From 5423ebd4badf926995d948b7f8ee6b75d50d45fa Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 5 Aug 2020 10:38:39 +0100 Subject: [PATCH 01/28] Update verify_examples script Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 491 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 451 insertions(+), 40 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 711ceb5f25a30..791edcd688362 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -1,43 +1,454 @@ -#!/bin/bash +#!/bin/bash -E -set -e +FAILED=() +SRCDIR="${SRCDIR:-$(pwd)}" +EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docker-compose"} -verify() { - echo $1 - CONTAINER_ID="$(docker ps -aqf name=$1)" - if [ "false" == "$(docker inspect -f {{.State.Running}} ${CONTAINER_ID})" ] - then - echo "error: $1 not running" + +trap_errors () { + local frame=0 LINE SUB FILE + set +v + while read -r LINE SUB FILE < <(caller "$frame"); do + if [ "$frame" -ne "0" ]; then + FAILED+=(" > ${SUB}@ ${FILE} :${LINE}") + else + FAILED+=("${SUB}@ ${FILE} :${LINE}") + fi + ((frame++)) + done + set -v +} + +trap trap_errors ERR + +run_log () { + local name + name="$1" + shift + echo -e "\n> [${name}] ${*}" +} + +show_user_env () { + run_log "$(whoami)" "User env" + id + echo "umask = $(umask)" + echo "pwd = $(pwd)" +} + +get_path () { + printf "%s/examples/%s" "$SRCDIR" "$1" +} + +bring_up_example_stack () { + local args name path snooze + args=("${@}") + name="$1" + path="$2" + snooze="${3:-0}" + cd "$path" || return 1 + run_log "$name" "Pull the images" + docker-compose pull || return 1 + echo + run_log "$name" "Bring up services" + docker-compose up --build -d "${args[@]:3}" || return 1 + if [ "$snooze" -ne "0" ]; then + run_log "$name" "Snooze for ${snooze} while ${name} gets started" + sleep "$snooze" + fi + docker-compose ps + docker-compose logs +} + +bring_up_example () { + local name paths + name="$1" + read -ra paths <<< "$(echo "$2" | tr ',' ' ')" + shift 2 + for path in "${paths[@]}"; do + bring_up_example_stack "$name" "$(get_path "$path")" "$@" + done +} + +cleanup_stack () { + local name path + name="$1" + path="$2" + run_log "$name" "Cleanup: $path" + cd "$path" || return 1 + docker-compose down + docker system prune -f +} + +cleanup () { + local name paths + name="$1" + read -ra paths <<< "$(echo "$2" | tr ',' ' ')" + for path in "${paths[@]}"; do + cleanup_stack "$name" "$(get_path "$path")" + done +} + +run_example_cors () { + local name paths + name=cors + paths="cors/frontend,cors/backend" + bring_up_example "$name" "$paths" + + run_log "$name" "Test service" + curl http://localhost:8000 + + run_log "$name" "Test cors server: disabled" + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/disabled | grep Success + curl -s -H "Origin: http://example.com" \ + --head http://localhost:8002/cors/disabled \ + | grep access-control-allow-origin \ + | [ "$(wc -l)" -eq 0 ] || return 1 + + run_log "$name" "Test cors server: open" + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/open | grep Success + curl -s -H "Origin: http://example.com" \ + --head http://localhost:8002/cors/open \ + | grep "access-control-allow-origin: http://example.com" + + run_log "$name" "Test cors server: restricted" + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/restricted | grep Success + curl -s -H "Origin: http://example.com" \ + --head http://localhost:8002/cors/restricted \ + | grep access-control-allow-origin \ + | [ "$(wc -l)" -eq 0 ] || return 1 + curl -s -H "Origin: http://foo.envoyproxy.io" \ + --head http://localhost:8002/cors/restricted \ + | grep "access-control-allow-origin: http://foo.envoyproxy.io" + cleanup "$name" "$paths" +} + +run_example_csrf () { + local name paths + name=csrf + paths="csrf/samesite,csrf/crosssite" + + bring_up_example "$name" "$paths" + + run_log "$name" "Test services" + curl http://localhost:8002 + curl http://localhost:8000 + + run_log "$name" "Test stats server" + curl http://localhost:8001/stats + + run_log "$name" "Test cors server: disabled" + curl -s -H "Origin: http://example.com" -X POST \ + http://localhost:8000/csrf/disabled \ + | grep Success + curl -s -H "Origin: http://example.com" -X POST \ + --head http://localhost:8000/csrf/disabled \ + | grep "access-control-allow-origin: http://example.com" + + run_log "$name" "Test cors server: shadow" + curl -s -H "Origin: http://example.com" -X POST \ + http://localhost:8000/csrf/shadow \ + | grep Success + curl -s -H "Origin: http://example.com" -X POST \ + --head http://localhost:8000/csrf/shadow \ + | grep "access-control-allow-origin: http://example.com" + + run_log "$name" "Test cors server: enabled" + curl -s -H "Origin: http://example.com" -X POST \ + http://localhost:8000/csrf/enabled \ + | grep "Invalid origin" + curl -s -H "Origin: http://example.com" -X POST \ + --head http://localhost:8000/csrf/enabled \ + | grep "HTTP/1.1 403 Forbidden" + + run_log "$name" "Test cors server: additional_origin" + curl -s -H "Origin: http://example.com" -X POST \ + http://localhost:8000/csrf/additional_origin \ + | grep Success + curl -s -H "Origin: http://example.com" -X POST \ + --head http://localhost:8000/csrf/additional_origin \ + | grep "access-control-allow-origin: http://example.com" + + cleanup "$name" "$paths" +} + +run_example_ext_authz () { + local name paths + name=ext_authz + paths=ext_authz + + bring_up_example "$name" "$paths" + + run_log "$name" "Test services responds with 403" + curl -v localhost:8000/service 2> >(grep -v Expire) + + run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" + docker-compose down + FRONT_ENVOY_YAML=config/http-service.yaml docker-compose up -d + sleep 10 + + run_log "$name" "Test service responds with 403" + curl -v localhost:8000/service 2> >(grep -v Expire) + + run_log "$name" "Test authenticated service responds with 200" + curl -v -H "Authorization: Bearer token1" localhost:8000/service 2> >(grep -v Expire) + + run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" + docker-compose down + FRONT_ENVOY_YAML=config/opa-service/v2.yaml docker-compose up -d + sleep 10 + + run_log "$name" "Test OPA service responds with 200" + curl localhost:8000/service --verbose 2> >(grep -v Expire) + + run_log "$name" "Check OPA logs" + docker-compose logs ext_authz-opa-service | grep decision_id -A 30 + + run_log "$name" "Check OPA service rejects POST" + curl -X POST localhost:8000/service --verbose 2> >(grep -v Expire) + + cleanup "$name" "$paths" +} + +_fault_injection_test () { + local action code name + action="$1" + code="$2" + name=fault_injection + + run_log "$name" "Enable ${action} fault injection" + docker-compose exec envoy bash "enable_${action}_fault_injection.sh" + run_log "$name" "Send requests for 20 seconds" + docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + run_log "$name" "Check logs again" + docker-compose logs | grep "HTTP/1.1\" ${code}" + + run_log "$name" "Disable ${action} fault injection" + docker-compose exec envoy bash "disable_${action}_fault_injection.sh" + run_log "$name" "Send requests for 20 seconds" + docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + run_log "$name" "Check logs again" + docker-compose logs | grep "HTTP/1.1\" 200" +} + +run_example_fault_injection () { + local name paths + name=fault_injection + paths=fault-injection + + bring_up_example "$name" "$paths" + + run_log "$name" "Send requests for 20 seconds" + docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + run_log "$name" "Check logs" + docker-compose logs | grep "HTTP/1.1\" 200" + + _fault_injection_test abort 503 + _fault_injection_test delay 200 + + run_log "$name" "Check tree" + docker-compose exec envoy tree /srv/runtime + + cleanup "$name" "$paths" +} + +run_example_grpc_bridge () { + local name paths + name=grpc_bridge + paths=grpc-bridge + + run_log "$name" "Generate protocol stubs" + cd "$(get_path grpc-bridge)" || return 1 + docker-compose -f docker-compose-protos.yaml up + docker container prune -f + + # shellcheck disable=SC2010 + ls -la client/kv/kv_pb2.py | grep kv_pb2.py + # shellcheck disable=SC2010 + ls -la server/kv/kv.pb.go | grep kv.pb.go + + bring_up_example "$name" "$paths" + + run_log "$name" "Set key value foo=bar" + docker-compose exec grpc-client /client/grpc-kv-client.py set foo bar | grep setf + + run_log "$name" "Get key foo" + docker-compose exec grpc-client /client/grpc-kv-client.py get foo | grep bar + + cleanup "$name" "$paths" +} + +run_example_jaeger_native_tracing () { + local name paths + name=jaeger_native + paths=jaeger-native-tracing + + bring_up_example "$name" "$paths" 10 + + run_log "$name" "Test services" + curl -v localhost:8000/trace/1 2> >(grep -v Expire) + + run_log "$name" "Test Jaeger UI" + curl http://localhost:16686 2> >(grep -v Expire) + + cleanup "$name" "$paths" +} + +run_example_jaeger_tracing () { + local name paths + name=jaeger + paths=jaeger-tracing + + bring_up_example "$name" "$paths" + + run_log "$name" "Test services" + curl -v localhost:8000/trace/1 2> >(grep -v Expire) + + run_log "$name" "Test Jaeger UI" + curl http://localhost:16686 2> >(grep -v Expire) + + cleanup "$name" "$paths" +} + +run_example_load_reporting () { + local name paths + name=load_reporting + paths=load-reporting-service + + bring_up_example "$name" "$paths" 0 --scale http_service=2 + + run_log "$name" "Send requests" + bash send_requests.sh 2> /dev/null + run_log "$name" "Check logs: http 1" + docker-compose logs http_service | grep http_service_1 | grep HTTP | grep 200 + + run_log "$name" "Check logs: http 2" + docker-compose logs http_service | grep http_service_2 | grep HTTP | grep 200 + + run_log "$name" "Check logs: lrs_server" + docker-compose logs lrs_server + + cleanup load_reporting "$paths" +} + +run_example_lua () { + local name paths + name=lua + paths=lua + bring_up_example "$name" "$paths" + + run_log "$name" "Test connection" + curl -v localhost:8000 2> >(grep -v Expire) + + cleanup "$name" "$paths" +} + +run_example_mysql () { + local mysql_client name paths + name=mysql + paths=mysql + mysql_client=(docker run -ti --network envoymesh mysql:5.5 mysql -h envoy -P 1999 -u root) + + bring_up_example "$name" "$paths" 10 + + run_log "$name" "Create a mysql database" + "${mysql_client[@]}" -e "CREATE DATABASE test;" + "${mysql_client[@]}" -e "show databases;" + + run_log "$name" "Create a mysql table" + "${mysql_client[@]}" -e "USE test; CREATE TABLE test ( text VARCHAR(255) );" + "${mysql_client[@]}" -e "SELECT COUNT(*) from test.test;" + + run_log "$name" "Check mysql egress stats" + curl -s http://localhost:8001/stats?filter=egress_mysql + + run_log "$name" "Check mysql TCP stats" + curl -s http://localhost:8001/stats?filter=mysql_tcp + + cleanup "$name" "$paths" +} + +run_example_zipkin_tracing () { + local name paths + name=zipkin + paths=zipkin-tracing + bring_up_example "$name" "$paths" + + run_log "$name" "Test connection" + curl -v localhost:8000/trace/1 2> >(grep -v Expire) + + run_log "$name" "Test dashboard" + # this could do with using a healthcheck and waiting + sleep 20 + curl localhost:9411/zipkin/ + + cleanup "$name" "$paths" +} + +run_example_front_proxy () { + local name paths + name=front_proxy + paths=front-proxy + bring_up_example "$name" "$paths" + + run_log "$name" "Test service: localhost:8080/service/1" + curl -v localhost:8080/service/1 2> >(grep -v Expire) + run_log "$name" "Test service: localhost:8080/service/2" + curl -v localhost:8080/service/2 2> >(grep -v Expire) + run_log "$name" "Test service: https://localhost:8443/service/1 -k -v" + curl https://localhost:8443/service/1 -k -v 2> >(grep -v Expire) + run_log "$name" "Scale up docker service1=3" + docker-compose scale service1=3 + + run_log "$name" "Snooze for 5 while docker-compose scales..." + sleep 5 + + curl -v localhost:8080/service/1 2> >(grep -v Expire) + run_log "$name" "Test round-robin localhost:8080/service/1" + docker-compose exec front-envoy bash -c "\ + curl localhost:8080/service/1 \ + && curl localhost:8080/service/1 \ + && curl localhost:8080/service/1" + run_log "$name" "Test service: localhost:8080/service/2" + docker-compose exec front-envoy curl localhost:8080/service/2 2> >(grep -v Expire) + run_log "$name" "Test service info: localhost:8080/server_info" + docker-compose exec front-envoy curl localhost:8001/server_info | jq '.' + run_log "$name" "Test service stats: localhost:8080/stats" + docker-compose exec front-envoy curl localhost:8001/stats + + cleanup "$name" "$paths" +} + +run_examples () { + for example in $(find examples -mindepth 1 -maxdepth 1 -type d | sort); do + example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" + $example_test + done +} + +verify_build_configs () { + local configs missing + missing=() + cd "${SRCDIR}/examples" || exit 1 + configs="$(find . -name "*.yaml" -o -name "*.lua" | grep -vE "${EXCLUDED_BUILD_CONFIGS}" | cut -d/ -f2-)" + for config in $configs; do + grep "\"$config\"" BUILD || missing+=("$config") + done + if [ -n "${missing[*]}" ]; then + for config in "${missing[@]}"; do + echo "Missing config: $config" >&2 + done + return 1 + fi +} + +verify_build_configs +show_user_env +run_examples + +if [ "${#FAILED[@]}" -ne "0" ]; then + echo "TESTS FAILED:" + for failed in "${FAILED[@]}"; do + echo "$failed" >&2 + done exit 1 - fi -} - -# Test front proxy example -cd examples/front-proxy -docker-compose up --build -d -for CONTAINER_NAME in "frontproxy_front-envoy" "frontproxy_service1" "frontproxy_service2" -do - verify $CONTAINER_NAME -done -cd ../ - -# Test grpc bridge example -# install go -GO_VERSION="1.14.7" -curl -O https://storage.googleapis.com/golang/go$GO_VERSION.linux-amd64.tar.gz -tar -xf go$GO_VERSION.linux-amd64.tar.gz -sudo mv go /usr/local -export PATH=$PATH:/usr/local/go/bin -export GOPATH=$HOME/go -mkdir -p $GOPATH/src/github.com/envoyproxy/envoy/examples/ -cp -r grpc-bridge $GOPATH/src/github.com/envoyproxy/envoy/examples/ -# build example -cd $GOPATH/src/github.com/envoyproxy/envoy/examples/grpc-bridge -./script/bootstrap -./script/build -# verify example works -docker-compose up --build -d -for CONTAINER_NAME in "grpcbridge_python" "grpcbridge_grpc" -do - verify $CONTAINER_NAME -done +fi From 32d6477a3e2b4c143de0fe9631a5b6f5a828fffb Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 09:21:47 +0100 Subject: [PATCH 02/28] Add azure pipeline Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 7341b06627ffe..84c644dda0f23 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -37,6 +37,15 @@ jobs: artifactName: format condition: failed() + - job: examples + dependsOn: [] # this removes the implicit dependency on previous stage and causes this to run in parallel. + pool: + vmImage: "ubuntu-18.04" + steps: + - script: ci/verify_examples.sh + workingDirectory: $(Build.SourcesDirectory) + displayName: "Verify examples run as documented" + - job: release displayName: "Linux-x64 release" dependsOn: ["format"] From cf02f14d9a9cdfcd99dcaafc6eec8391fefcd837 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 10:11:23 +0100 Subject: [PATCH 03/28] fix for verify script Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 791edcd688362..e5e39417428c5 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -419,16 +419,18 @@ run_example_front_proxy () { } run_examples () { - for example in $(find examples -mindepth 1 -maxdepth 1 -type d | sort); do + local example example_test + cd "${SRCDIR}/examples" || exit 1 + for example in $(find . -mindepth 1 -maxdepth 1 -type d | sort); do example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" $example_test done } verify_build_configs () { - local configs missing + local config configs missing missing=() - cd "${SRCDIR}/examples" || exit 1 + cd "${SRCDIR}/examples" || return 1 configs="$(find . -name "*.yaml" -o -name "*.lua" | grep -vE "${EXCLUDED_BUILD_CONFIGS}" | cut -d/ -f2-)" for config in $configs; do grep "\"$config\"" BUILD || missing+=("$config") From 5342ad71caf558b3e67c6f0d0f9685332aec744b Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 10:56:03 +0100 Subject: [PATCH 04/28] improve error handling Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index e5e39417428c5..e1e7b76ba74b4 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -6,13 +6,16 @@ EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docke trap_errors () { - local frame=0 LINE SUB FILE + local frame=0 COMMAND LINE SUB FILE + if [ -n "$example_test" ]; then + COMMAND=" (${example_test})" + fi set +v while read -r LINE SUB FILE < <(caller "$frame"); do if [ "$frame" -ne "0" ]; then FAILED+=(" > ${SUB}@ ${FILE} :${LINE}") else - FAILED+=("${SUB}@ ${FILE} :${LINE}") + FAILED+=("${SUB}@ ${FILE} :${LINE}${COMMAND}") fi ((frame++)) done @@ -20,6 +23,7 @@ trap_errors () { } trap trap_errors ERR +trap exit 1 INT run_log () { local name @@ -419,9 +423,10 @@ run_example_front_proxy () { } run_examples () { - local example example_test + local example examples example_test cd "${SRCDIR}/examples" || exit 1 - for example in $(find . -mindepth 1 -maxdepth 1 -type d | sort); do + examples=$(find . -mindepth 1 -maxdepth 1 -type d | sort) + for example in $examples; do example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" $example_test done From 5bd2bdf57fb0a7d7a60807157fac49173eac5b21 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 11:56:44 +0100 Subject: [PATCH 05/28] Fix for jaeger-native-tracing example Signed-off-by: Ryan Northey --- .../front-proxy/Dockerfile-jaeger-service | 19 +++++++++++++++++++ .../jaeger-native-tracing/docker-compose.yaml | 6 ++---- 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 examples/front-proxy/Dockerfile-jaeger-service diff --git a/examples/front-proxy/Dockerfile-jaeger-service b/examples/front-proxy/Dockerfile-jaeger-service new file mode 100644 index 0000000000000..4fa93db5f2499 --- /dev/null +++ b/examples/front-proxy/Dockerfile-jaeger-service @@ -0,0 +1,19 @@ +FROM envoyproxy/envoy-alpine-dev:latest + +RUN apk update && apk add py3-pip bash curl +RUN pip3 install -q Flask==0.11.1 requests==2.18.4 +RUN mkdir /code +ADD ./service.py /code +ADD ./start_service.sh /usr/local/bin/start_service.sh +RUN chmod u+x /usr/local/bin/start_service.sh +# +# for discussion on jaeger binary compatibility, and the source of the file, see here: +# https://github.com/envoyproxy/envoy/issues/11382#issuecomment-638012072 +# +RUN echo "4a7d17d4724ee890490bcd6cfdedb12a02316a3d33214348d30979abd201f1ca /usr/local/lib/libjaegertracing_plugin.so" > /tmp/checksum \ + && curl -Ls https://github.com/tetratelabs/getenvoy-package/files/3518103/getenvoy-centos-jaegertracing-plugin.tar.gz \ + | tar zxf - -C /usr/local/lib \ + && mv /usr/local/lib/libjaegertracing.so.0.4.2 /usr/local/lib/libjaegertracing_plugin.so \ + && sha256sum -c /tmp/checksum \ + && rm /tmp/checksum +ENTRYPOINT /usr/local/bin/start_service.sh diff --git a/examples/jaeger-native-tracing/docker-compose.yaml b/examples/jaeger-native-tracing/docker-compose.yaml index b0060928551aa..6198572ad105c 100644 --- a/examples/jaeger-native-tracing/docker-compose.yaml +++ b/examples/jaeger-native-tracing/docker-compose.yaml @@ -20,10 +20,9 @@ services: service1: build: context: ../front-proxy - dockerfile: Dockerfile-service + dockerfile: Dockerfile-jaeger-service volumes: - ./service1-envoy-jaeger.yaml:/etc/service-envoy.yaml - - ./libjaegertracing.so.0.4.2:/usr/local/lib/libjaegertracing_plugin.so networks: envoymesh: aliases: @@ -39,10 +38,9 @@ services: service2: build: context: ../front-proxy - dockerfile: Dockerfile-service + dockerfile: Dockerfile-jaeger-service volumes: - ./service2-envoy-jaeger.yaml:/etc/service-envoy.yaml - - ./libjaegertracing.so.0.4.2:/usr/local/lib/libjaegertracing_plugin.so networks: envoymesh: aliases: From 1304b40588d93a05b0145824eb009518ca805a9a Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 12:01:44 +0100 Subject: [PATCH 06/28] Copy config into redis example image this one was missed when the other examples were fixed Signed-off-by: Ryan Northey --- examples/redis/Dockerfile-proxy | 3 +++ examples/redis/docker-compose.yaml | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/examples/redis/Dockerfile-proxy b/examples/redis/Dockerfile-proxy index 92b320ea14879..9266482b53fe8 100644 --- a/examples/redis/Dockerfile-proxy +++ b/examples/redis/Dockerfile-proxy @@ -1,2 +1,5 @@ FROM envoyproxy/envoy-dev:latest + +COPY ./envoy.yaml /etc/envoy.yaml +RUN chmod go+r /etc/envoy.yaml CMD /usr/local/bin/envoy -c /etc/envoy.yaml -l debug --service-cluster proxy diff --git a/examples/redis/docker-compose.yaml b/examples/redis/docker-compose.yaml index 5b2d82a6e1163..fb4bd1f0b638e 100644 --- a/examples/redis/docker-compose.yaml +++ b/examples/redis/docker-compose.yaml @@ -5,8 +5,6 @@ services: build: context: . dockerfile: Dockerfile-proxy - volumes: - - ./envoy.yaml:/etc/envoy.yaml networks: - envoymesh expose: From 164a229ab92fe5c1d1c8fab41057fd8fe674dfe0 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 7 Aug 2020 11:12:57 +0100 Subject: [PATCH 07/28] Improve verify_example tests Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 166 ++++++++++++++++++++++++++---------------- 1 file changed, 105 insertions(+), 61 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index e1e7b76ba74b4..7c4bc0cae2ee0 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -99,7 +99,7 @@ run_example_cors () { bring_up_example "$name" "$paths" run_log "$name" "Test service" - curl http://localhost:8000 + curl -s http://localhost:8000 | grep "Envoy CORS Webpage" run_log "$name" "Test cors server: disabled" curl -s -H "Origin: http://example.com" http://localhost:8002/cors/disabled | grep Success @@ -134,13 +134,13 @@ run_example_csrf () { bring_up_example "$name" "$paths" run_log "$name" "Test services" - curl http://localhost:8002 - curl http://localhost:8000 + curl -s http://localhost:8002 | grep "Envoy CSRF Demo" + curl -s http://localhost:8000 | grep "Envoy CSRF Demo" run_log "$name" "Test stats server" - curl http://localhost:8001/stats + curl -s http://localhost:8001/stats | grep ":" - run_log "$name" "Test cors server: disabled" + run_log "$name" "Test csrf server: disabled" curl -s -H "Origin: http://example.com" -X POST \ http://localhost:8000/csrf/disabled \ | grep Success @@ -148,7 +148,7 @@ run_example_csrf () { --head http://localhost:8000/csrf/disabled \ | grep "access-control-allow-origin: http://example.com" - run_log "$name" "Test cors server: shadow" + run_log "$name" "Test csrf server: shadow" curl -s -H "Origin: http://example.com" -X POST \ http://localhost:8000/csrf/shadow \ | grep Success @@ -156,7 +156,7 @@ run_example_csrf () { --head http://localhost:8000/csrf/shadow \ | grep "access-control-allow-origin: http://example.com" - run_log "$name" "Test cors server: enabled" + run_log "$name" "Test csrf server: enabled" curl -s -H "Origin: http://example.com" -X POST \ http://localhost:8000/csrf/enabled \ | grep "Invalid origin" @@ -164,7 +164,7 @@ run_example_csrf () { --head http://localhost:8000/csrf/enabled \ | grep "HTTP/1.1 403 Forbidden" - run_log "$name" "Test cors server: additional_origin" + run_log "$name" "Test csrf server: additional_origin" curl -s -H "Origin: http://example.com" -X POST \ http://localhost:8000/csrf/additional_origin \ | grep Success @@ -183,7 +183,7 @@ run_example_ext_authz () { bring_up_example "$name" "$paths" run_log "$name" "Test services responds with 403" - curl -v localhost:8000/service 2> >(grep -v Expire) + curl -v localhost:8000/service 2> >(grep -v Expire) | grep "HTTP/1.1 403 Forbidden" run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" docker-compose down @@ -191,10 +191,14 @@ run_example_ext_authz () { sleep 10 run_log "$name" "Test service responds with 403" - curl -v localhost:8000/service 2> >(grep -v Expire) + curl -v localhost:8000/service \ + 2> >(grep -v Expire) \ + | grep "HTTP/1.1 403 Forbidden" run_log "$name" "Test authenticated service responds with 200" - curl -v -H "Authorization: Bearer token1" localhost:8000/service 2> >(grep -v Expire) + curl -v -H "Authorization: Bearer token1" localhost:8000/service \ + 2> >(grep -v Expire) \ + | grep "HTTP/1.1 200 OK" run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" docker-compose down @@ -202,36 +206,53 @@ run_example_ext_authz () { sleep 10 run_log "$name" "Test OPA service responds with 200" - curl localhost:8000/service --verbose 2> >(grep -v Expire) + curl -v localhost:8000/service \ + 2> >(grep -v Expire) \ + | grep "HTTP/1.1 200 OK" run_log "$name" "Check OPA logs" docker-compose logs ext_authz-opa-service | grep decision_id -A 30 run_log "$name" "Check OPA service rejects POST" - curl -X POST localhost:8000/service --verbose 2> >(grep -v Expire) + curl -v -X POST localhost:8000/service \ + 2> >(grep -v Expire) \ + | grep "HTTP/1.1 403 Forbidden" cleanup "$name" "$paths" } _fault_injection_test () { - local action code name + local action code existing_200s existing_codes name action="$1" code="$2" name=fault_injection + existing_codes=0 + # enable fault injection and check for http hits of type $code + existing_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}" || :) run_log "$name" "Enable ${action} fault injection" docker-compose exec envoy bash "enable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null run_log "$name" "Check logs again" - docker-compose logs | grep "HTTP/1.1\" ${code}" + new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") + if [ "$new_codes" -le "$existing_codes" ]; then + echo "FAULT INJECTION TEST FAILED: $code $new_codes $existing_codes" + return 1 + fi + # disable fault injection and check for http hits of type 200 + existing_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") run_log "$name" "Disable ${action} fault injection" docker-compose exec envoy bash "disable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null run_log "$name" "Check logs again" - docker-compose logs | grep "HTTP/1.1\" 200" + new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") + if [ "$new_200s" -le "$existing_200s" ]; then + echo "FAULT INJECTION DISABLE TEST FAILED: $code $new_codes $existing_codes" + return 1 + fi } run_example_fault_injection () { @@ -242,7 +263,9 @@ run_example_fault_injection () { bring_up_example "$name" "$paths" run_log "$name" "Send requests for 20 seconds" - docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + docker-compose exec envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + > /dev/null run_log "$name" "Check logs" docker-compose logs | grep "HTTP/1.1\" 200" @@ -255,6 +278,40 @@ run_example_fault_injection () { cleanup "$name" "$paths" } +run_example_front_proxy () { + local name paths + name=front_proxy + paths=front-proxy + bring_up_example "$name" "$paths" + + run_log "$name" "Test service: localhost:8080/service/1" + curl -s localhost:8080/service/1 | grep Hello | grep "service 1" + run_log "$name" "Test service: localhost:8080/service/2" + curl -s localhost:8080/service/2 | grep Hello | grep "service 2" + run_log "$name" "Test service: https://localhost:8443/service/1" + curl -sk https://localhost:8443/service/1 | grep Hello | grep "service 1" + + run_log "$name" "Scale up docker service1=3" + docker-compose scale service1=3 + run_log "$name" "Snooze for 5 while docker-compose scales..." + sleep 5 + + run_log "$name" "Test round-robin localhost:8080/service/1" + docker-compose exec front-envoy bash -c "\ + curl localhost:8080/service/1 \ + && curl localhost:8080/service/1 \ + && curl localhost:8080/service/1" \ + | grep Hello | grep "service 1" + run_log "$name" "Test service inside front-envoy: localhost:8080/service/2" + docker-compose exec front-envoy curl -s localhost:8080/service/2 | grep Hello | grep "service 2" + run_log "$name" "Test service info: localhost:8080/server_info" + docker-compose exec front-envoy curl localhost:8001/server_info | jq '.' + run_log "$name" "Test service stats: localhost:8080/stats" + docker-compose exec front-envoy curl localhost:8001/stats | grep ":" + + cleanup "$name" "$paths" +} + run_example_grpc_bridge () { local name paths name=grpc_bridge @@ -289,10 +346,10 @@ run_example_jaeger_native_tracing () { bring_up_example "$name" "$paths" 10 run_log "$name" "Test services" - curl -v localhost:8000/trace/1 2> >(grep -v Expire) + curl -s localhost:8000/trace/1 | grep Hello run_log "$name" "Test Jaeger UI" - curl http://localhost:16686 2> >(grep -v Expire) + curl -s http://localhost:16686 | grep "" cleanup "$name" "$paths" } @@ -305,15 +362,15 @@ run_example_jaeger_tracing () { bring_up_example "$name" "$paths" run_log "$name" "Test services" - curl -v localhost:8000/trace/1 2> >(grep -v Expire) + curl -s localhost:8000/trace/1 | grep Hello run_log "$name" "Test Jaeger UI" - curl http://localhost:16686 2> >(grep -v Expire) + curl -s http://localhost:16686 | grep "" cleanup "$name" "$paths" } -run_example_load_reporting () { +run_example_load_reporting_service () { local name paths name=load_reporting paths=load-reporting-service @@ -329,7 +386,7 @@ run_example_load_reporting () { docker-compose logs http_service | grep http_service_2 | grep HTTP | grep 200 run_log "$name" "Check logs: lrs_server" - docker-compose logs lrs_server + docker-compose logs lrs_server | grep "up and running" cleanup load_reporting "$paths" } @@ -341,7 +398,7 @@ run_example_lua () { bring_up_example "$name" "$paths" run_log "$name" "Test connection" - curl -v localhost:8000 2> >(grep -v Expire) + curl -s localhost:8000 | grep foo cleanup "$name" "$paths" } @@ -363,61 +420,48 @@ run_example_mysql () { "${mysql_client[@]}" -e "SELECT COUNT(*) from test.test;" run_log "$name" "Check mysql egress stats" - curl -s http://localhost:8001/stats?filter=egress_mysql + curl -s http://localhost:8001/stats?filter=egress_mysql | grep egress_mysql run_log "$name" "Check mysql TCP stats" - curl -s http://localhost:8001/stats?filter=mysql_tcp + curl -s http://localhost:8001/stats?filter=mysql_tcp | grep mysql_tcp cleanup "$name" "$paths" } -run_example_zipkin_tracing () { +run_example_redis () { local name paths - name=zipkin - paths=zipkin-tracing + name=redis + paths=redis bring_up_example "$name" "$paths" - run_log "$name" "Test connection" - curl -v localhost:8000/trace/1 2> >(grep -v Expire) + run_log "$name" "Test set" + redis-cli -h localhost -p 1999 set foo FOO | grep OK + redis-cli -h localhost -p 1999 set bar BAR | grep OK - run_log "$name" "Test dashboard" - # this could do with using a healthcheck and waiting - sleep 20 - curl localhost:9411/zipkin/ + run_log "$name" "Test get" + redis-cli -h localhost -p 1999 get foo | grep FOO + redis-cli -h localhost -p 1999 get bar | grep BAR + + run_log "$name" "Test redis stats" + curl -s "http://localhost:8001/stats?usedonly&filter=redis.egress_redis.command" \ + | grep egress_redis cleanup "$name" "$paths" } -run_example_front_proxy () { +run_example_zipkin_tracing () { local name paths - name=front_proxy - paths=front-proxy + name=zipkin + paths=zipkin-tracing bring_up_example "$name" "$paths" - run_log "$name" "Test service: localhost:8080/service/1" - curl -v localhost:8080/service/1 2> >(grep -v Expire) - run_log "$name" "Test service: localhost:8080/service/2" - curl -v localhost:8080/service/2 2> >(grep -v Expire) - run_log "$name" "Test service: https://localhost:8443/service/1 -k -v" - curl https://localhost:8443/service/1 -k -v 2> >(grep -v Expire) - run_log "$name" "Scale up docker service1=3" - docker-compose scale service1=3 - - run_log "$name" "Snooze for 5 while docker-compose scales..." - sleep 5 + run_log "$name" "Test connection" + curl -s http://localhost:8000/trace/1 | grep Hello | grep "service 1" - curl -v localhost:8080/service/1 2> >(grep -v Expire) - run_log "$name" "Test round-robin localhost:8080/service/1" - docker-compose exec front-envoy bash -c "\ - curl localhost:8080/service/1 \ - && curl localhost:8080/service/1 \ - && curl localhost:8080/service/1" - run_log "$name" "Test service: localhost:8080/service/2" - docker-compose exec front-envoy curl localhost:8080/service/2 2> >(grep -v Expire) - run_log "$name" "Test service info: localhost:8080/server_info" - docker-compose exec front-envoy curl localhost:8001/server_info | jq '.' - run_log "$name" "Test service stats: localhost:8080/stats" - docker-compose exec front-envoy curl localhost:8001/stats + run_log "$name" "Test dashboard" + # this could do with using the healthcheck and waiting + sleep 20 + curl -s http://localhost:9411/zipkin/ | grep "" cleanup "$name" "$paths" } From f95679562b58cd057b29996f3f41f959156ac01b Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 05:41:31 +0100 Subject: [PATCH 08/28] disable tty on exec tests Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 7c4bc0cae2ee0..27031072e9d0e 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -231,26 +231,28 @@ _fault_injection_test () { # enable fault injection and check for http hits of type $code existing_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}" || :) run_log "$name" "Enable ${action} fault injection" - docker-compose exec envoy bash "enable_${action}_fault_injection.sh" + docker-compose exec -T envoy bash "enable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" - docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + docker-compose exec -T envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null run_log "$name" "Check logs again" new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") if [ "$new_codes" -le "$existing_codes" ]; then - echo "FAULT INJECTION TEST FAILED: $code $new_codes $existing_codes" return 1 fi # disable fault injection and check for http hits of type 200 existing_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") run_log "$name" "Disable ${action} fault injection" - docker-compose exec envoy bash "disable_${action}_fault_injection.sh" + docker-compose exec -T envoy bash "disable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" - docker-compose exec envoy bash -c "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" > /dev/null + docker-compose exec -T envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null run_log "$name" "Check logs again" new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") if [ "$new_200s" -le "$existing_200s" ]; then - echo "FAULT INJECTION DISABLE TEST FAILED: $code $new_codes $existing_codes" return 1 fi } @@ -263,9 +265,9 @@ run_example_fault_injection () { bring_up_example "$name" "$paths" run_log "$name" "Send requests for 20 seconds" - docker-compose exec envoy bash -c \ + docker-compose exec -T envoy bash -c \ "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - > /dev/null + &> /dev/null run_log "$name" "Check logs" docker-compose logs | grep "HTTP/1.1\" 200" @@ -273,7 +275,7 @@ run_example_fault_injection () { _fault_injection_test delay 200 run_log "$name" "Check tree" - docker-compose exec envoy tree /srv/runtime + docker-compose exec -T envoy tree /srv/runtime cleanup "$name" "$paths" } @@ -297,17 +299,17 @@ run_example_front_proxy () { sleep 5 run_log "$name" "Test round-robin localhost:8080/service/1" - docker-compose exec front-envoy bash -c "\ + docker-compose exec -T front-envoy bash -c "\ curl localhost:8080/service/1 \ && curl localhost:8080/service/1 \ && curl localhost:8080/service/1" \ | grep Hello | grep "service 1" run_log "$name" "Test service inside front-envoy: localhost:8080/service/2" - docker-compose exec front-envoy curl -s localhost:8080/service/2 | grep Hello | grep "service 2" + docker-compose exec -T front-envoy curl -s localhost:8080/service/2 | grep Hello | grep "service 2" run_log "$name" "Test service info: localhost:8080/server_info" - docker-compose exec front-envoy curl localhost:8001/server_info | jq '.' + docker-compose exec -T front-envoy curl localhost:8001/server_info | jq '.' run_log "$name" "Test service stats: localhost:8080/stats" - docker-compose exec front-envoy curl localhost:8001/stats | grep ":" + docker-compose exec -T front-envoy curl localhost:8001/stats | grep ":" cleanup "$name" "$paths" } @@ -330,10 +332,10 @@ run_example_grpc_bridge () { bring_up_example "$name" "$paths" run_log "$name" "Set key value foo=bar" - docker-compose exec grpc-client /client/grpc-kv-client.py set foo bar | grep setf + docker-compose exec -T grpc-client /client/grpc-kv-client.py set foo bar | grep setf run_log "$name" "Get key foo" - docker-compose exec grpc-client /client/grpc-kv-client.py get foo | grep bar + docker-compose exec -T grpc-client /client/grpc-kv-client.py get foo | grep bar cleanup "$name" "$paths" } From 685c58d1324f473843a768173581617d7f67807c Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 07:17:37 +0100 Subject: [PATCH 09/28] disable tty on exec tests - continued Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 27031072e9d0e..b587623031bc6 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -409,7 +409,7 @@ run_example_mysql () { local mysql_client name paths name=mysql paths=mysql - mysql_client=(docker run -ti --network envoymesh mysql:5.5 mysql -h envoy -P 1999 -u root) + mysql_client=(docker run --network envoymesh mysql:5.5 mysql -h envoy -P 1999 -u root) bring_up_example "$name" "$paths" 10 From df931ca34f45cac8e4d325a325aa0d4174818351 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 07:33:28 +0100 Subject: [PATCH 10/28] Add redis to (temp) azure test runner Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 84c644dda0f23..bee5379a0d921 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -42,6 +42,9 @@ jobs: pool: vmImage: "ubuntu-18.04" steps: + - bash: | + sudo apt-get update -y + sudo apt-get install -y -qq --no-install-recommends redis - script: ci/verify_examples.sh workingDirectory: $(Build.SourcesDirectory) displayName: "Verify examples run as documented" From ff1932ebbf1cfb4ec5b2b3f9ea99b34276593028 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 07:43:42 +0100 Subject: [PATCH 11/28] make azure work... Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index bee5379a0d921..648c2bd613966 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -43,9 +43,9 @@ jobs: vmImage: "ubuntu-18.04" steps: - bash: | - sudo apt-get update -y - sudo apt-get install -y -qq --no-install-recommends redis - - script: ci/verify_examples.sh + sudo apt-get update -y + sudo apt-get install -y -qq --no-install-recommends redis + ci/verify_examples.sh workingDirectory: $(Build.SourcesDirectory) displayName: "Verify examples run as documented" From 4d70253386717995084e048b724b213a21222ae3 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 08:01:10 +0100 Subject: [PATCH 12/28] make azure work... continued Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 648c2bd613966..164f595065122 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -44,7 +44,7 @@ jobs: steps: - bash: | sudo apt-get update -y - sudo apt-get install -y -qq --no-install-recommends redis + sudo apt-get install -y -qq --no-install-recommends redis-tools ci/verify_examples.sh workingDirectory: $(Build.SourcesDirectory) displayName: "Verify examples run as documented" From 62f43888513a03c93e89923259f058ffd513c523 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 8 Aug 2020 08:12:20 +0100 Subject: [PATCH 13/28] Tidy verify_examples script Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 199 +++++++++++++++++++++++------------------- 1 file changed, 108 insertions(+), 91 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index b587623031bc6..3cda3819772b2 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -8,16 +8,16 @@ EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docke trap_errors () { local frame=0 COMMAND LINE SUB FILE if [ -n "$example_test" ]; then - COMMAND=" (${example_test})" + COMMAND=" (${example_test})" fi set +v while read -r LINE SUB FILE < <(caller "$frame"); do - if [ "$frame" -ne "0" ]; then - FAILED+=(" > ${SUB}@ ${FILE} :${LINE}") - else - FAILED+=("${SUB}@ ${FILE} :${LINE}${COMMAND}") - fi - ((frame++)) + if [ "$frame" -ne "0" ]; then + FAILED+=(" > ${SUB}@ ${FILE} :${LINE}") + else + FAILED+=("${SUB}@ ${FILE} :${LINE}${COMMAND}") + fi + ((frame++)) done set -v } @@ -56,8 +56,8 @@ bring_up_example_stack () { run_log "$name" "Bring up services" docker-compose up --build -d "${args[@]:3}" || return 1 if [ "$snooze" -ne "0" ]; then - run_log "$name" "Snooze for ${snooze} while ${name} gets started" - sleep "$snooze" + run_log "$name" "Snooze for ${snooze} while ${name} gets started" + sleep "$snooze" fi docker-compose ps docker-compose logs @@ -69,7 +69,7 @@ bring_up_example () { read -ra paths <<< "$(echo "$2" | tr ',' ' ')" shift 2 for path in "${paths[@]}"; do - bring_up_example_stack "$name" "$(get_path "$path")" "$@" + bring_up_example_stack "$name" "$(get_path "$path")" "$@" done } @@ -88,7 +88,7 @@ cleanup () { name="$1" read -ra paths <<< "$(echo "$2" | tr ',' ' ')" for path in "${paths[@]}"; do - cleanup_stack "$name" "$(get_path "$path")" + cleanup_stack "$name" "$(get_path "$path")" done } @@ -102,27 +102,34 @@ run_example_cors () { curl -s http://localhost:8000 | grep "Envoy CORS Webpage" run_log "$name" "Test cors server: disabled" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/disabled | grep Success - curl -s -H "Origin: http://example.com" \ - --head http://localhost:8002/cors/disabled \ - | grep access-control-allow-origin \ - | [ "$(wc -l)" -eq 0 ] || return 1 + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/disabled \ + | grep Success + curl -s --head -X GET \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/disabled \ + | grep access-control-allow-origin \ + | [ "$(wc -l)" -eq 0 ] || return 1 run_log "$name" "Test cors server: open" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/open | grep Success - curl -s -H "Origin: http://example.com" \ - --head http://localhost:8002/cors/open \ - | grep "access-control-allow-origin: http://example.com" + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/open \ + | grep Success + curl -s --head -X GET \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/open \ + | grep "access-control-allow-origin: http://example.com" run_log "$name" "Test cors server: restricted" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/restricted | grep Success - curl -s -H "Origin: http://example.com" \ - --head http://localhost:8002/cors/restricted \ - | grep access-control-allow-origin \ - | [ "$(wc -l)" -eq 0 ] || return 1 - curl -s -H "Origin: http://foo.envoyproxy.io" \ - --head http://localhost:8002/cors/restricted \ - | grep "access-control-allow-origin: http://foo.envoyproxy.io" + curl -s -H "Origin: http://example.com" http://localhost:8002/cors/restricted \ + | grep Success + curl -s --head -X GET \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/restricted \ + | grep access-control-allow-origin \ + | [ "$(wc -l)" -eq 0 ] || return 1 + curl -s --head -X GET \ + -H "Origin: http://foo.envoyproxy.io" \ + http://localhost:8002/cors/restricted \ + | grep "access-control-allow-origin: http://foo.envoyproxy.io" cleanup "$name" "$paths" } @@ -141,36 +148,44 @@ run_example_csrf () { curl -s http://localhost:8001/stats | grep ":" run_log "$name" "Test csrf server: disabled" - curl -s -H "Origin: http://example.com" -X POST \ - http://localhost:8000/csrf/disabled \ - | grep Success - curl -s -H "Origin: http://example.com" -X POST \ - --head http://localhost:8000/csrf/disabled \ - | grep "access-control-allow-origin: http://example.com" + curl -s -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/disabled \ + | grep Success + curl -s --head -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/disabled \ + | grep "access-control-allow-origin: http://example.com" run_log "$name" "Test csrf server: shadow" - curl -s -H "Origin: http://example.com" -X POST \ - http://localhost:8000/csrf/shadow \ - | grep Success - curl -s -H "Origin: http://example.com" -X POST \ - --head http://localhost:8000/csrf/shadow \ - | grep "access-control-allow-origin: http://example.com" + curl -s -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/shadow \ + | grep Success + curl -s --head -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/shadow \ + | grep "access-control-allow-origin: http://example.com" run_log "$name" "Test csrf server: enabled" - curl -s -H "Origin: http://example.com" -X POST \ - http://localhost:8000/csrf/enabled \ - | grep "Invalid origin" - curl -s -H "Origin: http://example.com" -X POST \ - --head http://localhost:8000/csrf/enabled \ - | grep "HTTP/1.1 403 Forbidden" + curl -s -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/enabled \ + | grep "Invalid origin" + curl -s --head -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/enabled \ + | grep "HTTP/1.1 403 Forbidden" run_log "$name" "Test csrf server: additional_origin" - curl -s -H "Origin: http://example.com" -X POST \ - http://localhost:8000/csrf/additional_origin \ - | grep Success - curl -s -H "Origin: http://example.com" -X POST \ - --head http://localhost:8000/csrf/additional_origin \ - | grep "access-control-allow-origin: http://example.com" + curl -s -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/additional_origin \ + | grep Success + curl -s --head -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/additional_origin \ + | grep "access-control-allow-origin: http://example.com" cleanup "$name" "$paths" } @@ -183,7 +198,9 @@ run_example_ext_authz () { bring_up_example "$name" "$paths" run_log "$name" "Test services responds with 403" - curl -v localhost:8000/service 2> >(grep -v Expire) | grep "HTTP/1.1 403 Forbidden" + curl -s --head -X GET \ + http://localhost:8000/service \ + | grep "HTTP/1.1 403 Forbidden" run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" docker-compose down @@ -191,14 +208,14 @@ run_example_ext_authz () { sleep 10 run_log "$name" "Test service responds with 403" - curl -v localhost:8000/service \ - 2> >(grep -v Expire) \ - | grep "HTTP/1.1 403 Forbidden" + curl -s --head -X GET \ + http://localhost:8000/service \ + | grep "HTTP/1.1 403 Forbidden" run_log "$name" "Test authenticated service responds with 200" - curl -v -H "Authorization: Bearer token1" localhost:8000/service \ - 2> >(grep -v Expire) \ - | grep "HTTP/1.1 200 OK" + curl -s --head -X GET \ + -H "Authorization: Bearer token1" http://localhost:8000/service \ + | grep "HTTP/1.1 200 OK" run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" docker-compose down @@ -206,17 +223,17 @@ run_example_ext_authz () { sleep 10 run_log "$name" "Test OPA service responds with 200" - curl -v localhost:8000/service \ - 2> >(grep -v Expire) \ - | grep "HTTP/1.1 200 OK" + curl -s --head -X GET \ + http://localhost:8000/service \ + | grep "HTTP/1.1 200 OK" run_log "$name" "Check OPA logs" docker-compose logs ext_authz-opa-service | grep decision_id -A 30 run_log "$name" "Check OPA service rejects POST" - curl -v -X POST localhost:8000/service \ - 2> >(grep -v Expire) \ - | grep "HTTP/1.1 403 Forbidden" + curl -s --head -X POST \ + http://localhost:8000/service \ + | grep "HTTP/1.1 403 Forbidden" cleanup "$name" "$paths" } @@ -234,12 +251,12 @@ _fault_injection_test () { docker-compose exec -T envoy bash "enable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null run_log "$name" "Check logs again" new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") if [ "$new_codes" -le "$existing_codes" ]; then - return 1 + return 1 fi # disable fault injection and check for http hits of type 200 @@ -248,12 +265,12 @@ _fault_injection_test () { docker-compose exec -T envoy bash "disable_${action}_fault_injection.sh" run_log "$name" "Send requests for 20 seconds" docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null run_log "$name" "Check logs again" new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") if [ "$new_200s" -le "$existing_200s" ]; then - return 1 + return 1 fi } @@ -266,8 +283,8 @@ run_example_fault_injection () { run_log "$name" "Send requests for 20 seconds" docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null run_log "$name" "Check logs" docker-compose logs | grep "HTTP/1.1\" 200" @@ -287,9 +304,9 @@ run_example_front_proxy () { bring_up_example "$name" "$paths" run_log "$name" "Test service: localhost:8080/service/1" - curl -s localhost:8080/service/1 | grep Hello | grep "service 1" + curl -s http://localhost:8080/service/1 | grep Hello | grep "service 1" run_log "$name" "Test service: localhost:8080/service/2" - curl -s localhost:8080/service/2 | grep Hello | grep "service 2" + curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" run_log "$name" "Test service: https://localhost:8443/service/1" curl -sk https://localhost:8443/service/1 | grep Hello | grep "service 1" @@ -300,16 +317,16 @@ run_example_front_proxy () { run_log "$name" "Test round-robin localhost:8080/service/1" docker-compose exec -T front-envoy bash -c "\ - curl localhost:8080/service/1 \ - && curl localhost:8080/service/1 \ - && curl localhost:8080/service/1" \ - | grep Hello | grep "service 1" + curl -s http://localhost:8080/service/1 \ + && curl -s http://localhost:8080/service/1 \ + && curl -s http://localhost:8080/service/1" \ + | grep Hello | grep "service 1" run_log "$name" "Test service inside front-envoy: localhost:8080/service/2" - docker-compose exec -T front-envoy curl -s localhost:8080/service/2 | grep Hello | grep "service 2" + docker-compose exec -T front-envoy curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" run_log "$name" "Test service info: localhost:8080/server_info" - docker-compose exec -T front-envoy curl localhost:8001/server_info | jq '.' + docker-compose exec -T front-envoy curl http://localhost:8001/server_info | jq '.' run_log "$name" "Test service stats: localhost:8080/stats" - docker-compose exec -T front-envoy curl localhost:8001/stats | grep ":" + docker-compose exec -T front-envoy curl http://localhost:8001/stats | grep ":" cleanup "$name" "$paths" } @@ -348,7 +365,7 @@ run_example_jaeger_native_tracing () { bring_up_example "$name" "$paths" 10 run_log "$name" "Test services" - curl -s localhost:8000/trace/1 | grep Hello + curl -s http://localhost:8000/trace/1 | grep Hello run_log "$name" "Test Jaeger UI" curl -s http://localhost:16686 | grep "" @@ -364,7 +381,7 @@ run_example_jaeger_tracing () { bring_up_example "$name" "$paths" run_log "$name" "Test services" - curl -s localhost:8000/trace/1 | grep Hello + curl -s http://localhost:8000/trace/1 | grep Hello run_log "$name" "Test Jaeger UI" curl -s http://localhost:16686 | grep "" @@ -400,7 +417,7 @@ run_example_lua () { bring_up_example "$name" "$paths" run_log "$name" "Test connection" - curl -s localhost:8000 | grep foo + curl -s http://localhost:8000 | grep foo cleanup "$name" "$paths" } @@ -446,7 +463,7 @@ run_example_redis () { run_log "$name" "Test redis stats" curl -s "http://localhost:8001/stats?usedonly&filter=redis.egress_redis.command" \ - | grep egress_redis + | grep egress_redis cleanup "$name" "$paths" } @@ -473,8 +490,8 @@ run_examples () { cd "${SRCDIR}/examples" || exit 1 examples=$(find . -mindepth 1 -maxdepth 1 -type d | sort) for example in $examples; do - example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" - $example_test + example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" + $example_test done } @@ -484,11 +501,11 @@ verify_build_configs () { cd "${SRCDIR}/examples" || return 1 configs="$(find . -name "*.yaml" -o -name "*.lua" | grep -vE "${EXCLUDED_BUILD_CONFIGS}" | cut -d/ -f2-)" for config in $configs; do - grep "\"$config\"" BUILD || missing+=("$config") + grep "\"$config\"" BUILD || missing+=("$config") done if [ -n "${missing[*]}" ]; then for config in "${missing[@]}"; do - echo "Missing config: $config" >&2 + echo "Missing config: $config" >&2 done return 1 fi @@ -501,7 +518,7 @@ run_examples if [ "${#FAILED[@]}" -ne "0" ]; then echo "TESTS FAILED:" for failed in "${FAILED[@]}"; do - echo "$failed" >&2 + echo "$failed" >&2 done exit 1 fi From 1a6aabc504484a2c2141f3d5eeb2538f7008c1be Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 12 Aug 2020 18:20:23 +0100 Subject: [PATCH 14/28] Add filter argument Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 3cda3819772b2..9ca11802276b3 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -1,5 +1,6 @@ #!/bin/bash -E +TESTFILTER="${1:-*}" FAILED=() SRCDIR="${SRCDIR:-$(pwd)}" EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docker-compose"} @@ -488,7 +489,7 @@ run_example_zipkin_tracing () { run_examples () { local example examples example_test cd "${SRCDIR}/examples" || exit 1 - examples=$(find . -mindepth 1 -maxdepth 1 -type d | sort) + examples=$(find . -mindepth 1 -maxdepth 1 -type d -name "$TESTFILTER" | sort) for example in $examples; do example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" $example_test From f5faa93643e96e6763f32b615f39cac5bdf2ded9 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 13 Aug 2020 09:38:55 +0100 Subject: [PATCH 15/28] Split example tests into example folders Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 471 +--------------------- examples/cors/verify.sh | 47 +++ examples/csrf/verify.sh | 69 ++++ examples/ext_authz/verify.sh | 47 +++ examples/fault-injection/verify.sh | 57 +++ examples/front-proxy/verify.sh | 44 ++ examples/grpc-bridge/verify.sh | 24 ++ examples/jaeger-native-tracing/verify.sh | 18 + examples/jaeger-tracing/verify.sh | 17 + examples/load-reporting-service/verify.sh | 18 + examples/lua/verify.sh | 12 + examples/mysql/verify.sh | 31 ++ examples/redis/verify.sh | 20 + examples/verify-common.sh | 122 ++++++ examples/zipkin-tracing/verify.sh | 19 + 15 files changed, 551 insertions(+), 465 deletions(-) create mode 100755 examples/cors/verify.sh create mode 100755 examples/csrf/verify.sh create mode 100755 examples/ext_authz/verify.sh create mode 100755 examples/fault-injection/verify.sh create mode 100755 examples/front-proxy/verify.sh create mode 100755 examples/grpc-bridge/verify.sh create mode 100755 examples/jaeger-native-tracing/verify.sh create mode 100755 examples/jaeger-tracing/verify.sh create mode 100755 examples/load-reporting-service/verify.sh create mode 100755 examples/lua/verify.sh create mode 100755 examples/mysql/verify.sh create mode 100755 examples/redis/verify.sh create mode 100644 examples/verify-common.sh create mode 100755 examples/zipkin-tracing/verify.sh diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 9ca11802276b3..12c5d30df10d3 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -8,8 +8,8 @@ EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docke trap_errors () { local frame=0 COMMAND LINE SUB FILE - if [ -n "$example_test" ]; then - COMMAND=" (${example_test})" + if [ -n "$example" ]; then + COMMAND=" (${example})" fi set +v while read -r LINE SUB FILE < <(caller "$frame"); do @@ -26,473 +26,15 @@ trap_errors () { trap trap_errors ERR trap exit 1 INT -run_log () { - local name - name="$1" - shift - echo -e "\n> [${name}] ${*}" -} - -show_user_env () { - run_log "$(whoami)" "User env" - id - echo "umask = $(umask)" - echo "pwd = $(pwd)" -} - -get_path () { - printf "%s/examples/%s" "$SRCDIR" "$1" -} - -bring_up_example_stack () { - local args name path snooze - args=("${@}") - name="$1" - path="$2" - snooze="${3:-0}" - cd "$path" || return 1 - run_log "$name" "Pull the images" - docker-compose pull || return 1 - echo - run_log "$name" "Bring up services" - docker-compose up --build -d "${args[@]:3}" || return 1 - if [ "$snooze" -ne "0" ]; then - run_log "$name" "Snooze for ${snooze} while ${name} gets started" - sleep "$snooze" - fi - docker-compose ps - docker-compose logs -} - -bring_up_example () { - local name paths - name="$1" - read -ra paths <<< "$(echo "$2" | tr ',' ' ')" - shift 2 - for path in "${paths[@]}"; do - bring_up_example_stack "$name" "$(get_path "$path")" "$@" - done -} - -cleanup_stack () { - local name path - name="$1" - path="$2" - run_log "$name" "Cleanup: $path" - cd "$path" || return 1 - docker-compose down - docker system prune -f -} - -cleanup () { - local name paths - name="$1" - read -ra paths <<< "$(echo "$2" | tr ',' ' ')" - for path in "${paths[@]}"; do - cleanup_stack "$name" "$(get_path "$path")" - done -} - -run_example_cors () { - local name paths - name=cors - paths="cors/frontend,cors/backend" - bring_up_example "$name" "$paths" - - run_log "$name" "Test service" - curl -s http://localhost:8000 | grep "Envoy CORS Webpage" - - run_log "$name" "Test cors server: disabled" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/disabled \ - | grep Success - curl -s --head -X GET \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/disabled \ - | grep access-control-allow-origin \ - | [ "$(wc -l)" -eq 0 ] || return 1 - - run_log "$name" "Test cors server: open" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/open \ - | grep Success - curl -s --head -X GET \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/open \ - | grep "access-control-allow-origin: http://example.com" - - run_log "$name" "Test cors server: restricted" - curl -s -H "Origin: http://example.com" http://localhost:8002/cors/restricted \ - | grep Success - curl -s --head -X GET \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/restricted \ - | grep access-control-allow-origin \ - | [ "$(wc -l)" -eq 0 ] || return 1 - curl -s --head -X GET \ - -H "Origin: http://foo.envoyproxy.io" \ - http://localhost:8002/cors/restricted \ - | grep "access-control-allow-origin: http://foo.envoyproxy.io" - cleanup "$name" "$paths" -} - -run_example_csrf () { - local name paths - name=csrf - paths="csrf/samesite,csrf/crosssite" - - bring_up_example "$name" "$paths" - - run_log "$name" "Test services" - curl -s http://localhost:8002 | grep "Envoy CSRF Demo" - curl -s http://localhost:8000 | grep "Envoy CSRF Demo" - - run_log "$name" "Test stats server" - curl -s http://localhost:8001/stats | grep ":" - - run_log "$name" "Test csrf server: disabled" - curl -s -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/disabled \ - | grep Success - curl -s --head -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/disabled \ - | grep "access-control-allow-origin: http://example.com" - - run_log "$name" "Test csrf server: shadow" - curl -s -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/shadow \ - | grep Success - curl -s --head -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/shadow \ - | grep "access-control-allow-origin: http://example.com" - - run_log "$name" "Test csrf server: enabled" - curl -s -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/enabled \ - | grep "Invalid origin" - curl -s --head -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/enabled \ - | grep "HTTP/1.1 403 Forbidden" - - run_log "$name" "Test csrf server: additional_origin" - curl -s -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/additional_origin \ - | grep Success - curl -s --head -X POST \ - -H "Origin: http://example.com" \ - http://localhost:8000/csrf/additional_origin \ - | grep "access-control-allow-origin: http://example.com" - - cleanup "$name" "$paths" -} - -run_example_ext_authz () { - local name paths - name=ext_authz - paths=ext_authz - - bring_up_example "$name" "$paths" - - run_log "$name" "Test services responds with 403" - curl -s --head -X GET \ - http://localhost:8000/service \ - | grep "HTTP/1.1 403 Forbidden" - - run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" - docker-compose down - FRONT_ENVOY_YAML=config/http-service.yaml docker-compose up -d - sleep 10 - - run_log "$name" "Test service responds with 403" - curl -s --head -X GET \ - http://localhost:8000/service \ - | grep "HTTP/1.1 403 Forbidden" - - run_log "$name" "Test authenticated service responds with 200" - curl -s --head -X GET \ - -H "Authorization: Bearer token1" http://localhost:8000/service \ - | grep "HTTP/1.1 200 OK" - - run_log "$name" "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" - docker-compose down - FRONT_ENVOY_YAML=config/opa-service/v2.yaml docker-compose up -d - sleep 10 - - run_log "$name" "Test OPA service responds with 200" - curl -s --head -X GET \ - http://localhost:8000/service \ - | grep "HTTP/1.1 200 OK" - - run_log "$name" "Check OPA logs" - docker-compose logs ext_authz-opa-service | grep decision_id -A 30 - - run_log "$name" "Check OPA service rejects POST" - curl -s --head -X POST \ - http://localhost:8000/service \ - | grep "HTTP/1.1 403 Forbidden" - - cleanup "$name" "$paths" -} - -_fault_injection_test () { - local action code existing_200s existing_codes name - action="$1" - code="$2" - name=fault_injection - existing_codes=0 - - # enable fault injection and check for http hits of type $code - existing_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}" || :) - run_log "$name" "Enable ${action} fault injection" - docker-compose exec -T envoy bash "enable_${action}_fault_injection.sh" - run_log "$name" "Send requests for 20 seconds" - docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null - run_log "$name" "Check logs again" - new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") - if [ "$new_codes" -le "$existing_codes" ]; then - return 1 - fi - - # disable fault injection and check for http hits of type 200 - existing_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") - run_log "$name" "Disable ${action} fault injection" - docker-compose exec -T envoy bash "disable_${action}_fault_injection.sh" - run_log "$name" "Send requests for 20 seconds" - docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null - run_log "$name" "Check logs again" - new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") - if [ "$new_200s" -le "$existing_200s" ]; then - return 1 - fi -} - -run_example_fault_injection () { - local name paths - name=fault_injection - paths=fault-injection - - bring_up_example "$name" "$paths" - - run_log "$name" "Send requests for 20 seconds" - docker-compose exec -T envoy bash -c \ - "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ - &> /dev/null - run_log "$name" "Check logs" - docker-compose logs | grep "HTTP/1.1\" 200" - - _fault_injection_test abort 503 - _fault_injection_test delay 200 - - run_log "$name" "Check tree" - docker-compose exec -T envoy tree /srv/runtime - - cleanup "$name" "$paths" -} - -run_example_front_proxy () { - local name paths - name=front_proxy - paths=front-proxy - bring_up_example "$name" "$paths" - - run_log "$name" "Test service: localhost:8080/service/1" - curl -s http://localhost:8080/service/1 | grep Hello | grep "service 1" - run_log "$name" "Test service: localhost:8080/service/2" - curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" - run_log "$name" "Test service: https://localhost:8443/service/1" - curl -sk https://localhost:8443/service/1 | grep Hello | grep "service 1" - - run_log "$name" "Scale up docker service1=3" - docker-compose scale service1=3 - run_log "$name" "Snooze for 5 while docker-compose scales..." - sleep 5 - - run_log "$name" "Test round-robin localhost:8080/service/1" - docker-compose exec -T front-envoy bash -c "\ - curl -s http://localhost:8080/service/1 \ - && curl -s http://localhost:8080/service/1 \ - && curl -s http://localhost:8080/service/1" \ - | grep Hello | grep "service 1" - run_log "$name" "Test service inside front-envoy: localhost:8080/service/2" - docker-compose exec -T front-envoy curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" - run_log "$name" "Test service info: localhost:8080/server_info" - docker-compose exec -T front-envoy curl http://localhost:8001/server_info | jq '.' - run_log "$name" "Test service stats: localhost:8080/stats" - docker-compose exec -T front-envoy curl http://localhost:8001/stats | grep ":" - - cleanup "$name" "$paths" -} - -run_example_grpc_bridge () { - local name paths - name=grpc_bridge - paths=grpc-bridge - - run_log "$name" "Generate protocol stubs" - cd "$(get_path grpc-bridge)" || return 1 - docker-compose -f docker-compose-protos.yaml up - docker container prune -f - - # shellcheck disable=SC2010 - ls -la client/kv/kv_pb2.py | grep kv_pb2.py - # shellcheck disable=SC2010 - ls -la server/kv/kv.pb.go | grep kv.pb.go - - bring_up_example "$name" "$paths" - - run_log "$name" "Set key value foo=bar" - docker-compose exec -T grpc-client /client/grpc-kv-client.py set foo bar | grep setf - - run_log "$name" "Get key foo" - docker-compose exec -T grpc-client /client/grpc-kv-client.py get foo | grep bar - - cleanup "$name" "$paths" -} - -run_example_jaeger_native_tracing () { - local name paths - name=jaeger_native - paths=jaeger-native-tracing - - bring_up_example "$name" "$paths" 10 - - run_log "$name" "Test services" - curl -s http://localhost:8000/trace/1 | grep Hello - - run_log "$name" "Test Jaeger UI" - curl -s http://localhost:16686 | grep "" - - cleanup "$name" "$paths" -} - -run_example_jaeger_tracing () { - local name paths - name=jaeger - paths=jaeger-tracing - - bring_up_example "$name" "$paths" - - run_log "$name" "Test services" - curl -s http://localhost:8000/trace/1 | grep Hello - - run_log "$name" "Test Jaeger UI" - curl -s http://localhost:16686 | grep "" - - cleanup "$name" "$paths" -} - -run_example_load_reporting_service () { - local name paths - name=load_reporting - paths=load-reporting-service - - bring_up_example "$name" "$paths" 0 --scale http_service=2 - - run_log "$name" "Send requests" - bash send_requests.sh 2> /dev/null - run_log "$name" "Check logs: http 1" - docker-compose logs http_service | grep http_service_1 | grep HTTP | grep 200 - - run_log "$name" "Check logs: http 2" - docker-compose logs http_service | grep http_service_2 | grep HTTP | grep 200 - - run_log "$name" "Check logs: lrs_server" - docker-compose logs lrs_server | grep "up and running" - - cleanup load_reporting "$paths" -} - -run_example_lua () { - local name paths - name=lua - paths=lua - bring_up_example "$name" "$paths" - - run_log "$name" "Test connection" - curl -s http://localhost:8000 | grep foo - - cleanup "$name" "$paths" -} - -run_example_mysql () { - local mysql_client name paths - name=mysql - paths=mysql - mysql_client=(docker run --network envoymesh mysql:5.5 mysql -h envoy -P 1999 -u root) - - bring_up_example "$name" "$paths" 10 - - run_log "$name" "Create a mysql database" - "${mysql_client[@]}" -e "CREATE DATABASE test;" - "${mysql_client[@]}" -e "show databases;" - - run_log "$name" "Create a mysql table" - "${mysql_client[@]}" -e "USE test; CREATE TABLE test ( text VARCHAR(255) );" - "${mysql_client[@]}" -e "SELECT COUNT(*) from test.test;" - - run_log "$name" "Check mysql egress stats" - curl -s http://localhost:8001/stats?filter=egress_mysql | grep egress_mysql - - run_log "$name" "Check mysql TCP stats" - curl -s http://localhost:8001/stats?filter=mysql_tcp | grep mysql_tcp - - cleanup "$name" "$paths" -} - -run_example_redis () { - local name paths - name=redis - paths=redis - bring_up_example "$name" "$paths" - - run_log "$name" "Test set" - redis-cli -h localhost -p 1999 set foo FOO | grep OK - redis-cli -h localhost -p 1999 set bar BAR | grep OK - - run_log "$name" "Test get" - redis-cli -h localhost -p 1999 get foo | grep FOO - redis-cli -h localhost -p 1999 get bar | grep BAR - - run_log "$name" "Test redis stats" - curl -s "http://localhost:8001/stats?usedonly&filter=redis.egress_redis.command" \ - | grep egress_redis - - cleanup "$name" "$paths" -} - -run_example_zipkin_tracing () { - local name paths - name=zipkin - paths=zipkin-tracing - bring_up_example "$name" "$paths" - - run_log "$name" "Test connection" - curl -s http://localhost:8000/trace/1 | grep Hello | grep "service 1" - - run_log "$name" "Test dashboard" - # this could do with using the healthcheck and waiting - sleep 20 - curl -s http://localhost:9411/zipkin/ | grep "" - - cleanup "$name" "$paths" -} run_examples () { - local example examples example_test + local examples example cd "${SRCDIR}/examples" || exit 1 examples=$(find . -mindepth 1 -maxdepth 1 -type d -name "$TESTFILTER" | sort) for example in $examples; do - example_test="run_example_$(echo "$example" | cut -d/ -f2 | tr '-' '_')" - $example_test + cd $example + ./verify.sh + cd .. done } @@ -513,7 +55,6 @@ verify_build_configs () { } verify_build_configs -show_user_env run_examples if [ "${#FAILED[@]}" -ne "0" ]; then diff --git a/examples/cors/verify.sh b/examples/cors/verify.sh new file mode 100755 index 0000000000000..908821ef5e6d2 --- /dev/null +++ b/examples/cors/verify.sh @@ -0,0 +1,47 @@ +#!/bin/bash -e + +export NAME=cors +export PATHS=frontend,backend + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test service" +responds_with \ + "Envoy CORS Webpage" \ + http://localhost:8000 + +run_log "Test cors server: disabled" +responds_with \ + Success \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/disabled +responds_without_header \ + access-control-allow-origin \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/disabled + +run_log "Test cors server: open" +responds_with \ + Success \ + -H 'Origin: http://example.com' \ + http://localhost:8002/cors/open +responds_with_header \ + "access-control-allow-origin: http://example.com" \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/open + +run_log "Test cors server: restricted" +responds_with \ + Success \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/restricted +responds_without_header \ + access-control-allow-origin \ + -H "Origin: http://example.com" \ + http://localhost:8002/cors/restricted +responds_with_header \ + "access-control-allow-origin: http://foo.envoyproxy.io" \ + -H "Origin: http://foo.envoyproxy.io" \ + http://localhost:8002/cors/restricted diff --git a/examples/csrf/verify.sh b/examples/csrf/verify.sh new file mode 100755 index 0000000000000..24c28cd2d93a2 --- /dev/null +++ b/examples/csrf/verify.sh @@ -0,0 +1,69 @@ +#!/bin/bash -e + +export NAME=csrf +export PATHS=samesite,crosssite + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test services" +responds_with \ + "Envoy CSRF Demo" \ + http://localhost:8002 +responds_with \ + "Envoy CSRF Demo" \ + http://localhost:8000 + +run_log "Test stats server" +responds_with \ + ":" \ + http://localhost:8001/stats + +run_log "Test csrf server: disabled" +responds_with \ + Success \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/disabled +responds_with_header \ + "access-control-allow-origin: http://example.com" \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/disabled + +run_log "Test csrf server: shadow" +responds_with \ + Success \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/shadow +responds_with_header \ + "access-control-allow-origin: http://example.com" \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/shadow + +run_log "Test csrf server: enabled" +responds_with \ + "Invalid origin" \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/enabled +responds_with_header \ + "HTTP/1.1 403 Forbidden" \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/enabled + +run_log "Test csrf server: additional_origin" +responds_with \ + Success \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/additional_origin +responds_with_header \ + "access-control-allow-origin: http://example.com" \ + -X POST \ + -H "Origin: http://example.com" \ + http://localhost:8000/csrf/additional_origin diff --git a/examples/ext_authz/verify.sh b/examples/ext_authz/verify.sh new file mode 100755 index 0000000000000..60cef4b1c5812 --- /dev/null +++ b/examples/ext_authz/verify.sh @@ -0,0 +1,47 @@ +#!/bin/bash -e + +export NAME=ext_authz + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test services responds with 403" +responds_with_header \ + "HTTP/1.1 403 Forbidden"\ + http://localhost:8000/service + +run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" +docker-compose down +FRONT_ENVOY_YAML=config/http-service.yaml docker-compose up -d +sleep 10 + +run_log "Test service responds with 403" +responds_with_header \ + "HTTP/1.1 403 Forbidden"\ + http://localhost:8000/service + +run_log "Test authenticated service responds with 200" +responds_with_header \ + "HTTP/1.1 200 OK" \ + -H "Authorization: Bearer token1" \ + http://localhost:8000/service + +run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" +docker-compose down +FRONT_ENVOY_YAML=config/opa-service/v2.yaml docker-compose up -d +sleep 10 + +run_log "Test OPA service responds with 200" +responds_with_header \ + "HTTP/1.1 200 OK" \ + http://localhost:8000/service + +run_log "Check OPA logs" +docker-compose logs ext_authz-opa-service | grep decision_id -A 30 + +run_log "Check OPA service rejects POST" +responds_with_header \ + "HTTP/1.1 403 Forbidden" \ + -X POST \ + http://localhost:8000/service diff --git a/examples/fault-injection/verify.sh b/examples/fault-injection/verify.sh new file mode 100755 index 0000000000000..0dd2bfe1ca7d5 --- /dev/null +++ b/examples/fault-injection/verify.sh @@ -0,0 +1,57 @@ +#!/bin/bash -e + +export NAME=fault-injection + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Send requests for 20 seconds" +docker-compose exec -T envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null + +run_log "Check logs" +docker-compose logs | grep "HTTP/1.1\" 200" + + +_fault_injection_test () { + local action code existing_200s existing_codes + action="$1" + code="$2" + existing_codes=0 + + # enable fault injection and check for http hits of type $code + existing_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}" || :) + run_log "Enable ${action} fault injection" + docker-compose exec -T envoy bash "enable_${action}_fault_injection.sh" + run_log "Send requests for 20 seconds" + docker-compose exec -T envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null + run_log "Check logs again" + new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") + if [ "$new_codes" -le "$existing_codes" ]; then + return 1 + fi + + # disable fault injection and check for http hits of type 200 + existing_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") + run_log "Disable ${action} fault injection" + docker-compose exec -T envoy bash "disable_${action}_fault_injection.sh" + run_log "Send requests for 20 seconds" + docker-compose exec -T envoy bash -c \ + "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ + &> /dev/null + run_log "Check logs again" + new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") + if [ "$new_200s" -le "$existing_200s" ]; then + return 1 + fi +} + +_fault_injection_test abort 503 +_fault_injection_test delay 200 + +run_log "Check tree" +docker-compose exec -T envoy tree /srv/runtime diff --git a/examples/front-proxy/verify.sh b/examples/front-proxy/verify.sh new file mode 100755 index 0000000000000..37fc83683fed6 --- /dev/null +++ b/examples/front-proxy/verify.sh @@ -0,0 +1,44 @@ +#!/bin/bash -e + +export NAME=front-proxy + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test service: localhost:8080/service/1" +responds_with \ + "Hello from behind Envoy (service 1)!" \ + http://localhost:8080/service/1 + +run_log "Test service: localhost:8080/service/2" +responds_with \ + "Hello from behind Envoy (service 2)!" \ + http://localhost:8080/service/2 + +run_log "Test service: https://localhost:8443/service/1" +responds_with \ + "Hello from behind Envoy (service 1)!" \ + -k https://localhost:8443/service/1 + +run_log "Scale up docker service1=3" +docker-compose scale service1=3 +run_log "Snooze for 5 while docker-compose scales..." +sleep 5 + +run_log "Test round-robin localhost:8080/service/1" +docker-compose exec -T front-envoy bash -c "\ + curl -s http://localhost:8080/service/1 \ + && curl -s http://localhost:8080/service/1 \ + && curl -s http://localhost:8080/service/1" \ + | grep Hello | grep "service 1" + + +run_log "Test service inside front-envoy: localhost:8080/service/2" +docker-compose exec -T front-envoy curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" + +run_log "Test service info: localhost:8080/server_info" +docker-compose exec -T front-envoy curl http://localhost:8001/server_info | jq '.' + +run_log "Test service stats: localhost:8080/stats" +docker-compose exec -T front-envoy curl http://localhost:8001/stats | grep ":" diff --git a/examples/grpc-bridge/verify.sh b/examples/grpc-bridge/verify.sh new file mode 100755 index 0000000000000..6b2dfe4c502fa --- /dev/null +++ b/examples/grpc-bridge/verify.sh @@ -0,0 +1,24 @@ +#!/bin/bash -e + +export NAME=grpc-bridge +# this allows us to bring up the stack manually after generating stubs +export MANUAL=true + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Generate protocol stubs" +docker-compose -f docker-compose-protos.yaml up +docker container prune -f + +ls client/kv/kv_pb2.py +ls server/kv/kv.pb.go + +bring_up_example + +run_log "Set key value foo=bar" +docker-compose exec -T grpc-client /client/grpc-kv-client.py set foo bar | grep setf + +run_log "Get key foo" +docker-compose exec -T grpc-client /client/grpc-kv-client.py get foo | grep bar diff --git a/examples/jaeger-native-tracing/verify.sh b/examples/jaeger-native-tracing/verify.sh new file mode 100755 index 0000000000000..8461a97750e88 --- /dev/null +++ b/examples/jaeger-native-tracing/verify.sh @@ -0,0 +1,18 @@ +#!/bin/bash -e + +export NAME=jaeger-native +export DELAY=10 + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test services" +responds_with \ + Hello \ + http://localhost:8000/trace/1 + +run_log "Test Jaeger UI" +responds_with \ + "" \ + http://localhost:16686 diff --git a/examples/jaeger-tracing/verify.sh b/examples/jaeger-tracing/verify.sh new file mode 100755 index 0000000000000..9882f1f3ed5c2 --- /dev/null +++ b/examples/jaeger-tracing/verify.sh @@ -0,0 +1,17 @@ +#!/bin/bash -e + +export NAME=jaeger-tracing + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test services" +responds_with \ + Hello \ + http://localhost:8000/trace/1 + +run_log "Test Jaeger UI" +responds_with \ + "" \ + http://localhost:16686 diff --git a/examples/load-reporting-service/verify.sh b/examples/load-reporting-service/verify.sh new file mode 100755 index 0000000000000..7ddc13ce1bfe5 --- /dev/null +++ b/examples/load-reporting-service/verify.sh @@ -0,0 +1,18 @@ +#!/bin/bash -e + +export NAME=load-reporting +export UPARGS="--scale http_service=2" + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + +run_log "Send requests" +bash send_requests.sh 2> /dev/null +run_log "Check logs: http 1" +docker-compose logs http_service | grep http_service_1 | grep HTTP | grep 200 + +run_log "Check logs: http 2" +docker-compose logs http_service | grep http_service_2 | grep HTTP | grep 200 + +run_log "Check logs: lrs_server" +docker-compose logs lrs_server | grep "up and running" diff --git a/examples/lua/verify.sh b/examples/lua/verify.sh new file mode 100755 index 0000000000000..56a391da6ad4e --- /dev/null +++ b/examples/lua/verify.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e + +export NAME=lua + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test connection" +responds_with \ + foo \ + http://localhost:8000 diff --git a/examples/mysql/verify.sh b/examples/mysql/verify.sh new file mode 100755 index 0000000000000..3f11c3e545cac --- /dev/null +++ b/examples/mysql/verify.sh @@ -0,0 +1,31 @@ +#!/bin/bash -e + +export NAME=mysql +export DELAY=10 + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + +_mysql () { + local mysql_client + mysql_client=(docker run --network envoymesh mysql:5.5 mysql -h envoy -P 1999 -u root) + "${mysql_client[@]}" "${@}" +} + +run_log "Create a mysql database" +_mysql -e "CREATE DATABASE test;" +_mysql -e "show databases;" + +run_log "Create a mysql table" +_mysql -e "USE test; CREATE TABLE test ( text VARCHAR(255) ); INSERT INTO test VALUES ('hello, world!');" +_mysql -e "SELECT COUNT(*) from test.test;" | grep 1 + +run_log "Check mysql egress stats" +responds_with \ + egress_mysql \ + "http://localhost:8001/stats?filter=egress_mysql" + +run_log "Check mysql TCP stats" +responds_with \ + mysql_tcp \ + "http://localhost:8001/stats?filter=mysql_tcp" diff --git a/examples/redis/verify.sh b/examples/redis/verify.sh new file mode 100755 index 0000000000000..117cb5ffce467 --- /dev/null +++ b/examples/redis/verify.sh @@ -0,0 +1,20 @@ +#!/bin/bash -e + +export NAME=redis + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test set" +redis-cli -h localhost -p 1999 set foo FOO | grep OK +redis-cli -h localhost -p 1999 set bar BAR | grep OK + +run_log "Test get" +redis-cli -h localhost -p 1999 get foo | grep FOO +redis-cli -h localhost -p 1999 get bar | grep BAR + +run_log "Test redis stats" +responds_with \ + egress_redis \ + "http://localhost:8001/stats?usedonly&filter=redis.egress_redis.command" diff --git a/examples/verify-common.sh b/examples/verify-common.sh new file mode 100644 index 0000000000000..4b5494eddfcdd --- /dev/null +++ b/examples/verify-common.sh @@ -0,0 +1,122 @@ +#!/bin/bash -e + +NAME="${NAME:-}" +PATHS="${PATHS:-.}" +MANUAL="${MANUAL:-}" +DELAY="${DELAY:-0}" +UPARGS="${UPARGS:-}" + + +run_log () { + echo -e "\n> [${NAME}] ${*}" +} + +bring_up_example_stack () { + local args path up_args + args=("${UPARGS[@]}") + path="$1" + read -ra up_args <<< "up --build -d ${args[*]}" + + run_log "Pull the images ($path)" + docker-compose pull || return 1 + echo + run_log "Bring up services ($path)" + docker-compose "${up_args[@]}" || return 1 + docker-compose ps + docker-compose logs +} + +bring_up_example () { + local paths + read -ra paths <<< "$(echo "$PATHS" | tr ',' ' ')" + for path in "${paths[@]}"; do + pushd "$path" > /dev/null || return 1 + bring_up_example_stack "$path" || { + echo "ERROR: starting ${NAME} ${path}" >&2 + return 1 + } + popd > /dev/null || return 1 + done + if [ "$DELAY" -ne "0" ]; then + run_log "Snooze for ${DELAY} while ${NAME} gets started" + sleep "$DELAY" + fi +} + +cleanup_stack () { + local path + path="$1" + run_log "Cleanup ($path)" + docker-compose down + docker system prune -f +} + +cleanup () { + local paths + read -ra paths <<< "$(echo "$PATHS" | tr ',' ' ')" + for path in "${paths[@]}"; do + pushd "$path" > /dev/null || return 1 + cleanup_stack "$path" || { + echo "ERROR: cleanup ${NAME} ${path}" >&2 + return 1 + } + popd > /dev/null + done +} + +_curl () { + local curl_command + curl_command=(curl -s) + if [[ ! "$*" =~ "-X" ]]; then + curl_command+=(-X GET) + fi + for arg in "${@}"; do + curl_command+=("$arg") + done + "${curl_command[@]}" || { + echo "ERROR: curl (${curl_command[*]})" >&2 + return 1 + } +} + +responds_with () { + local curl_command expected + expected="$1" + shift + _curl "${@}" | grep "$expected" || { + echo "ERROR: curl expected (${*}): $expected" >&2 + return 1 + } +} + +responds_with_header () { + local expected + expected="$1" + shift + _curl --head "${@}" | grep "$expected" || { + echo "ERROR: curl header (${*}): $expected" >&2 + return 1 + } +} + +responds_without_header () { + local curl_command expected + expected="$1" + shift + _curl --head "${@}" | grep "$expected" | [ "$(wc -l)" -eq 0 ] || { + echo "ERROR: curl without header (${*}): $expected" >&2 + return 1 + } +} + + +trap 'cleanup' EXIT + +if [ -z "$NAME" ]; then + echo "ERROR: You must set the $NAME variable before sourcing this script" >&2 + exit 1 +fi + +if [ -z "$MANUAL" ]; then + bring_up_example +fi diff --git a/examples/zipkin-tracing/verify.sh b/examples/zipkin-tracing/verify.sh new file mode 100755 index 0000000000000..c2135e1d99de6 --- /dev/null +++ b/examples/zipkin-tracing/verify.sh @@ -0,0 +1,19 @@ +#!/bin/bash -e + +export NAME=zipkin + +# shellcheck source=examples/verify-common.sh +. "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" + + +run_log "Test connection" +responds_with \ + "Hello from behind Envoy (service 1)!" \ + http://localhost:8000/trace/1 + +run_log "Test dashboard" +# this could do with using the healthcheck and waiting +sleep 20 +responds_with \ + "" \ + http://localhost:9411/zipkin/ From 79a6fa441aa5982117afb7a7d5031ca08c670b54 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 13 Aug 2020 20:28:22 +0100 Subject: [PATCH 16/28] Cleanups: mostly bash formatting and syntax Signed-off-by: Ryan Northey --- examples/cors/verify.sh | 16 ++++++++-------- examples/fault-injection/verify.sh | 6 ++++-- examples/mysql/verify.sh | 2 +- examples/verify-common.sh | 21 +++++++++++++-------- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/examples/cors/verify.sh b/examples/cors/verify.sh index 908821ef5e6d2..260cc161286a1 100755 --- a/examples/cors/verify.sh +++ b/examples/cors/verify.sh @@ -19,8 +19,8 @@ responds_with \ http://localhost:8002/cors/disabled responds_without_header \ access-control-allow-origin \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/disabled + -H "Origin: http://example.com" \ + http://localhost:8002/cors/disabled run_log "Test cors server: open" responds_with \ @@ -29,8 +29,8 @@ responds_with \ http://localhost:8002/cors/open responds_with_header \ "access-control-allow-origin: http://example.com" \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/open + -H "Origin: http://example.com" \ + http://localhost:8002/cors/open run_log "Test cors server: restricted" responds_with \ @@ -39,9 +39,9 @@ responds_with \ http://localhost:8002/cors/restricted responds_without_header \ access-control-allow-origin \ - -H "Origin: http://example.com" \ - http://localhost:8002/cors/restricted + -H "Origin: http://example.com" \ + http://localhost:8002/cors/restricted responds_with_header \ "access-control-allow-origin: http://foo.envoyproxy.io" \ - -H "Origin: http://foo.envoyproxy.io" \ - http://localhost:8002/cors/restricted + -H "Origin: http://foo.envoyproxy.io" \ + http://localhost:8002/cors/restricted diff --git a/examples/fault-injection/verify.sh b/examples/fault-injection/verify.sh index 0dd2bfe1ca7d5..611acddc15ed8 100755 --- a/examples/fault-injection/verify.sh +++ b/examples/fault-injection/verify.sh @@ -31,7 +31,8 @@ _fault_injection_test () { &> /dev/null run_log "Check logs again" new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") - if [ "$new_codes" -le "$existing_codes" ]; then + if [[ "$new_codes" -le "$existing_codes" ]]; then + echo "ERROR: expected to find new logs with response code $code" >&2 return 1 fi @@ -45,7 +46,8 @@ _fault_injection_test () { &> /dev/null run_log "Check logs again" new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") - if [ "$new_200s" -le "$existing_200s" ]; then + if [[ "$new_200s" -le "$existing_200s" ]]; then + echo "ERROR: expected to find new logs with response code 200" >&2 return 1 fi } diff --git a/examples/mysql/verify.sh b/examples/mysql/verify.sh index 3f11c3e545cac..407d08204ff88 100755 --- a/examples/mysql/verify.sh +++ b/examples/mysql/verify.sh @@ -14,7 +14,7 @@ _mysql () { run_log "Create a mysql database" _mysql -e "CREATE DATABASE test;" -_mysql -e "show databases;" +_mysql -e "show databases;" | grep test run_log "Create a mysql table" _mysql -e "USE test; CREATE TABLE test ( text VARCHAR(255) ); INSERT INTO test VALUES ('hello, world!');" diff --git a/examples/verify-common.sh b/examples/verify-common.sh index 4b5494eddfcdd..b57f93a5c383f 100644 --- a/examples/verify-common.sh +++ b/examples/verify-common.sh @@ -22,8 +22,6 @@ bring_up_example_stack () { echo run_log "Bring up services ($path)" docker-compose "${up_args[@]}" || return 1 - docker-compose ps - docker-compose logs } bring_up_example () { @@ -35,12 +33,19 @@ bring_up_example () { echo "ERROR: starting ${NAME} ${path}" >&2 return 1 } - popd > /dev/null || return 1 + popd > /dev/null done - if [ "$DELAY" -ne "0" ]; then + if [[ "$DELAY" -ne "0" ]]; then run_log "Snooze for ${DELAY} while ${NAME} gets started" sleep "$DELAY" fi + for path in "${paths[@]}"; do + pushd "$path" > /dev/null || return 1 + docker-compose ps + docker-compose logs + popd > /dev/null + done + } cleanup_stack () { @@ -103,7 +108,7 @@ responds_without_header () { local curl_command expected expected="$1" shift - _curl --head "${@}" | grep "$expected" | [ "$(wc -l)" -eq 0 ] || { + _curl --head "${@}" | grep "$expected" | [[ "$(wc -l)" -eq 0 ]] || { echo "ERROR: curl without header (${*}): $expected" >&2 return 1 } @@ -112,11 +117,11 @@ responds_without_header () { trap 'cleanup' EXIT -if [ -z "$NAME" ]; then - echo "ERROR: You must set the $NAME variable before sourcing this script" >&2 +if [[ -z "$NAME" ]]; then + echo "ERROR: You must set the '$NAME' variable before sourcing this script" >&2 exit 1 fi -if [ -z "$MANUAL" ]; then +if [[ -z "$MANUAL" ]]; then bring_up_example fi From 9758da4ccd91beca7e8728dae6eff1a58281a845 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 13 Aug 2020 21:39:05 +0100 Subject: [PATCH 17/28] Cleanup: bash formatting Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 12c5d30df10d3..f99b268299a81 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -32,9 +32,9 @@ run_examples () { cd "${SRCDIR}/examples" || exit 1 examples=$(find . -mindepth 1 -maxdepth 1 -type d -name "$TESTFILTER" | sort) for example in $examples; do - cd $example - ./verify.sh - cd .. + pushd "$example" > /dev/null || return 1 + ./verify.sh + popd > /dev/null || return 1 done } From 03c89e4dc5e5772fde4cae5a32dfda0a9d93dfc6 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 14 Aug 2020 06:59:44 +0100 Subject: [PATCH 18/28] Cleanup: bash vars Signed-off-by: Ryan Northey --- examples/verify-common.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/examples/verify-common.sh b/examples/verify-common.sh index b57f93a5c383f..7bf79026ac0ef 100644 --- a/examples/verify-common.sh +++ b/examples/verify-common.sh @@ -25,7 +25,7 @@ bring_up_example_stack () { } bring_up_example () { - local paths + local path paths read -ra paths <<< "$(echo "$PATHS" | tr ',' ' ')" for path in "${paths[@]}"; do pushd "$path" > /dev/null || return 1 @@ -33,7 +33,7 @@ bring_up_example () { echo "ERROR: starting ${NAME} ${path}" >&2 return 1 } - popd > /dev/null + popd > /dev/null || return 1 done if [[ "$DELAY" -ne "0" ]]; then run_log "Snooze for ${DELAY} while ${NAME} gets started" @@ -43,9 +43,8 @@ bring_up_example () { pushd "$path" > /dev/null || return 1 docker-compose ps docker-compose logs - popd > /dev/null + popd > /dev/null || return 1 done - } cleanup_stack () { @@ -57,7 +56,7 @@ cleanup_stack () { } cleanup () { - local paths + local path paths read -ra paths <<< "$(echo "$PATHS" | tr ',' ' ')" for path in "${paths[@]}"; do pushd "$path" > /dev/null || return 1 @@ -70,7 +69,7 @@ cleanup () { } _curl () { - local curl_command + local arg curl_command curl_command=(curl -s) if [[ ! "$*" =~ "-X" ]]; then curl_command+=(-X GET) @@ -85,7 +84,7 @@ _curl () { } responds_with () { - local curl_command expected + local expected expected="$1" shift _curl "${@}" | grep "$expected" || { @@ -105,7 +104,7 @@ responds_with_header () { } responds_without_header () { - local curl_command expected + local expected expected="$1" shift _curl --head "${@}" | grep "$expected" | [[ "$(wc -l)" -eq 0 ]] || { From 84662375e3dbdce2c37421991754206e57b72ba6 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 20 Aug 2020 15:57:13 +0100 Subject: [PATCH 19/28] Use built images for examples ci tests Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 32 ++++++++++++++++++++------------ ci/verify_examples.sh | 19 +++++++++++++++++++ 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 164f595065122..4e82bb0ff2177 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -37,18 +37,6 @@ jobs: artifactName: format condition: failed() - - job: examples - dependsOn: [] # this removes the implicit dependency on previous stage and causes this to run in parallel. - pool: - vmImage: "ubuntu-18.04" - steps: - - bash: | - sudo apt-get update -y - sudo apt-get install -y -qq --no-install-recommends redis-tools - ci/verify_examples.sh - workingDirectory: $(Build.SourcesDirectory) - displayName: "Verify examples run as documented" - - job: release displayName: "Linux-x64 release" dependsOn: ["format"] @@ -170,6 +158,26 @@ jobs: artifactName: docker condition: always() + - job: examples + dependsOn: ["docker"] + displayName: "Verify examples run as documented" + pool: + vmImage: "ubuntu-18.04" + steps: + - task: DownloadBuildArtifacts@0 + inputs: + buildType: current + artifactName: "docker" + itemPattern: "docker/envoy-docker-images.tar.xz" + downloadType: single + targetPath: $(Build.StagingDirectory) + - bash: | + docker load < $(Build.StagingDirectory)/docker/envoy-docker-images.tar.xz + sudo apt-get update -y + sudo apt-get install -y -qq --no-install-recommends redis-tools + ci/verify_examples.sh + workingDirectory: $(Build.SourcesDirectory) + - job: macOS dependsOn: ["format"] timeoutInMinutes: 360 diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index f99b268299a81..716a4398b2ebf 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -4,6 +4,8 @@ TESTFILTER="${1:-*}" FAILED=() SRCDIR="${SRCDIR:-$(pwd)}" EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docker-compose"} +ENVOY_DOCKER_IMAGE_DIRECTORY="${ENVOY_DOCKER_IMAGE_DIRECTORY:-${BUILD_STAGINGDIRECTORY:-.}/build_images}" +ENVOY_DOCKER_TAR="${ENVOY_DOCKER_IMAGE_DIRECTORY}/envoy-docker-images.tar.xz" trap_errors () { @@ -54,9 +56,26 @@ verify_build_configs () { fi } +load_docker_images () { + echo "Optionally loading images if i find them..." + pwd + ls "$BUILD_STAGINGDIRECTORY" || echo "no staging directory" + ls "$ENVOY_DOCKER_IMAGE_DIRECTORY" || echo "image directory" + ls + + if [[ -f "$ENVOY_DOCKER_TAR" ]]; then + echo "Found docker images, loading..." + else + echo "No images found, continuing..." + fi +} + + verify_build_configs +load_docker_images run_examples + if [ "${#FAILED[@]}" -ne "0" ]; then echo "TESTS FAILED:" for failed in "${FAILED[@]}"; do From acc13b7b542c5817eac48323b782df364d11ac24 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Sat, 22 Aug 2020 09:45:57 +0100 Subject: [PATCH 20/28] Cleanup: add -s to curl in example Signed-off-by: Ryan Northey --- examples/front-proxy/verify.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/front-proxy/verify.sh b/examples/front-proxy/verify.sh index 37fc83683fed6..0e85be8b875a8 100755 --- a/examples/front-proxy/verify.sh +++ b/examples/front-proxy/verify.sh @@ -38,7 +38,7 @@ run_log "Test service inside front-envoy: localhost:8080/service/2" docker-compose exec -T front-envoy curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" run_log "Test service info: localhost:8080/server_info" -docker-compose exec -T front-envoy curl http://localhost:8001/server_info | jq '.' +docker-compose exec -T front-envoy curl -s http://localhost:8001/server_info | jq '.' run_log "Test service stats: localhost:8080/stats" -docker-compose exec -T front-envoy curl http://localhost:8001/stats | grep ":" +docker-compose exec -T front-envoy curl -s http://localhost:8001/stats | grep ":" From bec9c6589505c7a767eb49b4b25ada7e8596d687 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 21 Aug 2020 18:11:23 +0100 Subject: [PATCH 21/28] Tag incoming images Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 4e82bb0ff2177..cba99a6f0cdd5 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -173,8 +173,17 @@ jobs: targetPath: $(Build.StagingDirectory) - bash: | docker load < $(Build.StagingDirectory)/docker/envoy-docker-images.tar.xz + images=($(docker image list --format "{{.Repository}}")) + tags=($(docker image list --format "{{.Tag}}")) + for i in "${!images[@]}"; do + if [[ "${images[i]}" =~ "envoy" ]]; then + docker tag ${images[$i]}:${tags[$i]} ${images[$i]}:latest + fi + done + docker images sudo apt-get update -y sudo apt-get install -y -qq --no-install-recommends redis-tools + export DOCKER_NO_PULL=1 ci/verify_examples.sh workingDirectory: $(Build.SourcesDirectory) From a57a1ef4832f2e5f4b369eadf036e383ddb4a5e1 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 21 Aug 2020 16:03:15 +0100 Subject: [PATCH 22/28] Move image loading to ci and ensure docker uses correct images Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 18 ------------------ examples/verify-common.sh | 17 +++++++++++------ 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index 716a4398b2ebf..e5ab97dd8e348 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -4,8 +4,6 @@ TESTFILTER="${1:-*}" FAILED=() SRCDIR="${SRCDIR:-$(pwd)}" EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docker-compose"} -ENVOY_DOCKER_IMAGE_DIRECTORY="${ENVOY_DOCKER_IMAGE_DIRECTORY:-${BUILD_STAGINGDIRECTORY:-.}/build_images}" -ENVOY_DOCKER_TAR="${ENVOY_DOCKER_IMAGE_DIRECTORY}/envoy-docker-images.tar.xz" trap_errors () { @@ -56,23 +54,7 @@ verify_build_configs () { fi } -load_docker_images () { - echo "Optionally loading images if i find them..." - pwd - ls "$BUILD_STAGINGDIRECTORY" || echo "no staging directory" - ls "$ENVOY_DOCKER_IMAGE_DIRECTORY" || echo "image directory" - ls - - if [[ -f "$ENVOY_DOCKER_TAR" ]]; then - echo "Found docker images, loading..." - else - echo "No images found, continuing..." - fi -} - - verify_build_configs -load_docker_images run_examples diff --git a/examples/verify-common.sh b/examples/verify-common.sh index 7bf79026ac0ef..1c9060e9f4512 100644 --- a/examples/verify-common.sh +++ b/examples/verify-common.sh @@ -1,9 +1,10 @@ #!/bin/bash -e +DELAY="${DELAY:-0}" +DOCKER_NO_PULL="${DOCKER_NO_PULL:-}" +MANUAL="${MANUAL:-}" NAME="${NAME:-}" PATHS="${PATHS:-.}" -MANUAL="${MANUAL:-}" -DELAY="${DELAY:-0}" UPARGS="${UPARGS:-}" @@ -15,10 +16,14 @@ bring_up_example_stack () { local args path up_args args=("${UPARGS[@]}") path="$1" - read -ra up_args <<< "up --build -d ${args[*]}" - - run_log "Pull the images ($path)" - docker-compose pull || return 1 + if [[ -z "$DOCKER_NO_PULL" ]]; then + run_log "Pull the images ($path)" + read -ra up_args <<< "up --build -d ${args[*]}" + else + # this prevents docker pulling the load images in ci + docker-compose build || return 1 + read -ra up_args <<< "up -d ${args[*]}" + fi echo run_log "Bring up services ($path)" docker-compose "${up_args[@]}" || return 1 From 2d01d4fffab03e352f09db8b2ae65da4ca2ac394 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 25 Aug 2020 08:13:16 +0100 Subject: [PATCH 23/28] Cleanup: docker build/pull Signed-off-by: Ryan Northey --- examples/verify-common.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/examples/verify-common.sh b/examples/verify-common.sh index 1c9060e9f4512..d27155f39f0e7 100644 --- a/examples/verify-common.sh +++ b/examples/verify-common.sh @@ -16,17 +16,15 @@ bring_up_example_stack () { local args path up_args args=("${UPARGS[@]}") path="$1" + read -ra up_args <<< "up --build -d ${args[*]}" if [[ -z "$DOCKER_NO_PULL" ]]; then run_log "Pull the images ($path)" - read -ra up_args <<< "up --build -d ${args[*]}" - else - # this prevents docker pulling the load images in ci - docker-compose build || return 1 - read -ra up_args <<< "up -d ${args[*]}" + docker-compose pull + echo fi - echo run_log "Bring up services ($path)" docker-compose "${up_args[@]}" || return 1 + echo } bring_up_example () { From 0ce19a81017b4d36d9d5308dc9f6a95acb0150c8 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 28 Aug 2020 19:52:55 +0100 Subject: [PATCH 24/28] Cleanup: bash linting Signed-off-by: Ryan Northey --- ci/verify_examples.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ci/verify_examples.sh b/ci/verify_examples.sh index e5ab97dd8e348..4e459464aeda4 100755 --- a/ci/verify_examples.sh +++ b/ci/verify_examples.sh @@ -7,16 +7,16 @@ EXCLUDED_BUILD_CONFIGS=${EXCLUDED_BUILD_CONFIGS:-"^./jaeger-native-tracing|docke trap_errors () { - local frame=0 COMMAND LINE SUB FILE - if [ -n "$example" ]; then - COMMAND=" (${example})" + local frame=0 command line sub file + if [[ -n "$example" ]]; then + command=" (${example})" fi set +v - while read -r LINE SUB FILE < <(caller "$frame"); do - if [ "$frame" -ne "0" ]; then - FAILED+=(" > ${SUB}@ ${FILE} :${LINE}") + while read -r line sub file < <(caller "$frame"); do + if [[ "$frame" -ne "0" ]]; then + FAILED+=(" > ${sub}@ ${file} :${line}") else - FAILED+=("${SUB}@ ${FILE} :${LINE}${COMMAND}") + FAILED+=("${sub}@ ${file} :${line}${command}") fi ((frame++)) done @@ -46,7 +46,7 @@ verify_build_configs () { for config in $configs; do grep "\"$config\"" BUILD || missing+=("$config") done - if [ -n "${missing[*]}" ]; then + if [[ -n "${missing[*]}" ]]; then for config in "${missing[@]}"; do echo "Missing config: $config" >&2 done @@ -58,7 +58,7 @@ verify_build_configs run_examples -if [ "${#FAILED[@]}" -ne "0" ]; then +if [[ "${#FAILED[@]}" -ne "0" ]]; then echo "TESTS FAILED:" for failed in "${FAILED[@]}"; do echo "$failed" >&2 From 2685a1339907ebd95d571a0da5b48c4a786d0be7 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 7 Sep 2020 13:47:26 +0100 Subject: [PATCH 25/28] Move verify examples setup to do_ci.sh Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 18 +++--------------- ci/do_ci.sh | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index cba99a6f0cdd5..782bfe17a9f9e 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -171,21 +171,9 @@ jobs: itemPattern: "docker/envoy-docker-images.tar.xz" downloadType: single targetPath: $(Build.StagingDirectory) - - bash: | - docker load < $(Build.StagingDirectory)/docker/envoy-docker-images.tar.xz - images=($(docker image list --format "{{.Repository}}")) - tags=($(docker image list --format "{{.Tag}}")) - for i in "${!images[@]}"; do - if [[ "${images[i]}" =~ "envoy" ]]; then - docker tag ${images[$i]}:${tags[$i]} ${images[$i]}:latest - fi - done - docker images - sudo apt-get update -y - sudo apt-get install -y -qq --no-install-recommends redis-tools - export DOCKER_NO_PULL=1 - ci/verify_examples.sh - workingDirectory: $(Build.SourcesDirectory) + - bash: ./ci/do_ci.sh verify_examples + env: + ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory) - job: macOS dependsOn: ["format"] diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 40fa5312b805c..c3a50698e37eb 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -365,6 +365,22 @@ elif [[ "$CI_TARGET" == "docs" ]]; then echo "generating docs..." docs/build.sh exit 0 +elif [[ "$CI_TARGET" == "verify_examples" ]]; then + echo "verify examples..." + docker load < "$ENVOY_DOCKER_BUILD_DIR/docker/envoy-docker-images.tar.xz" + images=($(docker image list --format "{{.Repository}}")) + tags=($(docker image list --format "{{.Tag}}")) + for i in "${!images[@]}"; do + if [[ "${images[i]}" =~ "envoy" ]]; then + docker tag "${images[$i]}:${tags[$i]}" "${images[$i]}:latest" + fi + done + docker images + sudo apt-get update -y + sudo apt-get install -y -qq --no-install-recommends redis-tools + export DOCKER_NO_PULL=1 + ci/verify_examples.sh + exit 0 else echo "Invalid do_ci.sh target, see ci/README.md for valid targets." exit 1 From cae5ab88adc7f1c6f6795078e0cfda2f6b70e693 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 7 Sep 2020 15:21:15 +0100 Subject: [PATCH 26/28] Allow do_ci to run without build setup Signed-off-by: Ryan Northey --- .azure-pipelines/pipelines.yml | 1 + ci/do_ci.sh | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 782bfe17a9f9e..71528a58c1ee8 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -174,6 +174,7 @@ jobs: - bash: ./ci/do_ci.sh verify_examples env: ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory) + NO_BUILD_SETUP: 1 - job: macOS dependsOn: ["format"] diff --git a/ci/do_ci.sh b/ci/do_ci.sh index c3a50698e37eb..60c2334c4bbf5 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -12,8 +12,11 @@ if [[ "$1" == "fix_format" || "$1" == "check_format" || "$1" == "check_repositor fi SRCDIR="${PWD}" -. "$(dirname "$0")"/setup_cache.sh -. "$(dirname "$0")"/build_setup.sh $build_setup_args +NO_BUILD_SETUP="${NO_BUILD_SETUP:-}" +if [[ -z "$NO_BUILD_SETUP" ]]; then + . "$(dirname "$0")"/setup_cache.sh + . "$(dirname "$0")"/build_setup.sh $build_setup_args +fi cd "${SRCDIR}" if [[ "${ENVOY_BUILD_ARCH}" == "x86_64" ]]; then From b7dd2746bd046599c9edc28d06f3319d321840d9 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 7 Sep 2020 16:45:57 +0100 Subject: [PATCH 27/28] check user env in azure Signed-off-by: Ryan Northey --- ci/do_ci.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 60c2334c4bbf5..b490f5c03b965 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -382,6 +382,9 @@ elif [[ "$CI_TARGET" == "verify_examples" ]]; then sudo apt-get update -y sudo apt-get install -y -qq --no-install-recommends redis-tools export DOCKER_NO_PULL=1 + whoami + getent passwd + umask ci/verify_examples.sh exit 0 else From 28ebcb14e6040bd16c28e10050559294307302d5 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 7 Sep 2020 18:08:59 +0100 Subject: [PATCH 28/28] Set umask for azure user Signed-off-by: Ryan Northey --- ci/do_ci.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index b490f5c03b965..1bde1fd6edb28 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -382,9 +382,7 @@ elif [[ "$CI_TARGET" == "verify_examples" ]]; then sudo apt-get update -y sudo apt-get install -y -qq --no-install-recommends redis-tools export DOCKER_NO_PULL=1 - whoami - getent passwd - umask + umask 027 ci/verify_examples.sh exit 0 else