Adding a test of TCP with TLS termination (test-only change)#1183
Adding a test of TCP with TLS termination (test-only change)#1183mattklein123 merged 9 commits intoenvoyproxy:masterfrom
Conversation
test/integration/utility.h
Outdated
| const std::string& data() { return data_; } | ||
|
|
||
| private: | ||
| Event::Dispatcher* dispatcher_; |
There was a problem hiding this comment.
Quick comment: In Envoy-style unless there is a null state a reference (const or non-const) is preferred to passing and storing a pointer which is a departure from the Google style guide. I think there a few spots like this line where a reference would be preferred.
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Looks great. Some of my comments below apply to the existing code you moved, so they are really a request to improve what was there before.
| Json::ObjectSharedPtr loader = TestEnvironment::jsonLoadFromString(target); | ||
| ContextConfigImpl cfg(*loader); | ||
| static auto* client_stats_store = new Stats::TestIsolatedStoreImpl(); | ||
| return context_manager.createSslClientContext(*client_stats_store, cfg); |
There was a problem hiding this comment.
If so, I will need to change this function to support TLS (non-mTLS) case as well. In terms of refactoring, I think it's better we have this PR focusing on it (and probably we can do it better here :) ).
|
|
||
| Network::Address::InstanceConstSharedPtr getSslAddress(Network::Address::IpVersion version, | ||
| int port) { | ||
| std::string url = |
There was a problem hiding this comment.
As a general preference, prefer const for any intermediate variable that is const.
test/integration/ssl_utility.cc
Outdated
| } | ||
| )EOF"; | ||
|
|
||
| std::string json_alpn_san = R"EOF( |
| #include "gtest/gtest.h" | ||
|
|
||
| namespace Envoy { | ||
|
|
There was a problem hiding this comment.
I have this longstanding wish to have all tests in the anonymous namespace, but that's just an observation, I don't even do this consistently today.
There was a problem hiding this comment.
FWIW I'm not a fan of this. It will make test much more verbose since all namespace references will need to be fully specified which is rarely the case when testing code within the same namespace. If there is a wish for this I would recommend opening up a separate discussion and not doing this in the current PR.
There was a problem hiding this comment.
I'm not suggesting we put it in the anonymous namespace at outer scope. I'm suggesting we add an additional anonymous namespace within the existing set of namespace scopes at inner scope. This doesn't imply additional verbosity, and is safer when we link into the single coverage binary.
There was a problem hiding this comment.
If we're going to bikeshed on this, I'd love to see
namespace Envoy {
namespace Test {
namespace {
where all the tests and tools are in the Envoy::Test namespace. That'd definitely be out of scope for this PR so I'll do at most the anonymous namespace here :-)
There was a problem hiding this comment.
OK. Either of this is fine with if you want to do the cleanup.
| EXPECT_EQ("world", tcp_client->data()); | ||
| } | ||
|
|
||
| TEST_P(TcpProxyIntegrationTest, TcpProxyDownstreamDisconnect) { |
There was a problem hiding this comment.
Can you add one liner comments above each TEST_P case to explain what's being checked?
|
@alyssawilk FYI TSAN is failing: https://travis-ci.org/lyft/envoy/jobs/248409059 |
|
Oy. It looks like my Stats::IsolatedStoreImpl are not so isolated as
they're supposed to be. Still trying to track down how* - given I'm out
tomorrow I'll ping back once I've sorted it out.
*It looks like FakeUpstream always has isolated stats
and createClientSslContext which I only ported appears to create its own as
well so more digging required.
…On Thu, Jun 29, 2017 at 11:56 AM, Matt Klein ***@***.***> wrote:
@alyssawilk <https://github.com/alyssawilk> FYI TSAN is failing:
https://travis-ci.org/lyft/envoy/jobs/248409059
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1183 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ARYFvSBY2GgQBSlivB1Wl1BkEk_yuLdtks5sI8k5gaJpZM4OIG3l>
.
|
|
Aha, I think I figured it out - new Scopes in the TestIsolatedStoreImpl
were accessing the underlying IsolatedStoreImpl directly, without grabbing
locks.
I've added a TestScopeWrapper for TestIsolatedStoreImpl as a workaround.
If anyone has a more elegant idea for a fix let me know, and no hurry on
reviews since now I'm *actually* heading out for the 4th. happy long
weekend, all!
On Thu, Jun 29, 2017 at 3:09 PM, Alyssa (Rzeszutek) Wilk <alyssar@google.com
… wrote:
Oy. It looks like my Stats::IsolatedStoreImpl are not so isolated as
they're supposed to be. Still trying to track down how* - given I'm out
tomorrow I'll ping back once I've sorted it out.
*It looks like FakeUpstream always has isolated stats
and createClientSslContext which I only ported appears to create its own as
well so more digging required.
On Thu, Jun 29, 2017 at 11:56 AM, Matt Klein ***@***.***>
wrote:
> @alyssawilk <https://github.com/alyssawilk> FYI TSAN is failing:
> https://travis-ci.org/lyft/envoy/jobs/248409059
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1183 (comment)>, or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/ARYFvSBY2GgQBSlivB1Wl1BkEk_yuLdtks5sI8k5gaJpZM4OIG3l>
> .
>
|
test/integration/server.h
Outdated
| std::unique_lock<std::mutex> lock(lock_); | ||
| wrapped_scope_.reset(); | ||
| } | ||
|
|
There was a problem hiding this comment.
I think these should all be override rather than virtual
test/integration/server.h
Outdated
| : lock_(lock), wrapped_scope_(std::move(wrapped_scope)) {} | ||
|
|
||
| virtual ~TestScopeWrapper() { | ||
| std::unique_lock<std::mutex> lock(lock_); |
There was a problem hiding this comment.
Is this needed? Won't this self-destruct?
test/integration/server.h
Outdated
| ScopePtr createScope(const std::string& name) override { | ||
| std::unique_lock<std::mutex> lock(lock_); | ||
| return store_.createScope(name); | ||
| ScopePtr tmp = store_.createScope(name); |
There was a problem hiding this comment.
Nit: Is the intermediate here needed?
Automatic merge from submit-queue. Support bypassing JWT verification for some requests. **What this PR does / why we need it**: **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note None ```
Description: Replace the metrics sink from the envoy one to a custom one. The custom metrics sink comes with ack function on the grpc stream. This change is based on upstream envoy change: #13919 Risk Level: High Testing: Local and ci unit tests and integration tests Signed-off-by: Jingwei Hao <jingweih@lyft.com> Signed-off-by: JP Simard <jp@jpsim.com>
Description: Replace the metrics sink from the envoy one to a custom one. The custom metrics sink comes with ack function on the grpc stream. This change is based on upstream envoy change: #13919 Risk Level: High Testing: Local and ci unit tests and integration tests Signed-off-by: Jingwei Hao <jingweih@lyft.com> Signed-off-by: JP Simard <jp@jpsim.com>
5 participants
This ended up getting a bit larger than I'd anticipated - please let me know if you'd prefer I split things up a bit. Roughly:
I have this theory wherein I start flow control backup with just the network layer (TCP/TLS) but I wanted some basic integration tests before I tack on flow control and make sure resumption works :-)