istio · istio-testing · Dec 19, 2019 · Nov 14, 2019 · Dec 13, 2019
@@ -27,19 +27,15 @@ import (
 // Stats in Client Envoy proxy.
 var expectedClientStats = map[string]int{
 	// http listener stats
-	"listener.127.0.0.1_{{.Ports.AppToClientProxyPort}}.http.inbound_http.downstream_rq_completed":     10,
-	"listener.127.0.0.1_{{.Ports.AppToClientProxyPort}}.http.inbound_http.downstream_rq_2xx":           10,
-	"listener.127.0.0.1_{{.Ports.ClientToServerProxyPort}}.http.outbound_http.downstream_rq_completed": 10,
-	"listener.127.0.0.1_{{.Ports.ClientToServerProxyPort}}.http.outbound_http.downstream_rq_2xx":       10,
+	"listener.127.0.0.1_{{.Ports.AppToClientProxyPort}}.http.inbound_http.downstream_rq_completed": 10,
+	"listener.127.0.0.1_{{.Ports.AppToClientProxyPort}}.http.inbound_http.downstream_rq_2xx":       10,
 }
 
 // Stats in Server Envoy proxy.
 var expectedServerStats = map[string]int{
 	// http listener stats
-	"listener.127.0.0.1_{{.Ports.ProxyToServerProxyPort}}.http.inbound_http.downstream_rq_completed": 10,
-	"listener.127.0.0.1_{{.Ports.ProxyToServerProxyPort}}.http.inbound_http.downstream_rq_2xx":       10,
-	"listener.127.0.0.1_{{.Ports.ClientToAppProxyPort}}.http.outbound_http.downstream_rq_completed":  10,
-	"listener.127.0.0.1_{{.Ports.ClientToAppProxyPort}}.http.outbound_http.downstream_rq_2xx":        10,
+	"listener.127.0.0.1_{{.Ports.ClientToServerProxyPort}}.http.inbound_http.downstream_rq_completed": 10,
+	"listener.127.0.0.1_{{.Ports.ClientToServerProxyPort}}.http.inbound_http.downstream_rq_2xx":       10,
 }
 
 func TestBasicFlow(t *testing.T) {

@@ -83,10 +83,10 @@ func TestBasicHTTP(t *testing.T) {
 	params := &driver.Params{
 		Vars: map[string]string{
 			"BackendPort": fmt.Sprintf("%d", ports.BackendPort),
-			"ClientPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
+			"ClientPort":  fmt.Sprintf("%d", ports.AppToClientProxyPort),
 			"ClientAdmin": fmt.Sprintf("%d", ports.ClientAdminPort),
 			"ServerAdmin": fmt.Sprintf("%d", ports.ServerAdminPort),
-			"ServerPort":  fmt.Sprintf("%d", ports.ProxyToServerProxyPort),
+			"ServerPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
 		},
 		XDS: int(ports.XDSPort),
 	}
@@ -98,7 +98,7 @@ func TestBasicHTTP(t *testing.T) {
 			&driver.Envoy{Bootstrap: params.LoadTestData("testdata/bootstrap/client.yaml.tmpl")},
 			&driver.Envoy{Bootstrap: params.LoadTestData("testdata/bootstrap/server.yaml.tmpl")},
 			&driver.Sleep{1 * time.Second},
-			&driver.Get{ports.ClientToServerProxyPort, "hello, world!"},
+			&driver.Get{ports.AppToClientProxyPort, "hello, world!"},
 		},
 	}).Run(params); err != nil {
 		t.Fatal(err)
@@ -110,10 +110,10 @@ func TestBasicHTTPwithTLS(t *testing.T) {
 	params := &driver.Params{
 		Vars: map[string]string{
 			"BackendPort": fmt.Sprintf("%d", ports.BackendPort),
-			"ClientPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
+			"ClientPort":  fmt.Sprintf("%d", ports.AppToClientProxyPort),
 			"ClientAdmin": fmt.Sprintf("%d", ports.ClientAdminPort),
 			"ServerAdmin": fmt.Sprintf("%d", ports.ServerAdminPort),
-			"ServerPort":  fmt.Sprintf("%d", ports.ProxyToServerProxyPort),
+			"ServerPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
 		},
 		XDS: int(ports.XDSPort),
 	}
@@ -127,7 +127,7 @@ func TestBasicHTTPwithTLS(t *testing.T) {
 			&driver.Envoy{Bootstrap: params.LoadTestData("testdata/bootstrap/client.yaml.tmpl")},
 			&driver.Envoy{Bootstrap: params.LoadTestData("testdata/bootstrap/server.yaml.tmpl")},
 			&driver.Sleep{1 * time.Second},
-			&driver.Get{ports.ClientToServerProxyPort, "hello, world!"},
+			&driver.Get{ports.AppToClientProxyPort, "hello, world!"},
 		},
 	}).Run(params); err != nil {
 		t.Fatal(err)
@@ -140,10 +140,10 @@ func TestBasicHTTPGateway(t *testing.T) {
 	params := &driver.Params{
 		Vars: map[string]string{
 			"BackendPort": fmt.Sprintf("%d", ports.BackendPort),
-			"ClientPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
+			"ClientPort":  fmt.Sprintf("%d", ports.AppToClientProxyPort),
 			"ClientAdmin": fmt.Sprintf("%d", ports.ClientAdminPort),
 			"ServerAdmin": fmt.Sprintf("%d", ports.ServerAdminPort),
-			"ServerPort":  fmt.Sprintf("%d", ports.ProxyToServerProxyPort),
+			"ServerPort":  fmt.Sprintf("%d", ports.ClientToServerProxyPort),
 		},
 		XDS: int(ports.XDSPort),
 	}
@@ -156,7 +156,7 @@ func TestBasicHTTPGateway(t *testing.T) {
 			},
 			&driver.Envoy{Bootstrap: params.LoadTestData("testdata/bootstrap/server.yaml.tmpl")},
 			&driver.Sleep{1 * time.Second},
-			&driver.Get{ports.ClientToServerProxyPort, "hello, world!"},
+			&driver.Get{ports.AppToClientProxyPort, "hello, world!"},
 		},
 	}).Run(params); err != nil {
 		t.Fatal(err)

@@ -39,7 +39,7 @@ func (s *TestSetup) NewClientEnvoy() (*Envoy, error) {
 	}
 	baseID := strconv.Itoa(int(s.testName)*2 + 1)
 
-	return newEnvoy(s.ports.ClientAdminPort, confTmpl, baseID, s)
+	return newEnvoy(s.ports.ClientAdminPort, confTmpl, baseID, "client.yaml", s)
 }
 
 // NewServerEnvoy creates a new Server Envoy struct and starts envoy.
@@ -50,7 +50,7 @@ func (s *TestSetup) NewServerEnvoy() (*Envoy, error) {
 	}
 	baseID := strconv.Itoa(int(s.testName+1) * 2)
 
-	return newEnvoy(s.ports.ServerAdminPort, confTmpl, baseID, s)
+	return newEnvoy(s.ports.ServerAdminPort, confTmpl, baseID, "server.yaml", s)
 }
 
 // Start starts the envoy process
@@ -100,14 +100,29 @@ func (s *Envoy) TearDown() {
 	}
 }
 
+func copyYamlFiles(src, dst string) {
+	cpCmd := exec.Command("cp", "-rf", src, dst)
+	if err := cpCmd.Run(); err != nil {
+		log.Printf("Error Copying Yaml Files %s\n", err)
+	}
+}
+
 // NewEnvoy creates a new Envoy struct and starts envoy at the specified port.
-func newEnvoy(port uint16, confTmpl, baseID string, s *TestSetup) (*Envoy, error) {
+func newEnvoy(port uint16, confTmpl, baseID, yamlName string, s *TestSetup) (*Envoy, error) {
 	confPath := filepath.Join(GetDefaultIstioOut(), fmt.Sprintf("config.conf.%v.yaml", port))
 	log.Printf("Envoy config: in %v\n", confPath)
 	if err := s.CreateEnvoyConf(confPath, confTmpl); err != nil {
 		return nil, err
 	}
 
+	if s.copyYamlFiles {
+		if wd, err := os.Getwd(); err == nil {
+			if err := os.MkdirAll(filepath.Join(wd, "testoutput"), os.ModePerm); err == nil {
+				copyYamlFiles(confPath, filepath.Join(wd, "testoutput", yamlName))
+			}
+		}
+	}
+
 	debugLevel, ok := os.LookupEnv("ENVOY_DEBUG")
 	if !ok {
 		debugLevel = "info"

@@ -22,8 +22,7 @@ import (
 	"text/template"
 )
 
-const envoyClientConfTemplYAML = `
-node:
+const envoyClientConfTemplYAML = `node:
   id: test-client
   metadata: {
 {{.ClientNodeMetadata | indent 4 }}
@@ -49,21 +48,11 @@ static_resources:
               socket_address:
                 address: 127.0.0.1
                 port_value: {{.Ports.ClientToServerProxyPort}}
-  - name: server
-    connect_timeout: 5s
-    type: STATIC
-    load_assignment:
-      cluster_name: server
-      endpoints:
-      - lb_endpoints:
-        - endpoint:
-            address:
-              socket_address:
-                address: 127.0.0.1
-                port_value: {{.Ports.ProxyToServerProxyPort}}
+{{.UpstreamFiltersInClient | indent 4 }}  
+{{.ClusterTLSContext | indent 4 }}
   listeners:
   - name: app-to-client
-    traffic_direction: INBOUND
+    traffic_direction: OUTBOUND
     address:
       socket_address:
         address: 127.0.0.1
@@ -92,40 +81,9 @@ static_resources:
                 route:
                   cluster: client
                   timeout: 0s
-  - name: client-to-proxy
-    traffic_direction: OUTBOUND
-    address:
-      socket_address:
-        address: 127.0.0.1
-        port_value: {{.Ports.ClientToServerProxyPort}}
-    filter_chains:
-    - filters:
-      - name: envoy.http_connection_manager
-        config:
-          codec_type: AUTO
-          stat_prefix: outbound_http
-          access_log:
-          - name: envoy.file_access_log
-            config:
-              path: {{.ClientAccessLogPath}}
-          http_filters:
-{{.FiltersBeforeEnvoyRouterInClientToProxy | indent 10 }}
-          - name: envoy.router
-          route_config:
-            name: client-to-proxy-route
-            virtual_hosts:
-            - name: client-to-proxy-route
-              domains: ["*"]
-              routes:
-              - match:
-                  prefix: /
-                route:
-                  cluster: server
-                  timeout: 0s
-`
+{{.TLSContext | indent 6 }}`
 
-const envoyServerConfTemplYAML = `
-node: 
+const envoyServerConfTemplYAML = `node: 
   id: test-server
   metadata: {
 {{.ServerNodeMetadata | indent 4 }}
@@ -139,18 +97,6 @@ admin:
       port_value: {{.Ports.ServerAdminPort}}
 static_resources:
   clusters:
-  - name: inbound|9080|http|backend.default.svc.cluster.local
-    connect_timeout: 5s
-    type: STATIC
-    load_assignment:
-      cluster_name: inbound|9080|http|backend.default.svc.cluster.local
-      endpoints:
-      - lb_endpoints:
-        - endpoint:
-            address:
-              socket_address:
-                address: 127.0.0.1
-                port_value: {{.Ports.BackendPort}}
   - name: inbound|9080|http|server.default.svc.cluster.local
     connect_timeout: 5s
     type: STATIC
@@ -162,16 +108,18 @@ static_resources:
             address:
               socket_address:
                 address: 127.0.0.1
-                port_value: {{.Ports.ClientToAppProxyPort}}
+                port_value: {{.Ports.BackendPort}}
+{{.ClusterTLSContext | indent 4 }}
   listeners:
-  - name: proxy-to-server
+  - name: proxy-to-backend
     traffic_direction: INBOUND
     address:
       socket_address:
         address: 127.0.0.1
-        port_value: {{.Ports.ProxyToServerProxyPort}}
+        port_value: {{.Ports.ClientToServerProxyPort}}
     filter_chains:
     - filters:
+{{.FiltersBeforeHTTPConnectionManagerInProxyToServer | indent 6 }}
       - name: envoy.http_connection_manager
         config:
           codec_type: AUTO
@@ -184,46 +132,17 @@ static_resources:
 {{.FiltersBeforeEnvoyRouterInProxyToServer | indent 10 }}
           - name: envoy.router
           route_config:
-            name: proxy-to-server-route
+            name: proxy-to-backend-route
             virtual_hosts:
-            - name: proxy-to-server-route
+            - name: proxy-to-backend-route
               domains: ["*"]
               routes:
               - match:
                   prefix: /
                 route:
                   cluster: inbound|9080|http|server.default.svc.cluster.local
                   timeout: 0s
-  - name: client-to-app
-    address:
-      socket_address:
-        address: 127.0.0.1
-        port_value: {{.Ports.ClientToAppProxyPort}}
-    filter_chains:
-    - filters:
-      - name: envoy.http_connection_manager
-        config:
-          codec_type: AUTO
-          stat_prefix: outbound_http
-          access_log:
-          - name: envoy.file_access_log
-            config:
-              path: {{.ServerAccessLogPath}}
-          http_filters:
-{{.FiltersBeforeEnvoyRouterInClientToApp | indent 10 }}
-          - name: envoy.router
-          route_config:
-            name: client-to-app-route
-            virtual_hosts:
-            - name: client-to-app-route
-              domains: ["*"]
-              routes:
-              - match:
-                  prefix: /
-                route:
-                  cluster: inbound|9080|http|backend.default.svc.cluster.local
-                  timeout: 0s
-`
+{{.TLSContext | indent 6 }}`
 
 // CreateEnvoyConf create envoy config.
 func (s *TestSetup) CreateEnvoyConf(path, confTmpl string) error {

@@ -15,12 +15,15 @@
 package env
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
 	"net/url"
+	"path/filepath"
 	"strings"
 	"time"
 )
@@ -53,6 +56,50 @@ func HTTPGet(url string) (code int, respBody string, err error) {
 	return code, respBody, nil
 }
 
+// HTTPGet send GET
+func HTTPTlsGet(url, rootdir string, port uint16) (code int, respBody string, err error) {
+	certPool := x509.NewCertPool()
+	bs, err := ioutil.ReadFile(filepath.Join(rootdir, "testdata/certs/cert-chain.pem"))
+	if err != nil {
+		return 0, "", fmt.Errorf("failed to read client ca cert: %s", err)
+	}
+	ok := certPool.AppendCertsFromPEM(bs)
+	if !ok {
+		return 0, "", fmt.Errorf("failed to append client certs")
+	}
+
+	certificate, err := tls.LoadX509KeyPair(filepath.Join(rootdir, "testdata/certs/cert-chain.pem"),
+		filepath.Join(rootdir, "testdata/certs/key.pem"))
+	if err != nil {
+		return 0, "", fmt.Errorf("failed to get certificate")
+	}
+	tlsConf := &tls.Config{Certificates: []tls.Certificate{certificate}, ServerName: "localhost", RootCAs: certPool}
+	tr := &http.Transport{
+		TLSClientConfig: tlsConf,
+		//DialTLS: func(network, addr string) (net.Conn, error) {
+		//	return tls.Dial("tcp", fmt.Sprintf("localhost:%d", port), tlsConf)
+		//return tls.Dial(network, addr, tlsConf)
+		//},
+	}
+	log.Println("HTTP TLS GET", url)
+	client := &http.Client{Timeout: httpTimeOut, Transport: tr}
+	resp, err := client.Get(url)
+	log.Println("resp ", resp)
+	if err != nil {
+		log.Println(err)
+		return 0, "", err
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Println(err)
+		return 0, "", err
+	}
+	respBody = string(body)
+	code = resp.StatusCode
+	return code, respBody, nil
+}
+
 // HTTPPost sends POST
 func HTTPPost(url string, contentType string, reqBody string) (code int, respBody string, err error) {
 	log.Println("HTTP POST", url)
@@ -133,9 +180,20 @@ func HTTPGetWithHeaders(l string, headers map[string]string) (code int, respBody
 
 // WaitForHTTPServer waits for a HTTP server
 func WaitForHTTPServer(url string) error {
+	return WaitForHTTPServerWithTLS(url, "", false, 0)
+}
+
+// WaitForHTTPServer waits for a HTTP server
+func WaitForHTTPServerWithTLS(url, rootDir string, enableTLS bool, port uint16) error {
 	for i := 0; i < maxAttempts; i++ {
 		log.Println("Pinging URL: ", url)
-		code, _, err := HTTPGet(url)
+		var err error
+		var code int
+		if enableTLS {
+			code, _, err = HTTPTlsGet(url, rootDir, port)
+		} else {
+			code, _, err = HTTPGet(url)
+		}
 		if err == nil && code == http.StatusOK {
 			log.Println("Server is up and running...")
 			return nil