Skip to content

Commit

Permalink
service-mesh: introduce config generation tests
Browse files Browse the repository at this point in the history 
With increasing envoy config complexity it gets more difficult to parse the final envoy config.
Therefore we introduce tests which compare the envoy config for specific scenarios with golden JSON representations of the expected output.
  • Loading branch information
@3u13r
3u13r committed Jan 21, 2025
1 parent 22eaf51 commit ac085b5
Show file tree
Hide file tree
Showing 2 changed files with 266 additions and 0 deletions.
43 changes: 43 additions & 0 deletions service-mesh/config_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package main

import (
_ "embed"
"fmt"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/goleak"
)

//go:embed golden/defaultEnvoy.json
var defaultEnvoyConfig []byte

func TestCompareEnvoyConfigToGolden(t *testing.T) {
require := require.New(t)

config, err := ParseProxyConfig("", "", "")
require.NoError(err)

testCases := map[string]struct {
pConfig ProxyConfig
}{
"success": {
pConfig: config,
},
}

for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
configJSON, err := tc.pConfig.ToEnvoyConfig()
require.NoError(err)
fmt.Println(string(configJSON))
assert.JSONEq(string(defaultEnvoyConfig), string(configJSON))
})
}
}

func TestMain(m *testing.M) {
goleak.VerifyTestMain(m)
}
223 changes: 223 additions & 0 deletions service-mesh/golden/defaultEnvoy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,223 @@
{
"staticResources": {
"listeners": [
{
"name": "ingress",
"address": {
"socketAddress": {
"address": "0.0.0.0",
"portValue": 15006
}
},
"filterChains": [
{
"filters": [
{
"name": "ingress",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "ingress",
"cluster": "ingressCluster"
}
}
],
"transportSocket": {
"name": "envoy.transport_sockets.tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"filename": "/contrast/tls-config/certChain.pem"
},
"privateKey": {
"filename": "/contrast/tls-config/key.pem"
}
}
],
"validationContext": {
"trustedCa": {
"filename": "/contrast/tls-config/mesh-ca.pem"
}
}
},
"requireClientCertificate": true
}
},
"name": "ingress"
},
{
"filters": [
{
"name": "BlackHoleFilter",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "BlackHoleCluster",
"cluster": "BlackHoleCluster"
}
}
],
"name": "BlackHoleFilter"
}
],
"filterChainMatcher": {
"matcherTree": {
"input": {
"name": "port",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DestinationPortInput"
}
},
"exactMatchMap": {
"map": {
"15006": {
"action": {
"name": "BlackHoleFilter",
"typedConfig": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "BlackHoleFilter"
}
}
}
}
}
},
"onNoMatch": {
"action": {
"name": "ingress",
"typedConfig": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "ingress"
}
}
}
},
"listenerFilters": [
{
"name": "tcpListener",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
}
],
"transparent": true
},
{
"name": "ingressWithoutClientAuth",
"address": {
"socketAddress": {
"address": "0.0.0.0",
"portValue": 15007
}
},
"filterChains": [
{
"filters": [
{
"name": "ingress",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "ingressWithoutClientAuth",
"cluster": "ingressCluster"
}
}
],
"transportSocket": {
"name": "envoy.transport_sockets.tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"filename": "/contrast/tls-config/certChain.pem"
},
"privateKey": {
"filename": "/contrast/tls-config/key.pem"
}
}
],
"validationContext": {
"trustedCa": {
"filename": "/contrast/tls-config/mesh-ca.pem"
}
}
},
"requireClientCertificate": false
}
},
"name": "ingressWithoutClientAuth"
},
{
"filters": [
{
"name": "BlackHoleFilter",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "BlackHoleCluster",
"cluster": "BlackHoleCluster"
}
}
],
"name": "BlackHoleFilter"
}
],
"filterChainMatcher": {
"matcherTree": {
"input": {
"name": "port",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DestinationPortInput"
}
},
"exactMatchMap": {
"map": {
"15007": {
"action": {
"name": "BlackHoleFilter",
"typedConfig": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "BlackHoleFilter"
}
}
}
}
}
},
"onNoMatch": {
"action": {
"name": "ingress",
"typedConfig": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "ingressWithoutClientAuth"
}
}
}
},
"listenerFilters": [
{
"name": "tcpListener",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
}
],
"transparent": true
}
],
"clusters": [
{
"name": "ingressCluster",
"type": "ORIGINAL_DST",
"lbPolicy": "CLUSTER_PROVIDED",
"dnsLookupFamily": "V4_ONLY"
},
{
"name": "BlackHoleCluster",
"type": "STATIC",
"connectTimeout": "10s"
}
]
}
}

0 comments on commit ac085b5

Please sign in to comment.