Skip to content

Commit

Permalink
OSSM-6403: Add basic tests for TPROXY interception mode (#710)
Browse files Browse the repository at this point in the history
* OSSM-6403: Add basic tests for TPROXY interception mode

Signed-off-by: Jacek Ewertowski <[email protected]>

* Fix typo

Signed-off-by: Jacek Ewertowski <[email protected]>

* Remove ID from tproxy test

Signed-off-by: Jacek Ewertowski <[email protected]>

---------

Signed-off-by: Jacek Ewertowski <[email protected]>
  • Loading branch information
jewertow authored Jul 15, 2024
1 parent 1da55ef commit a98034b
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 0 deletions.
14 changes: 14 additions & 0 deletions pkg/app/httpbin.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ type httpbin struct {
injectSidecar bool
deploymentName string
versionLabel string
tproxy bool
}

var _ App = &httpbin{}
Expand Down Expand Up @@ -50,6 +51,16 @@ func HttpbinV2(ns string) App {
}
}

func HttpbinTproxy(ns string) App {
return &httpbin{
ns: ns,
injectSidecar: true,
deploymentName: "httpbin",
versionLabel: "v1",
tproxy: true,
}
}

func (a *httpbin) Name() string {
return a.deploymentName
}
Expand Down Expand Up @@ -116,6 +127,9 @@ spec:
metadata:
annotations:
sidecar.istio.io/inject: "{{ .InjectSidecar }}"
{{ if .Tproxy }}
sidecar.istio.io/interceptionMode: TPROXY
{{ end }}
labels:
app: httpbin
version: {{ .Version }}
Expand Down
8 changes: 8 additions & 0 deletions pkg/app/sleep.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
type sleep struct {
ns string
injectSidecar bool
tproxy bool
}

var _ App = &sleep{}
Expand All @@ -26,6 +27,10 @@ func SleepNoSidecar(ns string) App {
return &sleep{ns: ns, injectSidecar: false}
}

func SleepTroxy(ns string) App {
return &sleep{ns: ns, injectSidecar: true, tproxy: true}
}

func (a *sleep) Name() string {
return "sleep"
}
Expand Down Expand Up @@ -163,6 +168,9 @@ spec:
metadata:
annotations:
sidecar.istio.io/inject: "{{ .InjectSidecar }}"
{{ if .Tproxy }}
sidecar.istio.io/interceptionMode: TPROXY
{{ end }}
labels:
app: sleep
spec:
Expand Down
54 changes: 54 additions & 0 deletions pkg/tests/tasks/traffic/tproxy_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
package traffic

import (
"fmt"
"net/http"
"testing"

"github.com/maistra/maistra-test-tool/pkg/app"
"github.com/maistra/maistra-test-tool/pkg/tests/ossm"
"github.com/maistra/maistra-test-tool/pkg/util/check/assert"
"github.com/maistra/maistra-test-tool/pkg/util/curl"
"github.com/maistra/maistra-test-tool/pkg/util/env"
"github.com/maistra/maistra-test-tool/pkg/util/istio"
"github.com/maistra/maistra-test-tool/pkg/util/ns"
"github.com/maistra/maistra-test-tool/pkg/util/oc"
"github.com/maistra/maistra-test-tool/pkg/util/retry"
"github.com/maistra/maistra-test-tool/pkg/util/shell"
. "github.com/maistra/maistra-test-tool/pkg/util/test"
"github.com/maistra/maistra-test-tool/pkg/util/version"
)

func TestTproxy(t *testing.T) {
NewTest(t).Groups(Full, InterOp, ARM).Run(func(t TestHelper) {
if env.GetSMCPVersion().LessThan(version.SMCP_2_5) {
t.Skip("TPROXY is only supported in 2.5.3 and newer versions")
}

t.Cleanup(func() {
oc.RecreateNamespace(t, ns.Foo)
})

ossm.DeployControlPlane(t)

t.LogStep("Add privileged SCC to the app namespace")
shell.Executef(t, "oc adm policy add-scc-to-group privileged system:serviceaccounts:%s", ns.Foo)

t.LogStep("Install httpbin and sleep in tproxy mode")
app.InstallAndWaitReady(t, app.HttpbinTproxy(ns.Foo), app.SleepTroxy(ns.Foo))

t.NewSubTest("HTTP request from ingress gateway to httpbin in tproxy mode").Run(func(t TestHelper) {
oc.ApplyFile(t, ns.Foo, "https://raw.githubusercontent.com/maistra/istio/maistra-2.6/samples/httpbin/httpbin-gateway.yaml")
httpbinURL := fmt.Sprintf("http://%s/headers", istio.GetIngressGatewayHost(t, meshNamespace))
retry.UntilSuccess(t, func(t TestHelper) {
curl.Request(t, httpbinURL, nil, assert.ResponseStatus(http.StatusOK))
})
})

t.NewSubTest("HTTP request from tproxy sleep to tproxy httpbin").Run(func(t TestHelper) {
app.ExecInSleepPod(t, ns.Foo,
"curl http://httpbin.foo:8000/headers -s -o /dev/null -w %{http_code}",
assert.OutputContains("200", "Request succeeded", "Unexpected response"))
})
})
}

0 comments on commit a98034b

Please sign in to comment.