83abb69b6ae6690393978a6007b9253a46d Mon Sep 17 00:00:00 2001 From: Przemyslaw Piorkowski Date: Fri, 18 Dec 2020 08:14:16 +0100 Subject: [PATCH 3/4] tests added --- .../listeners/EnvoyListenersFactory.kt | 2 + .../servicemesh/envoycontrol/RequestIdTest.kt | 120 ++++++++++++++++++ .../assertions/HttpsEchoResponseAssertions.kt | 20 +++ .../config/service/HttpsEchoContainer.kt | 11 +- .../ClientNameTrustedHeaderTest.kt | 43 +++---- .../ssl/EnvoyHttpsDependencyTest.kt | 9 +- 6 files changed, 165 insertions(+), 40 deletions(-) create mode 100644 envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt create mode 100644 envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/assertions/HttpsEchoResponseAssertions.kt diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt index 309531208..c1933dd3f 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/EnvoyListenersFactory.kt @@ -218,6 +218,8 @@ class EnvoyListenersFactory( .setStatPrefix("egress_http") .setRds(egressRds(group.communicationMode, group.version)) .setHttpProtocolOptions(egressHttp1ProtocolOptions()) + .setPreserveExternalRequestId(listenersConfig.preserveExternalRequestId) + .setGenerateRequestId(boolValue(listenersConfig.generateRequestId)) addHttpFilters(connectionManagerBuilder, egressFilters, group, globalSnapshot) diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt new file mode 100644 index 000000000..84a4be6d3 --- /dev/null +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt @@ -0,0 +1,120 @@ +package pl.allegro.tech.servicemesh.envoycontrol + +import okhttp3.Headers +import org.assertj.core.api.Assertions +import org.assertj.core.api.Assertions.assertThat +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.extension.RegisterExtension +import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.MethodSource +import pl.allegro.tech.servicemesh.envoycontrol.assertions.isOk +import pl.allegro.tech.servicemesh.envoycontrol.assertions.untilAsserted +import pl.allegro.tech.servicemesh.envoycontrol.config.consul.ConsulExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.envoy.EnvoyExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControlExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.service.GenericServiceExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoContainer +import pl.allegro.tech.servicemesh.envoycontrol.config.service.asHttpsEchoResponse + +class RequestIdTest { + + companion object { + @JvmStatic + fun extraHeadersSource() = listOf( + emptyMap(), + mapOf("x-forwarded-for" to "123.321.231.111"), + mapOf("x-forwarded-for" to "111.111.222.222,123.123.231.231") + ) + + @JvmField + @RegisterExtension + val consul = ConsulExtension() + + @JvmField + @RegisterExtension + val envoyControl = EnvoyControlExtension(consul) + + @JvmField + @RegisterExtension + val localService = GenericServiceExtension(HttpsEchoContainer()) + + @JvmField + @RegisterExtension + val envoy = EnvoyExtension(envoyControl, localService) + + @JvmField + @RegisterExtension + val externalService = GenericServiceExtension(HttpsEchoContainer()) + } + + @BeforeEach + fun setup() { + consul.server.operations.registerService(externalService, name = "service-1") + } + + @ParameterizedTest + @MethodSource("extraHeadersSource") + fun `should propagate x-request-id on the egress port when it is available in request`(extraHeaders: Map) { + // given + val requestIdHeader = mapOf("x-request-id" to "egress-fake-request-id") + + untilAsserted { + // when + val response = envoy.egressOperations + .callService(service = "service-1", headers = requestIdHeader + extraHeaders) + .asHttpsEchoResponse() + + // then + assertThat(response).isOk() + assertThat(response.requestHeaders).containsEntry("x-request-id", "egress-fake-request-id") + } + } + + @ParameterizedTest + @MethodSource("extraHeadersSource") + fun `should generate x-request-id on the egress port when it is missing in request`(extraHeaders: Map) { + untilAsserted { + // when + val response = envoy.egressOperations + .callService(service = "service-1", headers = extraHeaders) + .asHttpsEchoResponse() + + // then + assertThat(response).isOk() + assertThat(response.requestHeaders).hasEntrySatisfying("x-request-id") { assertThat(it).isNotBlank() } + } + } + + @ParameterizedTest + @MethodSource("extraHeadersSource") + fun `should propagate x-request-id on the ingress port when it is available in request`(extraHeaders: Map) { + // given + val requestIdHeader = mapOf("x-request-id" to "ingress-fake-request-id") + + untilAsserted { + // when + val response = envoy.ingressOperations + .callLocalService(endpoint = "/", headers = Headers.of(requestIdHeader + extraHeaders)) + .asHttpsEchoResponse() + + // then + assertThat(response).isOk() + assertThat(response.requestHeaders).containsEntry("x-request-id", "ingress-fake-request-id") + } + } + + @ParameterizedTest + @MethodSource("extraHeadersSource") + fun `should generate x-request-id on the ingress port when it is missing in request`(extraHeaders: Map) { + untilAsserted { + // when + val response = envoy.ingressOperations + .callLocalService(endpoint = "/", headers = Headers.of(extraHeaders)) + .asHttpsEchoResponse() + + // then + assertThat(response).isOk() + assertThat(response.requestHeaders).hasEntrySatisfying("x-request-id") { assertThat(it).isNotBlank() } + } + } +} diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/assertions/HttpsEchoResponseAssertions.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/assertions/HttpsEchoResponseAssertions.kt new file mode 100644 index 000000000..adf1cc509 --- /dev/null +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/assertions/HttpsEchoResponseAssertions.kt @@ -0,0 +1,20 @@ +package pl.allegro.tech.servicemesh.envoycontrol.assertions + +import org.assertj.core.api.Assertions +import org.assertj.core.api.ObjectAssert +import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoContainer +import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoResponse + +fun ObjectAssert.isOk(): ObjectAssert { + matches { it.response.isSuccessful } + return this +} + +fun ObjectAssert.hasSNI(serverName: String): ObjectAssert = satisfies { + val actualServerName = HttpsEchoResponse.objectMapper.readTree(it.body).at("/connection/servername").textValue() + Assertions.assertThat(actualServerName).isEqualTo(serverName) +} + +fun ObjectAssert.isFrom(container: HttpsEchoContainer) = satisfies { + Assertions.assertThat(container.containerName()).isEqualTo(it.hostname) +} diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/service/HttpsEchoContainer.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/service/HttpsEchoContainer.kt index c559f6872..3fe9b2ac2 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/service/HttpsEchoContainer.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/service/HttpsEchoContainer.kt @@ -4,8 +4,6 @@ import com.fasterxml.jackson.databind.DeserializationFeature import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.convertValue import okhttp3.Response -import org.assertj.core.api.Assertions.assertThat -import org.assertj.core.api.ObjectAssert import pl.allegro.tech.servicemesh.envoycontrol.config.BaseEnvoyTest import pl.allegro.tech.servicemesh.envoycontrol.config.containers.SSLGenericContainer @@ -43,11 +41,4 @@ class HttpsEchoResponse(val response: Response) { val hostname by lazy { objectMapper.readTree(body).at("/os/hostname").textValue() } } -fun ObjectAssert.hasSNI(serverName: String): ObjectAssert = satisfies { - val actualServerName = HttpsEchoResponse.objectMapper.readTree(it.body).at("/connection/servername").textValue() - assertThat(actualServerName).isEqualTo(serverName) -} - -fun ObjectAssert.isFrom(container: HttpsEchoContainer) = satisfies { - assertThat(container.containerName()).isEqualTo(it.hostname) -} +fun Response.asHttpsEchoResponse() = HttpsEchoResponse(this) diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt index 720a5fbb0..4cf2c65df 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt @@ -16,7 +16,8 @@ import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControl import pl.allegro.tech.servicemesh.envoycontrol.config.service.GenericServiceExtension import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoContainer import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoResponse -import pl.allegro.tech.servicemesh.envoycontrol.config.service.isFrom +import pl.allegro.tech.servicemesh.envoycontrol.assertions.isFrom +import pl.allegro.tech.servicemesh.envoycontrol.config.service.asHttpsEchoResponse import java.time.Duration class ClientNameTrustedHeaderTest { @@ -115,66 +116,56 @@ class ClientNameTrustedHeaderTest { val response = envoy2.ingressOperations.callLocalService( "/endpoint", Headers.of(mapOf("x-client-name-trusted" to "fake-service")) - ) + ).asHttpsEchoResponse() // then assertThat(response).isOk() - HttpsEchoResponse(response).also { - assertThat(it).isFrom(service.container()) - assertThat(it.requestHeaders["x-client-name-trusted"]).isNull() - } + assertThat(response).isFrom(service.container()) + assertThat(response.requestHeaders).doesNotContainKey("x-client-name-trusted") } @Test fun `should add trusted client identity header to ingress request to local service`() { // when - val response = envoy2.egressOperations.callService("echo", emptyMap(), "/endpoint") + val response = envoy2.egressOperations.callService("echo", emptyMap(), "/endpoint").asHttpsEchoResponse() // then assertThat(response).isOk() - HttpsEchoResponse(response).also { - assertThat(it).isFrom(service.container()) - assertThat(it.requestHeaders["x-client-name-trusted"]).isEqualTo("echo2") - } + assertThat(response).isFrom(service.container()) + assertThat(response.requestHeaders).containsEntry("x-client-name-trusted", "echo2") } @Test fun `should override trusted client identity header in ingress request to local service`() { // when val headers = mapOf("x-client-name-trusted" to "fake-service") - val response = envoy2.egressOperations.callService("echo", headers, "/endpoint") + val response = envoy2.egressOperations.callService("echo", headers, "/endpoint").asHttpsEchoResponse() // then assertThat(response).isOk() - HttpsEchoResponse(response).also { - assertThat(it).isFrom(service.container()) - assertThat(it.requestHeaders["x-client-name-trusted"]).isEqualTo("echo2") - } + assertThat(response).isFrom(service.container()) + assertThat(response.requestHeaders).containsEntry("x-client-name-trusted", "echo2") } @Test fun `should set trusted client identity header based on all URIs in certificate SAN field`() { // when - val response = envoy4MultipleSANs.egressOperations.callService("echo", emptyMap(), "/endpoint") + val response = envoy4MultipleSANs.egressOperations.callService("echo", emptyMap(), "/endpoint").asHttpsEchoResponse() // then assertThat(response).isOk() - HttpsEchoResponse(response).also { - assertThat(it).isFrom(service.container()) - assertThat(it.requestHeaders["x-client-name-trusted"]).isEqualTo("echo4, echo4-special, echo4-admin") - } + assertThat(response).isFrom(service.container()) + assertThat(response.requestHeaders).containsEntry("x-client-name-trusted", "echo4, echo4-special, echo4-admin") } @Test fun `should not set trusted client identity header based on URIs in certificate SAN fields having invalid format`() { // when - val response = envoy5InvalidSANs.egressOperations.callService("echo", emptyMap(), "/endpoint") + val response = envoy5InvalidSANs.egressOperations.callService("echo", emptyMap(), "/endpoint").asHttpsEchoResponse() // then assertThat(response).isOk() - HttpsEchoResponse(response).also { - assertThat(it).isFrom(service.container()) - assertThat(it.requestHeaders["x-client-name-trusted"]).isNull() - } + assertThat(response).isFrom(service.container()) + assertThat(response.requestHeaders).doesNotContainKey("x-client-name-trusted") } } diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/ssl/EnvoyHttpsDependencyTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/ssl/EnvoyHttpsDependencyTest.kt index d3a3e7178..14325038e 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/ssl/EnvoyHttpsDependencyTest.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/ssl/EnvoyHttpsDependencyTest.kt @@ -7,8 +7,9 @@ import org.junit.jupiter.api.Test import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControlRunnerTestApp import pl.allegro.tech.servicemesh.envoycontrol.config.EnvoyControlTestConfiguration import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoContainer -import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoResponse -import pl.allegro.tech.servicemesh.envoycontrol.config.service.hasSNI +import pl.allegro.tech.servicemesh.envoycontrol.assertions.hasSNI +import pl.allegro.tech.servicemesh.envoycontrol.assertions.isOk +import pl.allegro.tech.servicemesh.envoycontrol.config.service.asHttpsEchoResponse class EnvoyCurrentVersionHttpsDependencyTest : EnvoyHttpsDependencyTest() { companion object { @@ -46,13 +47,13 @@ abstract class EnvoyHttpsDependencyTest : EnvoyControlTestConfiguration() { fun `should include SNI in request to upstream`() { // when val response = untilAsserted { - val response = callDomain("my.example.com") + val response = callDomain("my.example.com").asHttpsEchoResponse() assertThat(response).isOk() response } // then - assertThat(HttpsEchoResponse(response)).hasSNI("my.example.com") + assertThat(response).hasSNI("my.example.com") } } From 1e65a6c8e6cfb8a3e675cd33b587300551a9010e Mon Sep 17 00:00:00 2001 From: Przemyslaw Piorkowski Date: Fri, 18 Dec 2020 13:46:08 +0100 Subject: [PATCH 4/4] fix ktlint issues --- .../pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt | 1 - .../envoycontrol/permissions/ClientNameTrustedHeaderTest.kt | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt index 84a4be6d3..3c350be87 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/RequestIdTest.kt @@ -1,7 +1,6 @@ package pl.allegro.tech.servicemesh.envoycontrol import okhttp3.Headers -import org.assertj.core.api.Assertions import org.assertj.core.api.Assertions.assertThat import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.extension.RegisterExtension diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt index 4cf2c65df..769c95577 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/permissions/ClientNameTrustedHeaderTest.kt @@ -5,6 +5,7 @@ import org.assertj.core.api.Assertions.assertThat import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Test import org.junit.jupiter.api.extension.RegisterExtension +import pl.allegro.tech.servicemesh.envoycontrol.assertions.isFrom import pl.allegro.tech.servicemesh.envoycontrol.assertions.isOk import pl.allegro.tech.servicemesh.envoycontrol.assertions.untilAsserted import pl.allegro.tech.servicemesh.envoycontrol.config.Echo1EnvoyAuthConfig @@ -15,8 +16,6 @@ import pl.allegro.tech.servicemesh.envoycontrol.config.envoy.EnvoyExtension import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControlExtension import pl.allegro.tech.servicemesh.envoycontrol.config.service.GenericServiceExtension import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoContainer -import pl.allegro.tech.servicemesh.envoycontrol.config.service.HttpsEchoResponse -import pl.allegro.tech.servicemesh.envoycontrol.assertions.isFrom import pl.allegro.tech.servicemesh.envoycontrol.config.service.asHttpsEchoResponse import java.time.Duration