Skip to content

Commit

Permalink
add more tests for external service (istio#11752)
Browse files Browse the repository at this point in the history 
* add more tests

* add an error msg

* more tests

* fix char

* rename test yaml file

* mark as unreachable for TLS protocol with VS

* add another test

* remove wikipedia in many tests

* remove dash

* .* not allowed at hosts ending

* looks like no VS for TLS protocol too

* rename per shriram comment

* address comment

* delete not needed file

* typos

* when host has * must provide endpoints

* remove redundant data
  • Loading branch information
@linsun @wenchenglu
linsun authored and wenchenglu committed Feb 19, 2019
1 parent e24bb65 commit e2f1ea7
Show file tree
Hide file tree
Showing 6 changed files with 191 additions and 28 deletions.
6 changes: 3 additions & 3 deletions pilot/pkg/model/validation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2146,12 +2146,12 @@ func ValidateServiceEntry(name, namespace string, config proto.Message) (errs er
switch serviceEntry.Resolution {
case networking.ServiceEntry_NONE:
if len(serviceEntry.Endpoints) != 0 {
errs = appendErrors(errs, fmt.Errorf("no endpoints should be provided for discovery type none"))
errs = appendErrors(errs, fmt.Errorf("no endpoints should be provided for resolution type none"))
}
case networking.ServiceEntry_STATIC:
if len(serviceEntry.Endpoints) == 0 {
errs = appendErrors(errs,
fmt.Errorf("endpoints must be provided if service entry discovery mode is static"))
fmt.Errorf("endpoints must be provided if service entry resolution mode is static"))
}

unixEndpoint := false
Expand Down Expand Up @@ -2183,7 +2183,7 @@ func ValidateServiceEntry(name, namespace string, config proto.Message) (errs er
for _, host := range serviceEntry.Hosts {
if err := ValidateFQDN(host); err != nil {
errs = appendErrors(errs,
fmt.Errorf("hosts must be FQDN if no endpoints are provided for discovery mode DNS"))
fmt.Errorf("hosts must be FQDN if no endpoints are provided for resolution mode DNS"))
}
}
}
Expand Down
160 changes: 136 additions & 24 deletions tests/e2e/tests/pilot/externalservice_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package pilot
import (
"fmt"
"testing"

"istio.io/istio/pkg/log"
)

func TestServiceEntry(t *testing.T) {
Expand All @@ -28,67 +30,176 @@ func TestServiceEntry(t *testing.T) {
url string
shouldBeReachable bool
}{
// use www.google.com as google.com results in 301
{
name: "REACHABLE_www.google.com_over_google_80",
name: "REACHABLE_www.google.com_80_over_google_80",
config: "testdata/networking/v1alpha3/service-entry-google.yaml",
url: "http://www.google.com",
shouldBeReachable: true,
},
{
name: "REACHABLE_www.google.com_over_google_443",
name: "REACHABLE_www.google.com_443_over_google_443",
config: "testdata/networking/v1alpha3/service-entry-google.yaml",
url: "https://www.google.com",
shouldBeReachable: true,
},
// use www.bing.com as bing.com results in 301.
{
name: "UNREACHABLE_bing.com_over_google_443",
name: "UNREACHABLE_www.bing.com_443_over_google_443",
config: "testdata/networking/v1alpha3/service-entry-google.yaml",
url: "https://bing.com",
url: "https://www.bing.com",
shouldBeReachable: false,
},
{
name: "REACHABLE_www.bing.com_over_bing_wildcard_80",
name: "UNREACHABLE_www.bing.com_80_over_google_443",
config: "testdata/networking/v1alpha3/service-entry-google.yaml",
url: "http://www.bing.com",
shouldBeReachable: false,
},
{
name: "REACHABLE_www.bing.com_80_over_bing_wildcard_80",
config: "testdata/networking/v1alpha3/service-entry-wildcard-bing.yaml",
url: "http://www.bing.com",
shouldBeReachable: true,
},
// note this will get a 301 move response when reachable
{
name: "UNREACHABLE_bing.com_over_bing_wildcard_80",
name: "UNREACHABLE_www_bing.com_443_over_bing_wildcard_80",
config: "testdata/networking/v1alpha3/service-entry-wildcard-bing.yaml",
url: "http://bing.com",
url: "https://www.bing.com",
shouldBeReachable: false,
},
// test resolution NONE
{
name: "REACHABLE_www.wikipedia.org_443_over_wikipedia_cidr_range_443",
config: "testdata/networking/v1alpha3/service-entry-tcp-wikipedia-cidr.yaml",
url: "https://www.wikipedia.org",
shouldBeReachable: true,
},
{
name: "UNREACHABLE_www.google.com_443_over_wikipedia_cidr_range_443",
config: "testdata/networking/v1alpha3/service-entry-tcp-wikipedia-cidr.yaml",
url: "https://www.google.com",
shouldBeReachable: false,
},
// See issue https://github.com/istio/istio/issues/7869
//{
// name: "REACHABLE_wikipedia.org_over_cidr_range",
// config: "testdata/networking/v1alpha3/service-entry-tcp-wikipedia-cidr.yaml",
// url: "https://www.wikipedia.org",
// shouldBeReachable: true,
//},
//{
// name: "UNREACHABLE_google.com_over_cidr_range",
// config: "testdata/networking/v1alpha3/service-entry-tcp-wikipedia-cidr.yaml",
// url: "https://google.com",
// shouldBeReachable: false,
//},
{
name: "REACHABLE_en.wikipedia.org_over_wikipedia_wildcard",
{
name: "REACHABLE_en.wikipedia.org_443_over_wikipedia_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-wikipedia.yaml",
url: "https://en.wikipedia.org/wiki/Main_Page",
shouldBeReachable: true,
},
{
name: "REACHABLE_de.wikipedia.org_over_wikipedia_wildcard",
name: "REACHABLE_de.wikipedia.org_443__over_wikipedia_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-wikipedia.yaml",
url: "https://de.wikipedia.org/wiki/Wikipedia:Hauptseite",
shouldBeReachable: true,
},
{
name: "UNREACHABLE_www.wikipedia.org_over_wikipedia_wildcard",
name: "UNREACHABLE_www.wikipedia.org_443_over_wikipedia_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-wikipedia.yaml",
url: "https://www.wikipedia.org",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.bing.com_443_over_wikipedia_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-wikipedia.yaml",
url: "https://www.bing.com",
shouldBeReachable: false,
},
// test TLS protocol without VS, resolution DNS
// doesn't match specified host *.google.co.uk or *.google.co.in
{
name: "UNREACHABLE_www.google.com_443_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "https://www.google.com",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.google.com_80_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "http://www.google.com",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.google.co.uk_80_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "http://www.google.co.uk/",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.google.co.in_80_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "http://www.google.co.in/",
shouldBeReachable: false,
},
{
name: "REACHABLE_www.google.co.uk_443_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "https://www.google.co.uk/",
shouldBeReachable: true,
},
{
name: "REACHABLE_www.google.co.in_443_no_vs_over_google_wildcard_tls",
config: "testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml",
url: "https://www.google.co.in/",
shouldBeReachable: true,
},
// test https without VS - related multihosts with resolution DNS
{
name: "REACHABLE_www.google.co.in_443_no_vs_over_google_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-google-no-vs.yaml",
url: "https://www.google.co.in/",
shouldBeReachable: true,
},
{
name: "REACHABLE_www.google.com.uk_443_no_vs_over_google_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-google-no-vs.yaml",
url: "https://www.google.co.uk/",
shouldBeReachable: true,
},
{
name: "UNREACHABLE_www.google.com_443_no_vs_over_google_wildcard_443_https",
config: "testdata/networking/v1alpha3/wildcard-https-google-no-vs.yaml",
url: "https://www.google.com",
shouldBeReachable: false,
},
// test unrelated multihosts with resolution NONE
{
name: "REACHABLE_www.google.com_443_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "https://www.google.com",
shouldBeReachable: true,
},
{
name: "REACHABLE_www.bing.com_443_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "https://www.bing.com",
shouldBeReachable: true,
},
{
name: "UNREACHABLE_www.google.com_80_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "http://www.google.com",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.bing.com_80_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "http://www.bing.com",
shouldBeReachable: false,
},
{
name: "UNREACHABLE_www.wikipedia.org_443_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "https://www.wikipedia.org",
shouldBeReachable: false,
},
{
name: "REACHABLE_cn.bing.com_443_no_vs_over_multihosts_wildcard_443",
config: "testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml",
url: "https://cn.bing.com",
shouldBeReachable: true,
},
}

var cfgs *deployableConfig
Expand Down Expand Up @@ -137,6 +248,7 @@ func TestServiceEntry(t *testing.T) {
return fmt.Errorf("%s is reachable from %s (should be unreachable)", cs.url, src)
}
if !reachable && cs.shouldBeReachable {
log.Errorf("%s is not reachable while it should be reachable from %s", cs.url, src)
return errAgain
}

Expand Down
18 changes: 18 additions & 0 deletions tests/e2e/tests/pilot/testdata/networking/v1alpha3/wildcard-https-google-no-vs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: wildcardgooglenovs
spec:
hosts:
- "*.google.co.uk"
- "*.google.co.in"
endpoints:
- address: google.co.uk
- address: google.co.in
location: MESH_EXTERNAL
resolution: DNS
ports:
- number: 443
name: https
protocol: HTTPS

15 changes: 15 additions & 0 deletions tests/e2e/tests/pilot/testdata/networking/v1alpha3/wildcard-https-multihosts-no-vs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: googlebing
spec:
hosts:
- www.google.com
- "*.bing.com"
ports:
- number: 443
name: https
protocol: HTTPS
resolution: NONE
location: MESH_EXTERNAL

18 changes: 18 additions & 0 deletions tests/e2e/tests/pilot/testdata/networking/v1alpha3/wildcard-tls-google-no-vs.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: wildcardgoogletls
spec:
hosts:
- "*.google.co.uk"
- "*.google.co.in"
endpoints:
- address: google.co.uk
- address: google.co.in
location: MESH_EXTERNAL
resolution: DNS
ports:
- number: 443
name: https
protocol: TLS

2 changes: 1 addition & 1 deletion tests/e2e/tests/pilot/testdata/networking/v1alpha3/wildcard-tls-wikipedia.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,4 @@ spec:
host: '*.wikipedia.org'
port:
number: 443
weight: 100
weight: 100

0 comments on commit e2f1ea7

Please sign in to comment.