/
envoy.istio
/
mosn
GigaCode
beta
ОбзорЦентр заботыВойти

mosn

Форк
0
Ветки: 7Коммиты: 5251Теги: 39
mosn
/test
/cases
/tls
/
disable_test.go 
228 строк · 8.3 Кб
1
//go:build MOSNTest
2
// +build MOSNTest
3


4
package tls
5


6
import (
7
	"encoding/json"
8
	"net/http"
9
	"strconv"
10
	"testing"
11


12
	. "mosn.io/mosn/test/framework"
13
	"mosn.io/mosn/test/lib"
14
	"mosn.io/mosn/test/lib/mosn"
15
	"mosn.io/mosn/test/lib/xprotocol/boltv1"
16
)
17


18
func DisableTLS(t *testing.T, disable bool) {
19
	resp, err := http.Get("http://127.0.0.1:34901/debug/disable_tls?disable=" + strconv.FormatBool(disable))
20
	if err != nil {
21
		t.Fatalf("disable tls failed: %v", err)
22
	}
23
	defer resp.Body.Close()
24
	if resp.StatusCode != http.StatusOK {
25
		t.Fatalf("disable tls failed: %d", resp.StatusCode)
26
	}
27
}
28


29
func GetTLSConnpoolMetrics(t *testing.T, m *mosn.MosnOperator) int64 {
30
	b, err := m.GetMosnMetrics(34901, "mosn_tls.tls.global")
31
	if err != nil {
32
		t.Fatalf("get mosn metrics failed: %v", err)
33
	}
34
	data := map[string]map[string]map[string]string{}
35
	if err := json.Unmarshal(b, &data); err != nil {
36
		t.Fatalf("get mosn metrics failed: %v, data: %s", err, string(b))
37
	}
38
	value, ok := data["mosn_tls"]["tls.global"]["connpool_changed"]
39
	if !ok {
40
		t.Fatalf("get mosn metrics failed: %v", data)
41
	}
42
	i, _ := strconv.ParseInt(value, 10, 64)
43
	return i
44


45
}
46


47
func TestDisableTLSAndUpdateHostTLS(t *testing.T) {
48
	Scenario(t, "change tls states, connection pool changed", func() {
49
		var m *mosn.MosnOperator
50
		m, _ = lib.InitMosn(tlsConfig, lib.CreateConfig(MockBoltServerConfig))
51
		client := lib.CreateClient("bolt", &boltv1.BoltClientConfig{
52
			TargetAddr: "127.0.0.1:2045",
53
			Verify: &boltv1.VerifyConfig{
54
				ExpectedStatusCode: 0,
55
			},
56
		})
57
		Case("disable tls, no connection pool changed", func() {
58
			// make request to create connection
59
			Verify(client.SyncCall(), Equal, true)
60
			DisableTLS(t, true)
61
			Verify(client.SyncCall(), Equal, true)
62
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(0))
63
		})
64
		Case("update tls config when disabled, connection pool changed", func() {
65
			// enable tls
66
			config := `{
67
				"name": "mosn_cluster",
68
				"type": "SIMPLE",
69
				"lb_type": "LB_RANDOM",
70
				"cluster_manager_tls": true,
71
				"hosts":[
72
					{"address":"127.0.0.1:2046"}
73
				]
74
			}`
75
			err := m.UpdateConfig(34901, "cluster", config)
76
			Verify(err, Equal, nil)
77
			Verify(client.SyncCall(), Equal, true)
78
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(1))
79
			DisableTLS(t, false)
80
			Verify(client.SyncCall(), Equal, true) // changed to tls request
81
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(2))
82
		})
83
		Case("disable and update again", func() {
84
			DisableTLS(t, true)
85
			Verify(client.SyncCall(), Equal, true)
86
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(3)) // tls to non-tls.
87
			config := `{
88
				"name": "mosn_cluster",
89
				"type": "SIMPLE",
90
				"lb_type": "LB_RANDOM",
91
				"cluster_manager_tls": true,
92
				"hosts":[
93
					{"address":"127.0.0.1:2046", "tls_disable":true}
94
				]
95
			}`
96
			err := m.UpdateConfig(34901, "cluster", config)
97
			Verify(err, Equal, nil)
98
			Verify(client.SyncCall(), Equal, true)
99
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(4)) // non-tls to non-tls, but host config changed. connection changed
100
			DisableTLS(t, false)
101
			Verify(client.SyncCall(), Equal, true)
102
			Verify(GetTLSConnpoolMetrics(t, m), Equal, int64(4)) // non-tls to non-tls, and host config is not changed. no connection changed
103
		})
104
	})
105
}
106


107
const MockBoltServerConfig = `{
108
	 "protocol":"bolt",
109
	 "config": {
110
		 "address": "127.0.0.1:8080"
111
	 }
112
}`
113


114
const tlsConfig = `{
115
	"servers":[
116
		{
117
			"default_log_path":"stdout",
118
			"default_log_level": "INFO",
119
			"routers":[
120
				{
121
					"router_config_name":"router_to_mosn",
122
					"virtual_hosts":[{
123
						"name":"mosn_hosts",
124
						"domains": ["*"],
125
						"routers": [
126
							{
127
								"match":{"headers":[{"name":"service","value":".*"}]},
128
								"route":{"cluster_name":"mosn_cluster"}
129
							}
130
						]
131
					}]
132
				},
133
				{
134
					"router_config_name":"router_to_server",
135
					"virtual_hosts":[{
136
						"name":"server_hosts",
137
						"domains": ["*"],
138
						"routers": [
139
							{
140
								"match":{"headers":[{"name":"service","value":".*"}]},
141
								"route":{"cluster_name":"server_cluster"}
142
							}
143
						]
144
					}]
145
				}
146
			],
147
			"listeners":[
148
				{
149
					"address":"127.0.0.1:2045",
150
					"bind_port": true,
151
					"filter_chains": [{
152
						"filters": [
153
							{
154
								"type": "proxy",
155
								"config": {
156
									"downstream_protocol": "X",
157
									"upstream_protocol": "X",
158
									"extend_config": {
159
										 "sub_protocol": "bolt"
160
									},
161
									"router_config_name":"router_to_mosn"
162
								}
163
							}
164
						]
165
					}]
166
				},
167
				{
168
					"address":"127.0.0.1:2046",
169
					"bind_port": true,
170
					"inspector": true,
171
					"filter_chains": [{
172
						"tls_context":{
173
							"status": true,
174
							"cert_chain": "-----BEGIN CERTIFICATE-----\nMIIDJTCCAg0CAQEwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCQ04xCjAIBgNV\nBAgMAWExCjAIBgNVBAcMAWExCjAIBgNVBAoMAWExCjAIBgNVBAsMAWExCjAIBgNV\nBAMMAWExEDAOBgkqhkiG9w0BCQEWAWEwHhcNMTgwNjE0MDMxMzQyWhcNMTkwNjE0\nMDMxMzQyWjBWMQswCQYDVQQGEwJDTjEKMAgGA1UECAwBYTEKMAgGA1UECgwBYTEK\nMAgGA1UECwwBYTERMA8GA1UEAwwIdGVzdC5jb20xEDAOBgkqhkiG9w0BCQEWAWEw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrPq+Mo0nS3dJU1qGFwlIB\ni9HqRm5RGcfps+0W5LjEhqUKxKUweRrwDaIxpiSqjKeehz9DtLUpXBD29pHuxODU\nVsMH2U1AGWn9l4jMnP6G5iTMPJ3ZTXszeqALe8lm/f807ZA0C7moc+t7/d3+b6d2\nlnwR+yWbIZJUu2qw+HrR0qPpNlBP3EMtlQBOqf4kCl6TfpqrGfc9lW0JjuE6Taq3\ngSIIgzCsoUFe30Yemho/Pp4zA9US97DZjScQLQAGiTsCRDBASxXGzODQOfZL3bCs\n2w//1lqGjmhp+tU1nR4MRN+euyNX42ioEz111iB8y0VzuTIsFBWwRTKK1SF7YSEb\nAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABnRM9JJ21ZaujOTunONyVLHtmxUmrdr\n74OJW8xlXYEMFu57Wi40+4UoeEIUXHviBnONEfcITJITYUdqve2JjQsH2Qw3iBUr\nmsFrWS25t/Krk2FS2cKg8B9azW2+p1mBNm/FneMv2DMWHReGW0cBp3YncWD7OwQL\n9NcYfXfgBgHdhykctEQ97SgLHDKUCU8cPJv14eZ+ehIPiv8cDWw0mMdMeVK9q71Y\nWn2EgP7HzVgdbj17nP9JJjNvets39gD8bU0g2Lw3wuyb/j7CHPBBzqxh+a8pihI5\n3dRRchuVeMQkMuukyR+/A8UrBMA/gCTkXIcP6jKO1SkKq5ZwlMmapPc=\n-----END CERTIFICATE-----\n",
175
							"private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAqz6vjKNJ0t3SVNahhcJSAYvR6kZuURnH6bPtFuS4xIalCsSl\nMHka8A2iMaYkqoynnoc/Q7S1KVwQ9vaR7sTg1FbDB9lNQBlp/ZeIzJz+huYkzDyd\n2U17M3qgC3vJZv3/NO2QNAu5qHPre/3d/m+ndpZ8EfslmyGSVLtqsPh60dKj6TZQ\nT9xDLZUATqn+JApek36aqxn3PZVtCY7hOk2qt4EiCIMwrKFBXt9GHpoaPz6eMwPV\nEvew2Y0nEC0ABok7AkQwQEsVxszg0Dn2S92wrNsP/9Zaho5oafrVNZ0eDETfnrsj\nV+NoqBM9ddYgfMtFc7kyLBQVsEUyitUhe2EhGwIDAQABAoIBAG2Bj5ca0Fmk+hzA\nh9fWdMSCWgE7es4n81wyb/nE15btF1t0dsIxn5VE0qR3P1lEyueoSz+LrpG9Syfy\nc03B3phKxzscrbbAybOeFJ/sASPYxk1IshRE5PT9hJzzUs6mvG1nQWDW4qmjP0Iy\nDKTpV6iRANQqy1iRtlay5r42l6vWwHfRfwAv4ExSS+RgkYcavqOp3e9If2JnFJuo\n7Zds2i7Ux8dURX7lHqKxTt6phgoMmMpvO3lFYVGos7F13OR9NKElzjiefAQbweAt\nt8R+6A1rlIwnfywxET9ZXglfOFK6Q0nqCJhcEcKzT/Xfkd+h9XPACjOObJh3a2+o\nwg9GBFECgYEA2a6JYuFanKzvajFPbSeN1csfI9jPpK2+tB5+BB72dE74B4rjygiG\n0Rb26UjovkYfJJqKuKr4zDL5ziSlJk199Ae2f6T7t7zmyhMlWQtVT12iTQvBINTz\nNerKi5HNVBsCSGj0snbwo8u4QRgTjaIoVqTlOlUQuGqYuZ75l8g35IkCgYEAyWOM\nKagzpGmHWq/0ThN4kkwWOdujxuqrPf4un2WXsir+L90UV7X9wY4mO19pe5Ga2Upu\nXFDsxAZsanf8SbzkTGHvzUobFL7eqsiwaUSGB/cGEtkIyVlAdyW9DhiZFt3i9mEF\nbBsHnEDHPHL4tu+BB8G3WahHjWOnbWZ3NTtP94MCgYEAi3XRmSLtjYER5cPvsevs\nZ7M5oRqvdT7G9divPW6k0MEjEJn/9BjgXqbKy4ylZ/m+zBGinEsVGKXz+wjpMY/m\nCOjEGCUYC5AfgAkiHVkwb6d6asgEFEe6BaoF18MyfBbNsJxlYMzowNeslS+an1vr\nYg9EuMl06+GHNSzPlVl1zZkCgYEAxXx8N2F9eu4NUK4ZafMIGpbIeOZdHbSERp+b\nAq5yasJkT3WB/F04QXVvImv3Gbj4W7r0rEyjUbtm16Vf3sOAMTMdIHhaRCbEXj+9\nVw1eTjM8XoE8b465e92jHk6a2WSvq6IK2i9LcDvJ5QptwZ7uLjgV37L4r7sYtVx0\n69uFGJcCgYEAot7im+Yi7nNsh1dJsDI48liKDjC6rbZoCeF7Tslp8Lt+4J9CA9Ux\nSHyKjg9ujbjkzCWrPU9hkugOidDOmu7tJAxB5cS00qJLRqB5lcPxjOWcBXCdpBkO\n0tdT/xRY/MYLf3wbT95enaPlhfeqBBXKNQDya6nISbfwbMLfNxdZPJ8=\n-----END RSA PRIVATE KEY-----\n"
176
						},
177
						"filters": [
178
							{
179
								 "type": "proxy",
180
								 "config": {
181
									 "downstream_protocol": "X",
182
									 "upstream_protocol": "X",
183
									 "extend_config": {
184
										 "sub_protocol": "bolt"
185
									 },
186
									 "router_config_name":"router_to_server"
187
								 }
188
							}
189
						]
190
					}]
191
				}
192
			]
193
		}
194
	],
195
	"cluster_manager": {
196
		"tls_context": {
197
			"status": true,
198
			"insecure_skip": true
199
		},
200
		"clusters":[
201
			{
202
				"name": "mosn_cluster",
203
				"type": "SIMPLE",
204
				"lb_type": "LB_RANDOM",
205
				"cluster_manager_tls": true,
206
				"hosts":[
207
					{"address":"127.0.0.1:2046", "tls_disable": true}
208
				]
209
			},
210
			{
211
				"name": "server_cluster",
212
				"type": "SIMPLE",
213
				"lb_type": "LB_RANDOM",
214
				"hosts":[
215
					{"address":"127.0.0.1:8080"}
216
				]
217
			}
218
		]
219
	},
220
	"admin": {
221
		"address": {
222
			"socket_address": {
223
				"address": "127.0.0.1",
224
				"port_value": 34901
225
			}
226
		}
227
	}
228
}`
229

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.