From 91705a793050771a10cc3d705fd3abeed665f299 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 21 Mar 2022 09:55:39 -0400 Subject: [PATCH 1/3] quic: fixing hostname consistency Signed-off-by: Alyssa Wilk --- envoy/ssl/connection.h | 5 + source/common/http/conn_pool_grid.cc | 43 +-- source/common/http/conn_pool_grid.h | 2 + source/common/http/http3/conn_pool.cc | 21 +- .../http/alternate_protocols_cache/filter.cc | 8 +- .../tls/connection_info_impl_base.cc | 10 + .../tls/connection_info_impl_base.h | 2 + test/common/http/conn_pool_grid_test.cc | 4 +- .../filter_integration_test.cc | 33 +- .../alternate_protocols_cache/filter_test.cc | 2 +- .../on_demand/on_demand_integration_test.cc | 12 +- .../tls/integration/ssl_integration_test.cc | 22 +- test/integration/http_integration.cc | 82 ++--- test/integration/http_integration.h | 10 +- .../multiplexed_upstream_integration_test.cc | 16 +- test/integration/protocol_integration_test.cc | 300 +++++++++--------- .../sds_dynamic_integration_test.cc | 14 +- test/integration/vhds.h | 2 +- test/integration/vhds_integration_test.cc | 4 +- test/mocks/ssl/mocks.h | 1 + 20 files changed, 315 insertions(+), 278 deletions(-) diff --git a/envoy/ssl/connection.h b/envoy/ssl/connection.h index 501a99b80f280..42d8cf3f29554 100644 --- a/envoy/ssl/connection.h +++ b/envoy/ssl/connection.h @@ -142,6 +142,11 @@ class ConnectionInfo { * @return std::string the protocol negotiated via ALPN. **/ virtual const std::string& alpn() const PURE; + + /** + * @return std::string the SNI used to establish the connection. + **/ + virtual const std::string& sni() const PURE; }; using ConnectionInfoConstSharedPtr = std::shared_ptr; diff --git a/source/common/http/conn_pool_grid.cc b/source/common/http/conn_pool_grid.cc index a4f66261ba332..191c151bc7fe7 100644 --- a/source/common/http/conn_pool_grid.cc +++ b/source/common/http/conn_pool_grid.cc @@ -15,6 +15,17 @@ absl::string_view describePool(const ConnectionPool::Instance& pool) { static constexpr uint32_t kDefaultTimeoutMs = 300; +std::string getSni(const Network::TransportSocketOptionsConstSharedPtr& options, + Network::TransportSocketFactory& transport_socket_factory) { + if (options && options->serverNameOverride().has_value()) { + return options->serverNameOverride().value(); + } + auto* quic_socket_factory = + dynamic_cast(&transport_socket_factory); + ASSERT(quic_socket_factory != nullptr); + return quic_socket_factory->clientContextConfig().serverNameIndication(); +} + } // namespace ConnectivityGrid::WrapperCallbacks::WrapperCallbacks(ConnectivityGrid& grid, @@ -102,7 +113,7 @@ void ConnectivityGrid::WrapperCallbacks::deleteThis() { ConnectivityGrid::StreamCreationResult ConnectivityGrid::WrapperCallbacks::newStream() { ENVOY_LOG(trace, "{} pool attempting to create a new stream to host '{}'.", - describePool(**current_), grid_.host_->hostname()); + describePool(**current_), grid_.origin_.hostname_); auto attempt = std::make_unique(*this, current_); LinkedList::moveIntoList(std::move(attempt), connection_attempts_); if (!next_attempt_timer_->enabled()) { @@ -142,7 +153,7 @@ void ConnectivityGrid::WrapperCallbacks::onConnectionAttemptReady( void ConnectivityGrid::WrapperCallbacks::maybeMarkHttp3Broken() { if (http3_attempt_failed_ && tcp_attempt_succeeded_) { - ENVOY_LOG(trace, "Marking HTTP/3 broken for host '{}'.", grid_.host_->hostname()); + ENVOY_LOG(trace, "Marking HTTP/3 broken for host '{}'.", grid_.origin_.hostname_); grid_.markHttp3Broken(); } } @@ -203,13 +214,11 @@ ConnectivityGrid::ConnectivityGrid( priority_(priority), options_(options), transport_socket_options_(transport_socket_options), state_(state), next_attempt_duration_(std::chrono::milliseconds(kDefaultTimeoutMs)), time_source_(time_source), http3_status_tracker_(dispatcher_), - alternate_protocols_(alternate_protocols), quic_stat_names_(quic_stat_names), scope_(scope) { - // ProdClusterManagerFactory::allocateConnPool verifies the protocols are HTTP/1, HTTP/2 and - // HTTP/3. - AlternateProtocolsCache::Origin origin("https", host_->hostname(), - host_->address()->ip()->port()); + alternate_protocols_(alternate_protocols), quic_stat_names_(quic_stat_names), scope_(scope), + origin_("https", getSni(transport_socket_options, host_->transportSocketFactory()), + host_->address()->ip()->port()) { std::chrono::milliseconds rtt = - std::chrono::duration_cast(alternate_protocols_->getSrtt(origin)); + std::chrono::duration_cast(alternate_protocols_->getSrtt(origin_)); if (rtt.count() != 0) { next_attempt_duration_ = std::chrono::milliseconds(rtt.count() * 2); } @@ -378,7 +387,7 @@ void ConnectivityGrid::onIdleReceived() { bool ConnectivityGrid::shouldAttemptHttp3() { if (http3_status_tracker_.isHttp3Broken()) { - ENVOY_LOG(trace, "HTTP/3 is broken to host '{}', skipping.", host_->hostname()); + ENVOY_LOG(trace, "HTTP/3 is broken to host '{}', skipping.", origin_.hostname_); return false; } if (host_->address()->type() != Network::Address::Type::Ip) { @@ -387,13 +396,11 @@ bool ConnectivityGrid::shouldAttemptHttp3() { return false; } uint32_t port = host_->address()->ip()->port(); - // TODO(RyanTheOptimist): Figure out how scheme gets plumbed in here. - AlternateProtocolsCache::Origin origin("https", host_->hostname(), port); OptRef> protocols = - alternate_protocols_->findAlternatives(origin); + alternate_protocols_->findAlternatives(origin_); if (!protocols.has_value()) { ENVOY_LOG(trace, "No alternate protocols available for host '{}', skipping HTTP/3.", - host_->hostname()); + origin_.hostname_); return false; } @@ -402,7 +409,7 @@ bool ConnectivityGrid::shouldAttemptHttp3() { if (!protocol.hostname_.empty() || protocol.port_ != port) { ENVOY_LOG(trace, "Alternate protocol for host '{}' attempts to change host or port, skipping.", - host_->hostname()); + origin_.hostname_); continue; } @@ -414,20 +421,20 @@ bool ConnectivityGrid::shouldAttemptHttp3() { alt_svc, quic::CurrentSupportedVersions()); if (version != quic::ParsedQuicVersion::Unsupported()) { // TODO(RyanTheOptimist): Pass this version down to the HTTP/3 pool. - ENVOY_LOG(trace, "HTTP/3 advertised for host '{}'", host_->hostname()); + ENVOY_LOG(trace, "HTTP/3 advertised for host '{}'", origin_.hostname_); return true; } ENVOY_LOG(trace, "Alternate protocol for host '{}' has unsupported ALPN '{}', skipping.", - host_->hostname(), protocol.alpn_); + origin_.hostname_, protocol.alpn_); } - ENVOY_LOG(trace, "HTTP/3 is not available to host '{}', skipping.", host_->hostname()); + ENVOY_LOG(trace, "HTTP/3 is not available to host '{}', skipping.", origin_.hostname_); return false; } void ConnectivityGrid::onHandshakeComplete() { - ENVOY_LOG(trace, "Marking HTTP/3 confirmed for host '{}'.", host_->hostname()); + ENVOY_LOG(trace, "Marking HTTP/3 confirmed for host '{}'.", origin_.hostname_); markHttp3Confirmed(); } diff --git a/source/common/http/conn_pool_grid.h b/source/common/http/conn_pool_grid.h index 61b97d4b498de..11677d8c8b518 100644 --- a/source/common/http/conn_pool_grid.h +++ b/source/common/http/conn_pool_grid.h @@ -233,6 +233,8 @@ class ConnectivityGrid : public ConnectionPool::Instance, Quic::QuicStatNames& quic_stat_names_; Stats::Scope& scope_; + // The origin for this pool. + AlternateProtocolsCache::Origin origin_; }; } // namespace Http diff --git a/source/common/http/http3/conn_pool.cc b/source/common/http/http3/conn_pool.cc index 5574b8fa468e8..aa6d10b97b3cd 100644 --- a/source/common/http/http3/conn_pool.cc +++ b/source/common/http/http3/conn_pool.cc @@ -24,6 +24,19 @@ uint32_t getMaxStreams(const Upstream::ClusterInfo& cluster) { max_concurrent_streams, 100); } +const Envoy::Ssl::ClientContextConfig& +getConfig(Network::TransportSocketFactory& transport_socket_factory) { + return dynamic_cast(transport_socket_factory) + .clientContextConfig(); +} + +std::string sni(const Network::TransportSocketOptionsConstSharedPtr& options, + Upstream::HostConstSharedPtr host) { + return options && options->serverNameOverride().has_value() + ? options->serverNameOverride().value() + : getConfig(host->transportSocketFactory()).serverNameIndication(); +} + } // namespace ActiveClient::ActiveClient(Envoy::Http::HttpConnPoolImplBase& parent, @@ -56,12 +69,6 @@ void ActiveClient::onMaxStreamsChanged(uint32_t num_streams) { } } -const Envoy::Ssl::ClientContextConfig& -getConfig(Network::TransportSocketFactory& transport_socket_factory) { - return dynamic_cast(transport_socket_factory) - .clientContextConfig(); -} - ConnectionPool::Cancellable* Http3ConnPoolImpl::newStream(Http::ResponseDecoder& response_decoder, ConnectionPool::Callbacks& callbacks, const Instance::StreamOptions& options) { @@ -80,7 +87,7 @@ Http3ConnPoolImpl::Http3ConnPoolImpl( : FixedHttpConnPoolImpl(host, priority, dispatcher, options, transport_socket_options, random_generator, state, client_fn, codec_fn, protocol), quic_info_(Quic::createPersistentQuicInfoForCluster(dispatcher, host->cluster())), - server_id_(getConfig(host->transportSocketFactory()).serverNameIndication(), + server_id_(sni(transport_socket_options, host), static_cast(host_->address()->ip()->port()), false), connect_callback_(connect_callback) {} diff --git a/source/extensions/filters/http/alternate_protocols_cache/filter.cc b/source/extensions/filters/http/alternate_protocols_cache/filter.cc index 88366466cfdda..4a28359990a60 100644 --- a/source/extensions/filters/http/alternate_protocols_cache/filter.cc +++ b/source/extensions/filters/http/alternate_protocols_cache/filter.cc @@ -68,8 +68,14 @@ Http::FilterHeadersStatus Filter::encodeHeaders(Http::ResponseHeaderMap& headers // balanced across them. Upstream::HostDescriptionConstSharedPtr host = encoder_callbacks_->streamInfo().upstreamInfo()->upstreamHost(); + absl::string_view hostname = host->hostname(); + if (encoder_callbacks_->streamInfo().upstreamInfo()->upstreamSslConnection() && + !encoder_callbacks_->streamInfo().upstreamInfo()->upstreamSslConnection()->sni().empty()) { + // In the case the configured hostname and SNI differ, prefer SNI where + // available. + hostname = encoder_callbacks_->streamInfo().upstreamInfo()->upstreamSslConnection()->sni(); + } const uint32_t port = host->address()->ip()->port(); - const std::string& hostname = host->hostname(); Http::AlternateProtocolsCache::Origin origin(Http::Headers::get().SchemeValues.Https, hostname, port); cache_->setAlternatives(origin, protocols); diff --git a/source/extensions/transport_sockets/tls/connection_info_impl_base.cc b/source/extensions/transport_sockets/tls/connection_info_impl_base.cc index 3aa9974ff8b93..8c1ea7b697ac7 100644 --- a/source/extensions/transport_sockets/tls/connection_info_impl_base.cc +++ b/source/extensions/transport_sockets/tls/connection_info_impl_base.cc @@ -202,6 +202,16 @@ const std::string& ConnectionInfoImplBase::alpn() const { return alpn_; } +const std::string& ConnectionInfoImplBase::sni() const { + if (sni_.empty()) { + const char* proto = SSL_get_servername(ssl(), TLSEXT_NAMETYPE_host_name); + if (proto != nullptr) { + sni_ = std::string(proto); + } + } + return sni_; +} + const std::string& ConnectionInfoImplBase::serialNumberPeerCertificate() const { if (!cached_serial_number_peer_certificate_.empty()) { return cached_serial_number_peer_certificate_; diff --git a/source/extensions/transport_sockets/tls/connection_info_impl_base.h b/source/extensions/transport_sockets/tls/connection_info_impl_base.h index f5bfa73b0ee1d..8334ee174a2b6 100644 --- a/source/extensions/transport_sockets/tls/connection_info_impl_base.h +++ b/source/extensions/transport_sockets/tls/connection_info_impl_base.h @@ -39,6 +39,7 @@ class ConnectionInfoImplBase : public Ssl::ConnectionInfo { std::string ciphersuiteString() const override; const std::string& tlsVersion() const override; const std::string& alpn() const override; + const std::string& sni() const override; virtual SSL* ssl() const PURE; @@ -58,6 +59,7 @@ class ConnectionInfoImplBase : public Ssl::ConnectionInfo { mutable std::string cached_session_id_; mutable std::string cached_tls_version_; mutable std::string alpn_; + mutable std::string sni_; }; } // namespace Tls diff --git a/test/common/http/conn_pool_grid_test.cc b/test/common/http/conn_pool_grid_test.cc index 945279c94fa84..8781ab034b779 100644 --- a/test/common/http/conn_pool_grid_test.cc +++ b/test/common/http/conn_pool_grid_test.cc @@ -105,7 +105,9 @@ namespace { class ConnectivityGridTest : public Event::TestUsingSimulatedTime, public testing::Test { public: ConnectivityGridTest() - : options_({Http::Protocol::Http11, Http::Protocol::Http2, Http::Protocol::Http3}), + : transport_socket_options_( + std::make_shared("hostname")), + options_({Http::Protocol::Http11, Http::Protocol::Http2, Http::Protocol::Http3}), alternate_protocols_(std::make_shared(simTime(), nullptr, 10)), quic_stat_names_(store_.symbolTable()) {} diff --git a/test/extensions/filters/http/alternate_protocols_cache/filter_integration_test.cc b/test/extensions/filters/http/alternate_protocols_cache/filter_integration_test.cc index 9c07f86b294d2..b36474bc6d2d2 100644 --- a/test/extensions/filters/http/alternate_protocols_cache/filter_integration_test.cc +++ b/test/extensions/filters/http/alternate_protocols_cache/filter_integration_test.cc @@ -112,8 +112,9 @@ TEST_P(FilterIntegrationTest, AltSvc) { codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); Http::TestRequestHeaderMapImpl request_headers{ - {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; + {":method", "POST"}, {":path", "/test/long/url"}, + {":scheme", "http"}, {":authority", "sni.lyft.com"}, + {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; int port = fake_upstreams_[1]->localAddress()->ip()->port(); std::string alt_svc = absl::StrCat("h3=\":", port, "\"; ma=86400"); Http::TestResponseHeaderMapImpl response_headers{{":status", "200"}, {"alt-svc", alt_svc}}; @@ -150,7 +151,7 @@ TEST_P(FilterIntegrationTest, H3PostHandshakeFailoverToTcp) { {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "http3-post-connect-failure"}}; @@ -168,7 +169,6 @@ TEST_P(FilterIntegrationTest, H3PostHandshakeFailoverToTcp) { ASSERT_TRUE(fake_upstream_connection_->close()); test_server_->waitForCounterEq("cluster.cluster_0.upstream_cx_destroy", 1); fake_upstream_connection_.reset(); - // Second request should go out over HTTP/3 because of the Alt-Svc information. auto response2 = codec_client_->makeHeaderOnlyRequest(request_headers); waitForNextUpstreamRequest(1); @@ -199,22 +199,14 @@ INSTANTIATE_TEST_SUITE_P(Protocols, FilterIntegrationTest, // an HTTP/2 or an HTTP/3 upstream (but not both). class MixedUpstreamIntegrationTest : public FilterIntegrationTest { protected: - void initialize() override { - // TODO(alyssawilk) there's no config guarantee that SNI and hostname - // match, but alt-svc rtt caching doesn't work unless they do. Fix. - config_helper_.addConfigModifier( - [&](envoy::config::bootstrap::v3::Bootstrap& bootstrap) -> void { - auto cluster = bootstrap.mutable_static_resources()->mutable_clusters(0); - auto locality_lb = cluster->mutable_load_assignment()->mutable_endpoints(0); - auto endpoint = locality_lb->mutable_lb_endpoints(0)->mutable_endpoint(); - endpoint->set_hostname("foo.lyft.com"); - }); - FilterIntegrationTest::initialize(); + MixedUpstreamIntegrationTest() { + TestEnvironment::writeStringToFileForTest("alt_svc_cache.txt", ""); + default_request_headers_.setHost("sni.lyft.com"); } void writeFile() { uint32_t port = fake_upstreams_[0]->localAddress()->ip()->port(); - std::string key = absl::StrCat("https://foo.lyft.com:", port); + std::string key = absl::StrCat("https://sni.lyft.com:", port); size_t seconds = std::chrono::duration_cast( timeSystem().monotonicTime().time_since_epoch()) @@ -248,10 +240,13 @@ int getSrtt(std::string alt_svc, TimeSource& time_source) { auto data = Http::AlternateProtocolsCacheImpl::originDataFromString(alt_svc, time_source); return data.has_value() ? data.value().srtt.count() : 0; } + // Test auto-config with a pre-populated HTTP/3 alt-svc entry. The upstream request will // occur over HTTP/3. TEST_P(MixedUpstreamIntegrationTest, BasicRequestAutoWithHttp3) { - testRouterRequestAndResponseWithBody(0, 0, false); + initialize(); + codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); + sendRequestAndWaitForResponse(default_request_headers_, 0, default_response_headers_, 0, 0); cleanupUpstreamAndDownstream(); std::string alt_svc; @@ -286,7 +281,9 @@ TEST_P(MixedUpstreamIntegrationTest, SimultaneousLargeRequestsAutoWithHttp3) { TEST_P(MixedUpstreamIntegrationTest, BasicRequestAutoWithHttp2) { // Only create an HTTP/2 upstream. use_http2_ = true; - testRouterRequestAndResponseWithBody(0, 0, false); + initialize(); + codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); + sendRequestAndWaitForResponse(default_request_headers_, 0, default_response_headers_, 0, 0); } // Same as above, only multiple requests. diff --git a/test/extensions/filters/http/alternate_protocols_cache/filter_test.cc b/test/extensions/filters/http/alternate_protocols_cache/filter_test.cc index dd11f5717fe88..7e415c24d630d 100644 --- a/test/extensions/filters/http/alternate_protocols_cache/filter_test.cc +++ b/test/extensions/filters/http/alternate_protocols_cache/filter_test.cc @@ -105,7 +105,7 @@ TEST_F(FilterTest, ValidAltSvc) { std::shared_ptr hd = std::make_shared(); testing::NiceMock stream_info; - EXPECT_CALL(callbacks_, streamInfo()).WillOnce(ReturnRef(stream_info)); + EXPECT_CALL(callbacks_, streamInfo()).Times(2).WillOnce(ReturnRef(stream_info)); stream_info.upstreamInfo()->setUpstreamHost(hd); EXPECT_CALL(*hd, hostname()).WillOnce(ReturnRef(hostname)); EXPECT_CALL(*hd, address()).WillOnce(Return(address)); diff --git a/test/extensions/filters/http/on_demand/on_demand_integration_test.cc b/test/extensions/filters/http/on_demand/on_demand_integration_test.cc index e63318851ae26..3e39c3af84ce5 100644 --- a/test/extensions/filters/http/on_demand/on_demand_integration_test.cc +++ b/test/extensions/filters/http/on_demand/on_demand_integration_test.cc @@ -61,7 +61,7 @@ on_demand: true auto response = codec_client_->makeHeaderOnlyRequest( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/meh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", "x-foo-key=foo"}}); createRdsStream("foo_route1"); @@ -119,7 +119,7 @@ route_configuration_name: {} auto response = codec_client_->makeHeaderOnlyRequest( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/meh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", "x-foo-key=bar"}}); ASSERT_TRUE(response->waitForEndStream()); @@ -169,7 +169,7 @@ route_configuration_name: {} auto response = codec_client_->makeHeaderOnlyRequest( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/neh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", "x-foo-key=foo"}}); ASSERT_TRUE(response->waitForEndStream()); @@ -225,7 +225,7 @@ on_demand: true auto response = codec_client_->makeHeaderOnlyRequest( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/neh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", "x-foo-key=bar"}}); ASSERT_TRUE(response->waitForEndStream()); @@ -283,7 +283,7 @@ on_demand: true sendRequestAndVerifyResponse( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/meh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", fmt::format("x-foo-key={}", scope_key)}}, 456, Http::TestResponseHeaderMapImpl{{":status", "200"}, {"service", scope_key}}, 123, 0); @@ -323,7 +323,7 @@ on_demand: true auto response = codec_client_->makeHeaderOnlyRequest( Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/meh"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {":scheme", "http"}, {"Addr", "x-foo-key=foo"}}); test_server_->waitForCounterGe("http.config_test.rds.foo_route1.update_attempt", 1); diff --git a/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc b/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc index 0e1b6d9f14ffe..e2caa1ee4ac60 100644 --- a/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc +++ b/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc @@ -653,8 +653,9 @@ TEST_P(SslTapIntegrationTest, TwoRequestsWithBinaryProto) { const uint64_t first_id = Network::ConnectionImpl::nextGlobalIdForTest() + 1; codec_client_ = makeHttpConnection(creator()); Http::TestRequestHeaderMapImpl post_request_headers{ - {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; + {":method", "POST"}, {":path", "/test/long/url"}, + {":scheme", "http"}, {":authority", "sni.lyft.com"}, + {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; auto response = sendRequestAndWaitForResponse(post_request_headers, 128, default_response_headers_, 256); EXPECT_TRUE(upstream_request_->complete()); @@ -693,8 +694,9 @@ TEST_P(SslTapIntegrationTest, TwoRequestsWithBinaryProto) { const uint64_t second_id = Network::ConnectionImpl::nextGlobalIdForTest() + 1; codec_client_ = makeHttpConnection(creator()); Http::TestRequestHeaderMapImpl get_request_headers{ - {":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; + {":method", "GET"}, {":path", "/test/long/url"}, + {":scheme", "http"}, {":authority", "sni.lyft.com"}, + {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; response = sendRequestAndWaitForResponse(get_request_headers, 128, default_response_headers_, 256); EXPECT_TRUE(upstream_request_->complete()); @@ -729,8 +731,10 @@ TEST_P(SslTapIntegrationTest, TruncationWithMultipleDataFrames) { const uint64_t id = Network::ConnectionImpl::nextGlobalIdForTest() + 1; codec_client_ = makeHttpConnection(creator()); - const Http::TestRequestHeaderMapImpl request_headers{ - {":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, {":authority", "host"}}; + const Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}}; auto result = codec_client_->startRequest(request_headers); auto response = std::move(result.second); Buffer::OwnedImpl data1("one"); @@ -776,7 +780,7 @@ TEST_P(SslTapIntegrationTest, RequestWithTextProto) { TestUtility::loadFromFile(fmt::format("{}_{}.pb_text", path_prefix_, id), trace, *api_); // Test some obvious properties. EXPECT_TRUE(absl::StartsWith(trace.socket_buffered_trace().events(0).read().data().as_bytes(), - "POST /test/long/url HTTP/1.1")); + "GET /test/long/url HTTP/1.1")); EXPECT_TRUE(absl::StartsWith(trace.socket_buffered_trace().events(1).write().data().as_bytes(), "HTTP/1.1 200 OK")); EXPECT_TRUE(trace.socket_buffered_trace().read_truncated()); @@ -806,7 +810,7 @@ TEST_P(SslTapIntegrationTest, RequestWithJsonBodyAsStringUpstreamTap) { TestUtility::loadFromFile(fmt::format("{}_{}.json", path_prefix_, id), trace, *api_); // Test some obvious properties. - EXPECT_EQ(trace.socket_buffered_trace().events(0).write().data().as_string(), "POST"); + EXPECT_EQ(trace.socket_buffered_trace().events(0).write().data().as_string(), "GET "); EXPECT_EQ(trace.socket_buffered_trace().events(1).read().data().as_string(), "HTTP/"); EXPECT_TRUE(trace.socket_buffered_trace().read_truncated()); EXPECT_TRUE(trace.socket_buffered_trace().write_truncated()); @@ -845,7 +849,7 @@ TEST_P(SslTapIntegrationTest, RequestWithStreamingUpstreamTap) { EXPECT_TRUE(traces[0].socket_streamed_trace_segment().connection().has_remote_address()); // Verify truncated request/response data. - EXPECT_EQ(traces[1].socket_streamed_trace_segment().event().write().data().as_bytes(), "POST"); + EXPECT_EQ(traces[1].socket_streamed_trace_segment().event().write().data().as_bytes(), "GET "); EXPECT_TRUE(traces[1].socket_streamed_trace_segment().event().write().data().truncated()); EXPECT_EQ(traces[2].socket_streamed_trace_segment().event().read().data().as_bytes(), "HTTP/"); EXPECT_TRUE(traces[2].socket_streamed_trace_segment().event().read().data().truncated()); diff --git a/test/integration/http_integration.cc b/test/integration/http_integration.cc index fa2aa4d9a5236..a3660e16643d3 100644 --- a/test/integration/http_integration.cc +++ b/test/integration/http_integration.cc @@ -565,19 +565,15 @@ void HttpIntegrationTest::testRouterRequestAndResponseWithBody( initialize(); codec_client_ = makeHttpConnection( create_connection ? ((*create_connection)()) : makeClientConnection((lookupPort("http")))); - Http::TestRequestHeaderMapImpl request_headers{ - {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-lyft-user-id", "123"}, {"x-forwarded-for", "10.0.0.1"}}; - Http::TestResponseHeaderMapImpl response_headers{{":status", "200"}}; if (set_content_length_header) { - request_headers.setContentLength(request_size); - response_headers.setContentLength(response_size); + default_request_headers_.setContentLength(request_size); + default_response_headers_.setContentLength(response_size); } if (big_header) { - request_headers.addCopy("big", std::string(4096, 'a')); + default_request_headers_.addCopy("big", std::string(4096, 'a')); } - auto response = sendRequestAndWaitForResponse(request_headers, request_size, response_headers, - response_size, 0, timeout); + auto response = sendRequestAndWaitForResponse( + default_request_headers_, request_size, default_response_headers_, response_size, 0, timeout); checkSimpleRequestSuccess(request_size, response_size, response.get()); } @@ -589,15 +585,14 @@ void HttpIntegrationTest::testRouterUpstreamProtocolError(const std::string& exp codec_client_ = makeHttpConnection(lookupPort("http")); auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{ - {":method", "GET"}, {":path", "/test/long/url"}, {":authority", "host"}}); + {":method", "GET"}, {":path", "/test/long/url"}, {":authority", "sni.lyft.com"}}); auto response = std::move(encoder_decoder.second); FakeRawConnectionPtr fake_upstream_connection; ASSERT_TRUE(fake_upstreams_[0]->waitForRawConnection(fake_upstream_connection)); - // TODO(mattklein123): Waiting for exact amount of data is a hack. This needs to - // be fixed. std::string data; - ASSERT_TRUE(fake_upstream_connection->waitForData(187, &data)); + ASSERT_TRUE(fake_upstream_connection->waitForData( + FakeRawConnection::waitForInexactMatch("\r\n\r\n"), &data)); ASSERT_TRUE(fake_upstream_connection->write("bad protocol data!")); ASSERT_TRUE(fake_upstream_connection->waitForDisconnect()); ASSERT_TRUE(codec_client_->waitForDisconnect()); @@ -620,12 +615,11 @@ HttpIntegrationTest::makeHeaderOnlyRequest(ConnectionCreationFunction* create_co } codec_client_ = makeHttpConnection( create_connection ? ((*create_connection)()) : makeClientConnection((lookupPort("http")))); - Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"}, - {":path", path}, - {":scheme", "http"}, - {":authority", authority}, - {"x-lyft-user-id", "123"}}; - return sendRequestAndWaitForResponse(request_headers, 0, default_response_headers_, 0, + if (!authority.empty()) { + default_request_headers_.setHost(authority); + } + default_request_headers_.setPath(path); + return sendRequestAndWaitForResponse(default_request_headers_, 0, default_response_headers_, 0, upstream_index); } @@ -687,7 +681,7 @@ void HttpIntegrationTest::testRouterVirtualClusters() { Http::TestRequestHeaderMapImpl request_headers{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {matching_header, "true"}}; auto response = sendRequestAndWaitForResponse(request_headers, 0, default_response_headers_, 0); @@ -696,12 +690,8 @@ void HttpIntegrationTest::testRouterVirtualClusters() { test_server_->waitForCounterEq("vhost.integration.vcluster.test_vcluster.upstream_rq_total", 1); test_server_->waitForCounterEq("vhost.integration.vcluster.other.upstream_rq_total", 0); - Http::TestRequestHeaderMapImpl request_headers2{{":method", "POST"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}}; - - auto response2 = sendRequestAndWaitForResponse(request_headers2, 0, default_response_headers_, 0); + auto response2 = + sendRequestAndWaitForResponse(default_request_headers_, 0, default_response_headers_, 0); checkSimpleRequestSuccess(0, 0, response2.get()); test_server_->waitForCounterEq("vhost.integration.vcluster.test_vcluster.upstream_rq_total", 1); @@ -873,7 +863,7 @@ void HttpIntegrationTest::testRetry() { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -902,7 +892,7 @@ void HttpIntegrationTest::testRetry() { // Tests that the x-envoy-attempt-count header is properly set on the upstream request // and updated after the request is retried. void HttpIntegrationTest::testRetryAttemptCountHeader() { - auto host = config_helper_.createVirtualHost("host", "/test_retry"); + auto host = config_helper_.createVirtualHost("sni.lyft.com", "/test_retry"); host.set_include_request_attempt_count(true); host.set_include_attempt_count_in_response(true); config_helper_.addVirtualHost(host); @@ -913,7 +903,7 @@ void HttpIntegrationTest::testRetryAttemptCountHeader() { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test_retry"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -952,7 +942,7 @@ void HttpIntegrationTest::testGrpcRetry() { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-grpc-on", "cancelled"}}); request_encoder_ = &encoder_decoder.first; @@ -997,7 +987,7 @@ void HttpIntegrationTest::testEnvoyHandling1xx(bool additional_continue_from_ups codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/dynamo/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"expect", "100-continue"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -1068,7 +1058,7 @@ void HttpIntegrationTest::testEnvoyProxying1xx(bool continue_before_upstream_com codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/dynamo/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"expect", "100-continue"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -1177,7 +1167,7 @@ void HttpIntegrationTest::testLargeRequestUrl(uint32_t url_size, uint32_t max_he Http::TestRequestHeaderMapImpl big_headers{{":method", "GET"}, {":path", "/" + std::string(url_size * 1024, 'a')}, {":scheme", "http"}, - {":authority", "host"}}; + {":authority", "sni.lyft.com"}}; initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); @@ -1220,8 +1210,10 @@ void HttpIntegrationTest::testLargeRequestHeaders(uint32_t size, uint32_t count, setMaxRequestHeadersKb(max_size); setMaxRequestHeadersCount(max_count); - Http::TestRequestHeaderMapImpl big_headers{ - {":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, {":authority", "host"}}; + Http::TestRequestHeaderMapImpl big_headers{{":method", "GET"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}}; // Already added four headers. for (unsigned int i = 0; i < count; i++) { @@ -1314,7 +1306,7 @@ void HttpIntegrationTest::testManyRequestHeaders(std::chrono::milliseconds time) {{Http::Headers::get().Method, "GET"}, {Http::Headers::get().Path, "/test/long/url"}, {Http::Headers::get().Scheme, "http"}, - {Http::Headers::get().Host, "host"}}); + {Http::Headers::get().Host, "sni.lyft.com"}}); for (int i = 0; i < 10000; i++) { big_headers->addCopy(Http::LowerCaseString(std::to_string(i)), std::string(0, 'a')); @@ -1338,7 +1330,7 @@ void HttpIntegrationTest::testDownstreamResetBeforeResponseComplete() { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"cookie", "a=b"}, {"cookie", "c=d"}}); request_encoder_ = &encoder_decoder.first; @@ -1385,7 +1377,7 @@ void HttpIntegrationTest::testTrailers(uint64_t request_size, uint64_t response_ codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); codec_client_->sendData(*request_encoder_, request_size, false); @@ -1422,7 +1414,7 @@ void HttpIntegrationTest::testAdminDrain(Http::CodecType admin_request_type) { Http::TestRequestHeaderMapImpl request_headers{{":method", "HEAD"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}; + {":authority", "sni.lyft.com"}}; IntegrationStreamDecoderPtr response = codec_client_->makeHeaderOnlyRequest(request_headers); waitForNextUpstreamRequest(0); @@ -1469,22 +1461,14 @@ void HttpIntegrationTest::simultaneousRequest(uint32_t request1_bytes, uint32_t codec_client_ = makeHttpConnection(lookupPort("http")); // Start request 1 - auto encoder_decoder1 = - codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}}); + auto encoder_decoder1 = codec_client_->startRequest(default_request_headers_); Http::RequestEncoder* encoder1 = &encoder_decoder1.first; auto response1 = std::move(encoder_decoder1.second); ASSERT_TRUE(fake_upstreams_[0]->waitForHttpConnection(*dispatcher_, fake_upstream_connection_)); ASSERT_TRUE(fake_upstream_connection_->waitForNewStream(*dispatcher_, upstream_request1)); // Start request 2 - auto encoder_decoder2 = - codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}}); + auto encoder_decoder2 = codec_client_->startRequest(default_request_headers_); Http::RequestEncoder* encoder2 = &encoder_decoder2.first; auto response2 = std::move(encoder_decoder2.second); ASSERT_TRUE(fake_upstream_connection_->waitForNewStream(*dispatcher_, upstream_request2)); diff --git a/test/integration/http_integration.h b/test/integration/http_integration.h index 0b777b0731d31..1b0b7d5658dec 100644 --- a/test/integration/http_integration.h +++ b/test/integration/http_integration.h @@ -208,7 +208,7 @@ class HttpIntegrationTest : public BaseIntegrationTest { IntegrationStreamDecoderPtr makeHeaderOnlyRequest(ConnectionCreationFunction* create_connection, int upstream_index, const std::string& path = "/test/long/url", - const std::string& authority = "host"); + const std::string& overwrite_authority = ""); void testRouterNotFound(); void testRouterNotFoundWithBody(); void testRouterVirtualClusters(); @@ -221,7 +221,7 @@ class HttpIntegrationTest : public BaseIntegrationTest { void testRouterHeaderOnlyRequestAndResponse(ConnectionCreationFunction* creator = nullptr, int upstream_index = 0, const std::string& path = "/test/long/url", - const std::string& authority = "host"); + const std::string& overwrite_authority = ""); void testRequestAndResponseShutdownWithActiveConnection(); // Disconnect tests @@ -290,8 +290,10 @@ class HttpIntegrationTest : public BaseIntegrationTest { Http::RequestEncoder* request_encoder_{nullptr}; // The response headers sent by sendRequestAndWaitForResponse() by default. Http::TestResponseHeaderMapImpl default_response_headers_{{":status", "200"}}; - Http::TestRequestHeaderMapImpl default_request_headers_{ - {":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, {":authority", "host"}}; + Http::TestRequestHeaderMapImpl default_request_headers_{{":method", "GET"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}}; // The codec type for the client-to-Envoy connection Http::CodecType downstream_protocol_{Http::CodecType::HTTP1}; std::string access_log_name_; diff --git a/test/integration/multiplexed_upstream_integration_test.cc b/test/integration/multiplexed_upstream_integration_test.cc index ba27c8a677593..5c3204972f88f 100644 --- a/test/integration/multiplexed_upstream_integration_test.cc +++ b/test/integration/multiplexed_upstream_integration_test.cc @@ -124,7 +124,7 @@ void MultiplexedUpstreamIntegrationTest::bidirectionalStreaming(uint32_t bytes) codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto response = std::move(encoder_decoder.second); request_encoder_ = &encoder_decoder.first; ASSERT_TRUE(fake_upstreams_[0]->waitForHttpConnection(*dispatcher_, fake_upstream_connection_)); @@ -196,7 +196,7 @@ TEST_P(MultiplexedUpstreamIntegrationTest, BidirectionalStreamingReset) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto response = std::move(encoder_decoder.second); request_encoder_ = &encoder_decoder.first; ASSERT_TRUE(fake_upstreams_[0]->waitForHttpConnection(*dispatcher_, fake_upstream_connection_)); @@ -255,7 +255,7 @@ void MultiplexedUpstreamIntegrationTest::manySimultaneousRequests(uint32_t reque {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {AutonomousStream::RESPONSE_SIZE_BYTES, std::to_string(response_bytes[i])}, {AutonomousStream::EXPECT_REQUEST_SIZE_BYTES, std::to_string(request_bytes)}}; if (i % 2 == 0) { @@ -362,7 +362,7 @@ TEST_P(MultiplexedUpstreamIntegrationTest, UpstreamConnectionCloseWithManyStream codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); encoders.push_back(&encoder_decoder.first); responses.push_back(std::move(encoder_decoder.second)); @@ -448,7 +448,7 @@ name: router codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"te", "trailers"}}); auto downstream_request = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -557,7 +557,7 @@ TEST_P(MultiplexedUpstreamIntegrationTest, NoInitialStreams) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}, {"x-envoy-upstream-rq-per-try-timeout-ms", "100"}, @@ -596,7 +596,7 @@ TEST_P(MultiplexedUpstreamIntegrationTest, MultipleRequestsLowStreamLimit) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {AutonomousStream::NO_END_STREAM, "true"}}); // Wait until the response is sent to ensure the SETTINGS frame has been read // by Envoy. @@ -670,7 +670,7 @@ TEST_P(MultiplexedUpstreamIntegrationTest, EarlyDataRejected) { Http::TestRequestHeaderMapImpl request{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"Early-Data", "1"}}; auto response2 = codec_client_->makeHeaderOnlyRequest(request); waitForNextUpstreamRequest(0); diff --git a/test/integration/protocol_integration_test.cc b/test/integration/protocol_integration_test.cc index 33a65d23b4de3..93d4439a4d4c4 100644 --- a/test/integration/protocol_integration_test.cc +++ b/test/integration/protocol_integration_test.cc @@ -83,14 +83,14 @@ TEST_P(DownstreamProtocolIntegrationTest, RouterNotFoundBodyNoBuffer) { TEST_P(DownstreamProtocolIntegrationTest, RouterClusterNotFound404) { config_helper_.addConfigModifier(&setDoNotValidateRouteConfig); config_helper_.addConfigModifier(configureProxyStatus()); - auto host = config_helper_.createVirtualHost("foo.com", "/unknown", "unknown_cluster"); + auto host = config_helper_.createVirtualHost("foo.lyft.com", "/unknown", "unknown_cluster"); host.mutable_routes(0)->mutable_route()->set_cluster_not_found_response_code( envoy::config::route::v3::RouteAction::NOT_FOUND); config_helper_.addVirtualHost(host); initialize(); BufferingStreamDecoderPtr response = IntegrationUtil::makeSingleRequest( - lookupPort("http"), "GET", "/unknown", "", downstream_protocol_, version_, "foo.com"); + lookupPort("http"), "GET", "/unknown", "", downstream_protocol_, version_, "foo.lyft.com"); ASSERT_TRUE(response->complete()); EXPECT_EQ("404", response->headers().getStatusValue()); EXPECT_EQ(response->headers().getProxyStatusValue(), @@ -99,7 +99,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RouterClusterNotFound404) { TEST_P(DownstreamProtocolIntegrationTest, TestHostWhitespacee) { config_helper_.addConfigModifier(&setDoNotValidateRouteConfig); - auto host = config_helper_.createVirtualHost("foo.com", "/unknown", "unknown_cluster"); + auto host = config_helper_.createVirtualHost("foo.lyft.com", "/unknown", "unknown_cluster"); host.mutable_routes(0)->mutable_route()->set_cluster_not_found_response_code( envoy::config::route::v3::RouteAction::NOT_FOUND); config_helper_.addVirtualHost(host); @@ -107,7 +107,7 @@ TEST_P(DownstreamProtocolIntegrationTest, TestHostWhitespacee) { codec_client_ = makeHttpConnection(lookupPort("http")); auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{ - {":method", "GET"}, {":authority", " foo.com "}, {":path", "/unknown"}}); + {":method", "GET"}, {":authority", " foo.lyft.com "}, {":path", "/unknown"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -126,14 +126,14 @@ TEST_P(DownstreamProtocolIntegrationTest, TestHostWhitespacee) { // Add a route that uses unknown cluster (expect 503 Service Unavailable). TEST_P(DownstreamProtocolIntegrationTest, RouterClusterNotFound503) { config_helper_.addConfigModifier(&setDoNotValidateRouteConfig); - auto host = config_helper_.createVirtualHost("foo.com", "/unknown", "unknown_cluster"); + auto host = config_helper_.createVirtualHost("foo.lyft.com", "/unknown", "unknown_cluster"); host.mutable_routes(0)->mutable_route()->set_cluster_not_found_response_code( envoy::config::route::v3::RouteAction::SERVICE_UNAVAILABLE); config_helper_.addVirtualHost(host); initialize(); BufferingStreamDecoderPtr response = IntegrationUtil::makeSingleRequest( - lookupPort("http"), "GET", "/unknown", "", downstream_protocol_, version_, "foo.com"); + lookupPort("http"), "GET", "/unknown", "", downstream_protocol_, version_, "foo.lyft.com"); ASSERT_TRUE(response->complete()); EXPECT_EQ("503", response->headers().getStatusValue()); } @@ -355,7 +355,7 @@ TEST_P(ProtocolIntegrationTest, ResponseWithHostHeader) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders( Http::TestResponseHeaderMapImpl{{":status", "200"}, {"host", "host"}}, true); @@ -375,7 +375,7 @@ TEST_P(ProtocolIntegrationTest, Upstream304ResponseWithContentLength) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"if-none-match", "\"1234567890\""}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders(Http::TestResponseHeaderMapImpl{{":status", "304"}, @@ -396,7 +396,7 @@ TEST_P(ProtocolIntegrationTest, Upstream304ResponseWithContentLength) { Http::TestRequestHeaderMapImpl{{":method", "HEAD"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"if-none-match", "\"1234567890\""}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders(Http::TestResponseHeaderMapImpl{{":status", "304"}, @@ -421,7 +421,7 @@ TEST_P(ProtocolIntegrationTest, 304ResponseWithoutContentLength) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"if-none-match", "\"1234567890\""}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders( @@ -443,7 +443,7 @@ TEST_P(ProtocolIntegrationTest, 304HeadResponseWithoutContentLength) { Http::TestRequestHeaderMapImpl{{":method", "HEAD"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"if-none-match", "\"1234567890\""}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders( @@ -463,7 +463,7 @@ TEST_P(ProtocolIntegrationTest, 200HeadResponseWithContentLength) { Http::TestRequestHeaderMapImpl{{":method", "HEAD"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"if-none-match", "\"1234567890\""}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders( @@ -495,7 +495,7 @@ TEST_P(DownstreamProtocolIntegrationTest, DownstreamRequestWithFaultyFilter) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"remove-method", "yes"}}); ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); @@ -507,7 +507,7 @@ TEST_P(DownstreamProtocolIntegrationTest, DownstreamRequestWithFaultyFilter) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"remove-path", "yes"}}); ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); @@ -559,7 +559,7 @@ TEST_P(DownstreamProtocolIntegrationTest, MissingHeadersLocalReply) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"remove-method", "yes"}, {"send-reply", "yes"}}); ASSERT_TRUE(response->waitForEndStream()); @@ -581,13 +581,13 @@ TEST_P(DownstreamProtocolIntegrationTest, MissingHeadersLocalReplyDownstreamByte Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"remove-method", "yes"}, {"send-reply", "yes"}}); ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); EXPECT_EQ("200", response->headers().getStatusValue()); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(90, 80, 71, 46), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(90, 88, 71, 54), BytesCountExpectation(0, 58, 0, 58), BytesCountExpectation(7, 10, 7, 8)); } @@ -605,7 +605,7 @@ TEST_P(DownstreamProtocolIntegrationTest, MissingHeadersLocalReplyUpstreamBytesC Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"remove-method", "yes"}, {"send-reply", "yes"}}); ASSERT_TRUE(response->waitForEndStream()); @@ -624,14 +624,14 @@ TEST_P(DownstreamProtocolIntegrationTest, MissingHeadersLocalReplyWithBody) { codec_client_ = makeHttpConnection(lookupPort("http")); // Missing method - auto response = - codec_client_->makeRequestWithBody(Http::TestRequestHeaderMapImpl{{":method", "GET"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}, - {"remove-method", "yes"}, - {"send-reply", "yes"}}, - 1024); + auto response = codec_client_->makeRequestWithBody( + Http::TestRequestHeaderMapImpl{{":method", "GET"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"remove-method", "yes"}, + {"send-reply", "yes"}}, + 1024); ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); EXPECT_EQ("200", response->headers().getStatusValue()); @@ -647,18 +647,18 @@ TEST_P(DownstreamProtocolIntegrationTest, MissingHeadersLocalReplyWithBodyBytesC codec_client_ = makeHttpConnection(lookupPort("http")); // Missing method - auto response = - codec_client_->makeRequestWithBody(Http::TestRequestHeaderMapImpl{{":method", "GET"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}, - {"remove-method", "yes"}, - {"send-reply", "yes"}}, - 1024); + auto response = codec_client_->makeRequestWithBody( + Http::TestRequestHeaderMapImpl{{":method", "GET"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"remove-method", "yes"}, + {"send-reply", "yes"}}, + 1024); ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); EXPECT_EQ("200", response->headers().getStatusValue()); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(109, 1144, 90, 73), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(109, 1152, 90, 81), BytesCountExpectation(0, 58, 0, 58), BytesCountExpectation(7, 10, 7, 8)); } @@ -676,7 +676,7 @@ TEST_P(ProtocolIntegrationTest, LongHeaderValueWithSpaces) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"longrequestvalue", long_header_value_with_inner_lws}}); waitForNextUpstreamRequest(); EXPECT_EQ(long_header_value_with_inner_lws, upstream_request_->headers() @@ -714,7 +714,7 @@ TEST_P(ProtocolIntegrationTest, Retry) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -768,8 +768,8 @@ TEST_P(ProtocolIntegrationTest, Retry) { // The two requests are sent with https scheme rather than http for QUIC downstream. const size_t quic_https_extra_bytes = (downstreamProtocol() == Http::CodecType::HTTP3 ? 2u : 0u); expectUpstreamBytesSentAndReceived( - BytesCountExpectation(2550 + quic_https_extra_bytes, 635, 414 + quic_https_extra_bytes, 54), - BytesCountExpectation(2262, 548, 184, 27), BytesCountExpectation(2204, 520, 150, 6)); + BytesCountExpectation(2566 + quic_https_extra_bytes, 635, 430 + quic_https_extra_bytes, 54), + BytesCountExpectation(2262, 548, 196, 27), BytesCountExpectation(2204, 520, 150, 6)); } TEST_P(ProtocolIntegrationTest, RetryStreaming) { @@ -779,7 +779,7 @@ TEST_P(ProtocolIntegrationTest, RetryStreaming) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}); auto& encoder = encoder_decoder.first; @@ -836,7 +836,7 @@ TEST_P(ProtocolIntegrationTest, RetryStreamingReset) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}); auto& encoder = encoder_decoder.first; @@ -909,7 +909,7 @@ TEST_P(ProtocolIntegrationTest, RetryStreamingCancelDueToBufferOverflow) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}); auto& encoder = encoder_decoder.first; @@ -949,7 +949,7 @@ TEST_P(ProtocolIntegrationTest, RetryStreamingCancelDueToBufferOverflow) { // Tests that the x-envoy-attempt-count header is properly set on the upstream request and the // downstream response, and updated after the request is retried. TEST_P(DownstreamProtocolIntegrationTest, RetryAttemptCountHeader) { - auto host = config_helper_.createVirtualHost("host", "/test_retry"); + auto host = config_helper_.createVirtualHost("sni.lyft.com", "/test_retry"); host.set_include_request_attempt_count(true); host.set_include_attempt_count_in_response(true); config_helper_.addVirtualHost(host); @@ -959,7 +959,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RetryAttemptCountHeader) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test_retry"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -1002,7 +1002,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RetryPriority) { Registry::InjectFactory inject_factory(factory); // Add route with custom retry policy - auto host = config_helper_.createVirtualHost("host", "/test_retry"); + auto host = config_helper_.createVirtualHost("sni.lyft.com", "/test_retry"); host.set_include_request_attempt_count(true); auto retry_policy = host.mutable_routes(0)->mutable_route()->mutable_retry_policy(); retry_policy->mutable_retry_priority()->set_name(factory.name()); @@ -1030,7 +1030,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RetryPriority) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test_retry"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -1073,7 +1073,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RetryHostPredicateFilter) { Registry::InjectFactory inject_factory(predicate_factory); // Add route with custom retry policy - auto host = config_helper_.createVirtualHost("host", "/test_retry"); + auto host = config_helper_.createVirtualHost("sni.lyft.com", "/test_retry"); host.set_include_request_attempt_count(true); auto retry_policy = host.mutable_routes(0)->mutable_route()->mutable_retry_policy(); retry_policy->add_retry_host_predicate()->set_name(predicate_factory.name()); @@ -1096,7 +1096,7 @@ TEST_P(DownstreamProtocolIntegrationTest, RetryHostPredicateFilter) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test_retry"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024); @@ -1138,7 +1138,7 @@ TEST_P(ProtocolIntegrationTest, RetryHittingBufferLimit) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024 * 65); @@ -1156,7 +1156,7 @@ TEST_P(ProtocolIntegrationTest, RetryHittingBufferLimit) { // Very similar set-up to RetryHittingBufferLimits but using the route specific cap. TEST_P(ProtocolIntegrationTest, RetryHittingRouteLimits) { - auto host = config_helper_.createVirtualHost("nobody.com", "/"); + auto host = config_helper_.createVirtualHost("routelimit.lyft.com", "/"); host.mutable_per_request_buffer_limit_bytes()->set_value(0); config_helper_.addVirtualHost(host); initialize(); @@ -1166,7 +1166,7 @@ TEST_P(ProtocolIntegrationTest, RetryHittingRouteLimits) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/"}, {":scheme", "http"}, - {":authority", "nobody.com"}, + {":authority", "routelimit.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1); @@ -1196,7 +1196,7 @@ TEST_P(DownstreamProtocolIntegrationTest, HittingDecoderFilterLimit) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/dynamo/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}, 1024 * 65); @@ -1371,9 +1371,13 @@ TEST_P(ProtocolIntegrationTest, MaxStreamDurationWithRetryPolicy) { ConfigHelper::setProtocolOptions(*bootstrap.mutable_static_resources()->mutable_clusters(0), protocol_options); }); - Http::TestRequestHeaderMapImpl retriable_header = Http::TestRequestHeaderMapImpl{ - {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}; + Http::TestRequestHeaderMapImpl retriable_header = + Http::TestRequestHeaderMapImpl{{":method", "POST"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"x-forwarded-for", "10.0.0.1"}, + {"x-envoy-retry-on", "5xx"}}; initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); @@ -1416,9 +1420,13 @@ TEST_P(ProtocolIntegrationTest, MaxStreamDurationWithRetryPolicyWhenRetryUpstrea ConfigHelper::setProtocolOptions(*bootstrap.mutable_static_resources()->mutable_clusters(0), protocol_options); }); - Http::TestRequestHeaderMapImpl retriable_header = Http::TestRequestHeaderMapImpl{ - {":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, {"x-forwarded-for", "10.0.0.1"}, {"x-envoy-retry-on", "5xx"}}; + Http::TestRequestHeaderMapImpl retriable_header = + Http::TestRequestHeaderMapImpl{{":method", "POST"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"x-forwarded-for", "10.0.0.1"}, + {"x-envoy-retry-on", "5xx"}}; initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); @@ -1469,7 +1477,7 @@ TEST_P(ProtocolIntegrationTest, HeadersWithUnderscoresDropped) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"foo_bar", "baz"}}); waitForNextUpstreamRequest(); @@ -1507,7 +1515,7 @@ TEST_P(ProtocolIntegrationTest, HeadersWithUnderscoresRemainByDefault) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"foo_bar", "baz"}}); waitForNextUpstreamRequest(); @@ -1535,7 +1543,7 @@ TEST_P(DownstreamProtocolIntegrationTest, HeadersWithUnderscoresCauseRequestReje Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"foo_bar", "baz"}}); if (downstream_protocol_ == Http::CodecType::HTTP1) { @@ -1559,7 +1567,7 @@ TEST_P(DownstreamProtocolIntegrationTest, ValidZeroLengthContent) { Http::TestRequestHeaderMapImpl request_headers{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "0"}}; auto response = sendRequestAndWaitForResponse(request_headers, 0, default_response_headers_, 0); @@ -1703,7 +1711,7 @@ TEST_P(DownstreamProtocolIntegrationTest, LargeCookieParsingConcatenated) { Http::TestRequestHeaderMapImpl request_headers{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "0"}}; std::vector cookie_pieces; cookie_pieces.reserve(7000); @@ -1735,7 +1743,7 @@ TEST_P(DownstreamProtocolIntegrationTest, LargeCookieParsingMany) { Http::TestRequestHeaderMapImpl request_headers{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "0"}}; for (int i = 0; i < 2000; i++) { request_headers.addCopy("cookie", fmt::sprintf("a%x=b", i)); @@ -1754,7 +1762,7 @@ TEST_P(DownstreamProtocolIntegrationTest, InvalidContentLength) { auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "-1"}}); auto response = std::move(encoder_decoder.second); @@ -1792,7 +1800,7 @@ TEST_P(DownstreamProtocolIntegrationTest, InvalidContentLengthAllowed) { auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "-1"}}); auto response = std::move(encoder_decoder.second); @@ -1818,7 +1826,7 @@ TEST_P(DownstreamProtocolIntegrationTest, MultipleContentLengths) { auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "3,2"}}); auto response = std::move(encoder_decoder.second); @@ -1851,7 +1859,7 @@ TEST_P(DownstreamProtocolIntegrationTest, MultipleContentLengthsAllowed) { auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "3,2"}}); auto response = std::move(encoder_decoder.second); @@ -1883,7 +1891,7 @@ name: local-reply-during-encode Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); // Wait for the upstream request and begin sending a response with end_stream = false. waitForNextUpstreamRequest(); @@ -2066,7 +2074,7 @@ TEST_P(DownstreamProtocolIntegrationTest, ManyTrailerHeaders) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); codec_client_->sendTrailers(*request_encoder_, *request_trailers); @@ -2101,7 +2109,7 @@ TEST_P(ProtocolIntegrationTest, LargeRequestMethod) { const Http::TestRequestHeaderMapImpl request_headers{{":method", long_method}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}; + {":authority", "sni.lyft.com"}}; initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); @@ -2372,9 +2380,10 @@ TEST_P(ProtocolIntegrationTest, MultipleCookiesAndSetCookies) { codec_client_ = makeHttpConnection(lookupPort("http")); - Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"}, {":path", "/dynamo/url"}, - {":scheme", "http"}, {":authority", "host"}, - {"cookie", "a=b"}, {"cookie", "c=d"}}; + Http::TestRequestHeaderMapImpl request_headers{ + {":method", "GET"}, {":path", "/dynamo/url"}, + {":scheme", "http"}, {":authority", "sni.lyft.com"}, + {"cookie", "a=b"}, {"cookie", "c=d"}}; Http::TestResponseHeaderMapImpl response_headers{ {":status", "200"}, {"set-cookie", "foo"}, {"set-cookie", "bar"}}; @@ -2415,7 +2424,7 @@ TEST_P(DownstreamProtocolIntegrationTest, TestDelayedConnectionTeardownTimeoutTr codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -2635,8 +2644,8 @@ TEST_P(DownstreamProtocolIntegrationTest, InvalidAuthority) { TEST_P(DownstreamProtocolIntegrationTest, ConnectIsBlocked) { initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); - auto encoder_decoder = codec_client_->startRequest( - Http::TestRequestHeaderMapImpl{{":method", "CONNECT"}, {":authority", "host.com:80"}}); + auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{ + {":method", "CONNECT"}, {":authority", "sni.lyft.com.com:80"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -2658,11 +2667,11 @@ TEST_P(DownstreamProtocolIntegrationTest, ExtendedConnectIsBlocked) { } initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); - auto encoder_decoder = - codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "CONNECT"}, - {":protocol", "bytestream"}, - {":path", "/"}, - {":authority", "host.com:80"}}); + auto encoder_decoder = codec_client_->startRequest( + Http::TestRequestHeaderMapImpl{{":method", "CONNECT"}, + {":protocol", "bytestream"}, + {":path", "/"}, + {":authority", "sni.lyft.com.com:80"}}); request_encoder_ = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -2690,7 +2699,7 @@ TEST_P(DownstreamProtocolIntegrationTest, ConnectStreamRejection) { initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); auto response = codec_client_->makeHeaderOnlyRequest( - Http::TestRequestHeaderMapImpl{{":method", "CONNECT"}, {":authority", "host"}}); + Http::TestRequestHeaderMapImpl{{":method", "CONNECT"}, {":authority", "sni.lyft.com"}}); ASSERT_TRUE(response->waitForReset()); EXPECT_FALSE(codec_client_->disconnected()); @@ -2758,7 +2767,7 @@ TEST_P(ProtocolIntegrationTest, EnableStripTrailingHostDot) { auto* route_config = hcm.mutable_route_config(); auto* virtual_host = route_config->mutable_virtual_hosts(0); virtual_host->clear_domains(); - virtual_host->add_domains("host"); + virtual_host->add_domains("sni.lyft.com"); }); initialize(); @@ -2767,7 +2776,7 @@ TEST_P(ProtocolIntegrationTest, EnableStripTrailingHostDot) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host."}}); + {":authority", "sni.lyft.com."}}); waitForNextUpstreamRequest(); upstream_request_->encodeHeaders(Http::TestResponseHeaderMapImpl{{":status", "200"}}, true); @@ -2787,7 +2796,7 @@ TEST_P(DownstreamProtocolIntegrationTest, DisableStripTrailingHostDot) { auto* route_config = hcm.mutable_route_config(); auto* virtual_host = route_config->mutable_virtual_hosts(0); virtual_host->clear_domains(); - virtual_host->add_domains("host"); + virtual_host->add_domains("sni.lyft.com"); }); initialize(); @@ -2796,7 +2805,7 @@ TEST_P(DownstreamProtocolIntegrationTest, DisableStripTrailingHostDot) { Http::TestRequestHeaderMapImpl{{":method", "GET"}, {":path", "/test/long/url"}, {":scheme", "http"}, - {":authority", "host."}}); + {":authority", "sni.lyft.com."}}); // Expect local reply as request host fails to match configured domains. ASSERT_TRUE(response->waitForEndStream()); EXPECT_TRUE(response->complete()); @@ -2853,7 +2862,7 @@ TEST_P(ProtocolIntegrationTest, ReqRespSizeStats) { codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); Http::TestRequestHeaderMapImpl request_headers{ - {":method", "GET"}, {":path", "/found"}, {":scheme", "http"}, {":authority", "foo.com"}}; + {":method", "GET"}, {":path", "/found"}, {":scheme", "http"}, {":authority", "foo.lyft.com"}}; Http::TestResponseHeaderMapImpl response_headers{{":status", "200"}}; auto response = sendRequestAndWaitForResponse(request_headers, 0, response_headers, 0, 0, TestUtility::DefaultTimeout); @@ -3011,7 +3020,7 @@ TEST_P(DownstreamProtocolIntegrationTest, OverflowDecoderBufferFromDecodeData) { codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":scheme", "http"}, {":path", "/test/long/url"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto request_encoder = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -3053,7 +3062,7 @@ TEST_P(DownstreamProtocolIntegrationTest, OverflowDecoderBufferFromDecodeDataCon codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":scheme", "http"}, {":path", "/test/long/url"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto request_encoder = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -3089,7 +3098,7 @@ TEST_P(DownstreamProtocolIntegrationTest, codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":scheme", "http"}, {":path", "/test/long/url"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto request_encoder = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -3137,7 +3146,7 @@ TEST_P(DownstreamProtocolIntegrationTest, OverflowDecoderBufferFromDecodeTrailer codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":scheme", "http"}, {":path", "/test/long/url"}, - {":authority", "host"}}); + {":authority", "sni.lyft.com"}}); auto request_encoder = &encoder_decoder.first; auto response = std::move(encoder_decoder.second); @@ -3174,7 +3183,7 @@ TEST_P(ProtocolIntegrationTest, ResetLargeResponseUponReceivingHeaders) { Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/"}, {":scheme", "http"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"content-length", "10"}, {"response_size_bytes", absl::StrCat(response_size)}}); auto& encoder = encoder_decoder.first; @@ -3195,9 +3204,9 @@ TEST_P(ProtocolIntegrationTest, HeaderOnlyBytesCountUpstream) { useAccessLog("%UPSTREAM_WIRE_BYTES_SENT% %UPSTREAM_WIRE_BYTES_RECEIVED% " "%UPSTREAM_HEADER_BYTES_SENT% %UPSTREAM_HEADER_BYTES_RECEIVED%"); testRouterRequestAndResponseWithBody(0, 0, false); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(251, 38, 219, 18), - BytesCountExpectation(168, 13, 168, 13), - BytesCountExpectation(153, 5, 155, 3)); + expectUpstreamBytesSentAndReceived(BytesCountExpectation(167, 38, 136, 18), + BytesCountExpectation(120, 13, 120, 13), + BytesCountExpectation(116, 5, 116, 3)); } TEST_P(ProtocolIntegrationTest, HeaderOnlyBytesCountDownstream) { @@ -3207,9 +3216,9 @@ TEST_P(ProtocolIntegrationTest, HeaderOnlyBytesCountDownstream) { useAccessLog("%DOWNSTREAM_WIRE_BYTES_SENT% %DOWNSTREAM_WIRE_BYTES_RECEIVED% " "%DOWNSTREAM_HEADER_BYTES_SENT% %DOWNSTREAM_HEADER_BYTES_RECEIVED%"); testRouterRequestAndResponseWithBody(0, 0, false); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(124, 111, 105, 75), - BytesCountExpectation(68, 64, 68, 64), - BytesCountExpectation(8, 10, 8, 8)); + expectDownstreamBytesSentAndReceived(BytesCountExpectation(124, 51, 105, 19), + BytesCountExpectation(68, 34, 68, 34), + BytesCountExpectation(8, 10, 8, 6)); } TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountUpstream) { @@ -3220,9 +3229,9 @@ TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountUpstream) { useAccessLog("%UPSTREAM_WIRE_BYTES_SENT% %UPSTREAM_WIRE_BYTES_RECEIVED% " "%UPSTREAM_HEADER_BYTES_SENT% %UPSTREAM_HEADER_BYTES_RECEIVED%"); testRouterRequestAndResponseWithBody(100, 100, false); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(371, 158, 228, 27), - BytesCountExpectation(277, 122, 168, 13), - BytesCountExpectation(256, 109, 153, 3)); + expectUpstreamBytesSentAndReceived(BytesCountExpectation(306, 158, 164, 27), + BytesCountExpectation(229, 122, 120, 13), + BytesCountExpectation(219, 109, 116, 3)); } TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountDownstream) { @@ -3233,9 +3242,9 @@ TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountDownstream) { useAccessLog("%DOWNSTREAM_WIRE_BYTES_SENT% %DOWNSTREAM_WIRE_BYTES_RECEIVED% " "%DOWNSTREAM_HEADER_BYTES_SENT% %DOWNSTREAM_HEADER_BYTES_RECEIVED%"); testRouterRequestAndResponseWithBody(100, 100, false); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 231, 114, 84), - BytesCountExpectation(177, 173, 68, 64), - BytesCountExpectation(111, 113, 8, 8)); + expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 190, 114, 46), + BytesCountExpectation(177, 173, 68, 34), + BytesCountExpectation(111, 113, 8, 6)); } TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountReuseDownstream) { @@ -3256,15 +3265,15 @@ TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountReuseDownstream) { auto response_one = sendRequestAndWaitForResponse(default_request_headers_, request_size, default_response_headers_, response_size, 0); checkSimpleRequestSuccess(request_size, response_size, response_one.get()); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 182, 114, 38), - BytesCountExpectation(177, 137, 68, 28), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 190, 114, 46), + BytesCountExpectation(177, 137, 68, 34), BytesCountExpectation(111, 137, 8, 6), 0); // Reuse connection, send the second request on the connection. auto response_two = sendRequestAndWaitForResponse(default_request_headers_, request_size, default_response_headers_, response_size, 0); checkSimpleRequestSuccess(request_size, response_size, response_two.get()); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 182, 114, 38), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(244, 190, 114, 46), BytesCountExpectation(148, 137, 15, 27), BytesCountExpectation(111, 137, 8, 6), 1); } @@ -3287,15 +3296,15 @@ TEST_P(ProtocolIntegrationTest, HeaderAndBodyWireBytesCountReuseUpstream) { // Send to the same upstream from the two clients. auto response_one = sendRequestAndWaitForResponse(default_request_headers_, request_size, default_response_headers_, response_size, 0); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(298, 158, 156, 27), - BytesCountExpectation(223, 122, 114, 13), + expectUpstreamBytesSentAndReceived(BytesCountExpectation(306, 158, 164, 27), + BytesCountExpectation(223, 122, 120, 13), BytesCountExpectation(223, 108, 114, 3), 0); // Swap clients so the other connection is used to send the request. std::swap(codec_client_, second_client); auto response_two = sendRequestAndWaitForResponse(default_request_headers_, request_size, default_response_headers_, response_size, 0); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(298, 158, 156, 27), + expectUpstreamBytesSentAndReceived(BytesCountExpectation(306, 158, 164, 27), BytesCountExpectation(167, 119, 58, 10), BytesCountExpectation(114, 108, 11, 3), 1); second_client->close(); @@ -3313,7 +3322,7 @@ TEST_P(ProtocolIntegrationTest, TrailersWireBytesCountUpstream) { testTrailers(10, 20, true, true); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(248, 120, 196, 67), + expectUpstreamBytesSentAndReceived(BytesCountExpectation(256, 120, 204, 67), BytesCountExpectation(172, 81, 154, 52), BytesCountExpectation(154, 33, 142, 7)); } @@ -3330,7 +3339,7 @@ TEST_P(ProtocolIntegrationTest, TrailersWireBytesCountDownstream) { testTrailers(10, 20, true, true); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(206, 132, 156, 76), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(206, 140, 156, 84), BytesCountExpectation(136, 86, 107, 67), BytesCountExpectation(36, 26, 14, 10)); } @@ -3345,9 +3354,9 @@ TEST_P(ProtocolIntegrationTest, DownstreamDisconnectBeforeRequestCompleteWireByt testRouterDownstreamDisconnectBeforeRequestComplete(nullptr); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(187, 0, 156, 0), - BytesCountExpectation(114, 0, 114, 0), - BytesCountExpectation(114, 0, 114, 0)); + expectUpstreamBytesSentAndReceived(BytesCountExpectation(195, 0, 164, 0), + BytesCountExpectation(120, 0, 120, 0), + BytesCountExpectation(120, 0, 120, 0)); } TEST_P(ProtocolIntegrationTest, DownstreamDisconnectBeforeRequestCompleteWireBytesCountDownstream) { @@ -3360,8 +3369,8 @@ TEST_P(ProtocolIntegrationTest, DownstreamDisconnectBeforeRequestCompleteWireByt testRouterDownstreamDisconnectBeforeRequestComplete(nullptr); - expectDownstreamBytesSentAndReceived(BytesCountExpectation(0, 71, 0, 38), - BytesCountExpectation(0, 28, 0, 28), + expectDownstreamBytesSentAndReceived(BytesCountExpectation(0, 79, 0, 46), + BytesCountExpectation(0, 34, 0, 34), BytesCountExpectation(0, 8, 0, 6)); } @@ -3375,9 +3384,9 @@ TEST_P(ProtocolIntegrationTest, UpstreamDisconnectBeforeRequestCompleteWireBytes testRouterUpstreamDisconnectBeforeRequestComplete(); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(187, 0, 156, 0), - BytesCountExpectation(114, 0, 114, 0), - BytesCountExpectation(114, 0, 114, 0)); + expectUpstreamBytesSentAndReceived(BytesCountExpectation(195, 0, 164, 0), + BytesCountExpectation(120, 0, 120, 0), + BytesCountExpectation(120, 0, 120, 0)); } TEST_P(ProtocolIntegrationTest, UpstreamDisconnectBeforeResponseCompleteWireBytesCountUpstream) { @@ -3390,8 +3399,8 @@ TEST_P(ProtocolIntegrationTest, UpstreamDisconnectBeforeResponseCompleteWireByte testRouterUpstreamDisconnectBeforeResponseComplete(); - expectUpstreamBytesSentAndReceived(BytesCountExpectation(159, 47, 128, 27), - BytesCountExpectation(113, 13, 113, 13), + expectUpstreamBytesSentAndReceived(BytesCountExpectation(167, 47, 136, 27), + BytesCountExpectation(120, 13, 120, 13), BytesCountExpectation(113, 5, 113, 3)); } @@ -3420,11 +3429,9 @@ TEST_P(DownstreamProtocolIntegrationTest, PathWithFragmentRejectedByDefault) { initialize(); codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"}, - {":path", "/some/path#fragment"}, - {":scheme", "http"}, - {":authority", "foo.com"}}; - IntegrationStreamDecoderPtr response = codec_client_->makeRequestWithBody(request_headers, 10); + default_request_headers_.setPath("/some/path#fragment"); + IntegrationStreamDecoderPtr response = + codec_client_->makeRequestWithBody(default_request_headers_, 10); ASSERT_TRUE(response->waitForEndStream()); ASSERT_TRUE(response->complete()); EXPECT_EQ("400", response->headers().getStatusValue()); @@ -3436,11 +3443,8 @@ TEST_P(ProtocolIntegrationTest, FragmentStrippedFromPathWithOverride) { initialize(); codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - Http::TestRequestHeaderMapImpl request_headers{{":method", "GET"}, - {":path", "/some/path?p1=v1#fragment"}, - {":scheme", "http"}, - {":authority", "foo.com"}}; - Http::TestRequestHeaderMapImpl expected_request_headers{request_headers}; + default_request_headers_.setPath("/some/path?p1=v1#fragment"); + Http::TestRequestHeaderMapImpl expected_request_headers{default_request_headers_}; expected_request_headers.setPath("/some/path?p1=v1"); Http::TestResponseHeaderMapImpl response_headers{{":status", "200"}}; auto response = sendRequestAndWaitForResponse(expected_request_headers, 0, response_headers, 0, 0, @@ -3505,13 +3509,13 @@ TEST_P(ProtocolIntegrationTest, BufferContinue) { TEST_P(DownstreamProtocolIntegrationTest, ContentLengthSmallerThanPayload) { initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); - auto response = - codec_client_->makeRequestWithBody(Http::TestRequestHeaderMapImpl{{":method", "POST"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}, - {"content-length", "123"}}, - 1024); + auto response = codec_client_->makeRequestWithBody( + Http::TestRequestHeaderMapImpl{{":method", "POST"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"content-length", "123"}}, + 1024); if (downstreamProtocol() == Http::CodecType::HTTP1) { waitForNextUpstreamRequest(); // HTTP/1.x requests get the payload length from Content-Length header. The remaining bytes is @@ -3538,13 +3542,13 @@ TEST_P(DownstreamProtocolIntegrationTest, ContentLengthLargerThanPayload) { initialize(); codec_client_ = makeHttpConnection(lookupPort("http")); - auto response = - codec_client_->makeRequestWithBody(Http::TestRequestHeaderMapImpl{{":method", "POST"}, - {":path", "/test/long/url"}, - {":scheme", "http"}, - {":authority", "host"}, - {"content-length", "1025"}}, - 1024); + auto response = codec_client_->makeRequestWithBody( + Http::TestRequestHeaderMapImpl{{":method", "POST"}, + {":path", "/test/long/url"}, + {":scheme", "http"}, + {":authority", "sni.lyft.com"}, + {"content-length", "1025"}}, + 1024); // Inconsistency in content-length header and the actually body length should be treated as a // stream error. @@ -3638,7 +3642,7 @@ TEST_P(DownstreamProtocolIntegrationTest, InvalidReqestHeaderName) { auto encoder_decoder = codec_client_->startRequest(Http::TestRequestHeaderMapImpl{{":method", "POST"}, {":path", "/test/long/url"}, - {":authority", "host"}, + {":authority", "sni.lyft.com"}, {"foo\nname", "foo_value"}}); auto response = std::move(encoder_decoder.second); diff --git a/test/integration/sds_dynamic_integration_test.cc b/test/integration/sds_dynamic_integration_test.cc index eb6f030ee91c4..11d402a3217f6 100644 --- a/test/integration/sds_dynamic_integration_test.cc +++ b/test/integration/sds_dynamic_integration_test.cc @@ -116,7 +116,7 @@ class SdsDynamicIntegrationBaseTest : public Grpc::BaseGrpcClientIntegrationPara api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); api_config_source->set_transport_api_version(envoy::config::core::v3::V3); auto* grpc_service = api_config_source->add_grpc_services(); - setGrpcService(*grpc_service, "sds_cluster", fake_upstreams_.back()->localAddress()); + setGrpcService(*grpc_service, "sds_cluster.lyft.com", fake_upstreams_.back()->localAddress()); } envoy::extensions::transport_sockets::tls::v3::Secret getServerSecretRsa() { @@ -210,13 +210,15 @@ class SdsDynamicDownstreamIntegrationTest : public SdsDynamicIntegrationBaseTest envoy::extensions::transport_sockets::tls::v3::CommonTlsContext& common_tls_context) { configToUseSds(common_tls_context); }); + // The SNI of the certificates loaded in this test. + default_request_headers_.setHost("www.lyft.com"); }); config_helper_.addConfigModifier([](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { // Add a static sds cluster auto* sds_cluster = bootstrap.mutable_static_resources()->add_clusters(); sds_cluster->MergeFrom(bootstrap.static_resources().clusters()[0]); - sds_cluster->set_name("sds_cluster"); + sds_cluster->set_name("sds_cluster.lyft.com"); ConfigHelper::setHttp2(*sds_cluster); }); @@ -515,7 +517,7 @@ class SdsDynamicDownstreamCertValidationContextTest : public SdsDynamicDownstrea // Add a static sds cluster auto* sds_cluster = bootstrap.mutable_static_resources()->add_clusters(); sds_cluster->MergeFrom(bootstrap.static_resources().clusters()[0]); - sds_cluster->set_name("sds_cluster"); + sds_cluster->set_name("sds_cluster.lyft.com"); ConfigHelper::setHttp2(*sds_cluster); envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext upstream_tls_context; @@ -709,6 +711,8 @@ TEST_P(SdsDynamicDownstreamCertValidationContextTest, CombinedValidationContextW class SdsDynamicUpstreamIntegrationTest : public SdsDynamicIntegrationBaseTest { public: void initialize() override { + // The SNI of the certificates loaded in this test. + default_request_headers_.setHost("www.lyft.com"); if (test_quic_) { upstream_tls_ = true; setUpstreamProtocol(Http::CodecType::HTTP3); @@ -717,7 +721,7 @@ class SdsDynamicUpstreamIntegrationTest : public SdsDynamicIntegrationBaseTest { // add sds cluster first. auto* sds_cluster = bootstrap.mutable_static_resources()->add_clusters(); sds_cluster->MergeFrom(bootstrap.static_resources().clusters()[0]); - sds_cluster->set_name("sds_cluster"); + sds_cluster->set_name("sds_cluster.lyft.com"); ConfigHelper::setHttp2(*sds_cluster); // Unwind Quic for sds cluster. @@ -862,7 +866,7 @@ class SdsCdsIntegrationTest : public SdsDynamicIntegrationBaseTest { // Then add sds cluster. auto* sds_cluster = bootstrap.mutable_static_resources()->add_clusters(); sds_cluster->MergeFrom(bootstrap.static_resources().clusters()[0]); - sds_cluster->set_name("sds_cluster"); + sds_cluster->set_name("sds_cluster.lyft.com"); ConfigHelper::setHttp2(*sds_cluster); const std::string cds_yaml = R"EOF( diff --git a/test/integration/vhds.h b/test/integration/vhds.h index 8e1e3785bda39..e3ce9aea16664 100644 --- a/test/integration/vhds.h +++ b/test/integration/vhds.h @@ -160,7 +160,7 @@ class VhdsIntegrationTest : public HttpIntegrationTest, envoy::config::route::v3::VirtualHost buildVirtualHost() { return TestUtility::parseYaml( - virtualHostYaml("my_route/vhost_0", "host")); + virtualHostYaml("my_route/vhost_0", "sni.lyft.com")); } std::vector buildVirtualHost1() { diff --git a/test/integration/vhds_integration_test.cc b/test/integration/vhds_integration_test.cc index b9e930f5e903d..d9b77633bdb10 100644 --- a/test/integration/vhds_integration_test.cc +++ b/test/integration/vhds_integration_test.cc @@ -139,7 +139,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsClientType, VhdsIntegrationTest, UNIFIED_LEGACY_GRPC_CLIENT_INTEGRATION_PARAMS); TEST_P(VhdsIntegrationTest, RdsUpdateWithoutVHDSChangesDoesNotRestartVHDS) { - testRouterHeaderOnlyRequestAndResponse(nullptr, 1, "/", "host"); + testRouterHeaderOnlyRequestAndResponse(nullptr, 1, "/", "sni.lyft.com"); cleanupUpstreamAndDownstream(); ASSERT_TRUE(codec_client_->waitForDisconnect()); @@ -150,7 +150,7 @@ TEST_P(VhdsIntegrationTest, RdsUpdateWithoutVHDSChangesDoesNotRestartVHDS) { "2"); // Confirm vhost_0 that was originally configured via VHDS is reachable - testRouterHeaderOnlyRequestAndResponse(nullptr, 1, "/", "host"); + testRouterHeaderOnlyRequestAndResponse(nullptr, 1, "/", "sni.lyft.com"); cleanupUpstreamAndDownstream(); ASSERT_TRUE(codec_client_->waitForDisconnect()); } diff --git a/test/mocks/ssl/mocks.h b/test/mocks/ssl/mocks.h index beef65a850c06..1bc3b199a36a9 100644 --- a/test/mocks/ssl/mocks.h +++ b/test/mocks/ssl/mocks.h @@ -62,6 +62,7 @@ class MockConnectionInfo : public ConnectionInfo { MOCK_METHOD(std::string, ciphersuiteString, (), (const)); MOCK_METHOD(const std::string&, tlsVersion, (), (const)); MOCK_METHOD(const std::string&, alpn, (), (const)); + MOCK_METHOD(const std::string&, sni, (), (const)); }; class MockClientContext : public ClientContext { From e23f452cdf87290ca086633709f82de0fc3836e7 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Tue, 22 Mar 2022 08:39:38 -0400 Subject: [PATCH 2/3] comment Signed-off-by: Alyssa Wilk --- source/common/http/conn_pool_grid.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/common/http/conn_pool_grid.h b/source/common/http/conn_pool_grid.h index 635814602b243..9a180d8065a90 100644 --- a/source/common/http/conn_pool_grid.h +++ b/source/common/http/conn_pool_grid.h @@ -234,6 +234,8 @@ class ConnectivityGrid : public ConnectionPool::Instance, Quic::QuicStatNames& quic_stat_names_; Stats::Scope& scope_; // The origin for this pool. + // Note the host name here is based off of the host name used for SNI, which + // may be from the cluster config, or the request headers for auto-sni. AlternateProtocolsCache::Origin origin_; Http::PersistentQuicInfo& quic_info_; }; From 31998ad46cc4ceb9097a231fb1e6f1b5e5875540 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 28 Mar 2022 11:53:48 -0400 Subject: [PATCH 3/3] fix bad mrege Signed-off-by: Alyssa Wilk --- source/common/http/conn_pool_grid.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/common/http/conn_pool_grid.cc b/source/common/http/conn_pool_grid.cc index 95a0ec0cbf6f0..0b0bda8598fa4 100644 --- a/source/common/http/conn_pool_grid.cc +++ b/source/common/http/conn_pool_grid.cc @@ -216,8 +216,8 @@ ConnectivityGrid::ConnectivityGrid( : dispatcher_(dispatcher), random_generator_(random_generator), host_(host), priority_(priority), options_(options), transport_socket_options_(transport_socket_options), state_(state), next_attempt_duration_(std::chrono::milliseconds(kDefaultTimeoutMs)), - time_source_(time_source), - alternate_protocols_(alternate_protocols), quic_stat_names_(quic_stat_names), scope_(scope), + time_source_(time_source), alternate_protocols_(alternate_protocols), + quic_stat_names_(quic_stat_names), scope_(scope), origin_("https", getSni(transport_socket_options, host_->transportSocketFactory()), host_->address()->ip()->port()), quic_info_(quic_info) {