-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into fix_altdomain_dcname_overlap
- Loading branch information
Showing
17 changed files
with
368 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
115 changes: 115 additions & 0 deletions
115
agent/xds/testdata/listeners/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| { | ||
| "versionInfo": "00000001", | ||
| "resources": [ | ||
| { | ||
| "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
| "name": "db:127.0.0.1:9191", | ||
| "address": { | ||
| "socketAddress": { | ||
| "address": "127.0.0.1", | ||
| "portValue": 9191 | ||
| } | ||
| }, | ||
| "filterChains": [ | ||
| { | ||
| "filters": [ | ||
| { | ||
| "name": "envoy.filters.network.tcp_proxy", | ||
| "typedConfig": { | ||
| "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
| "statPrefix": "upstream.db.default.default.dc1", | ||
| "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "trafficDirection": "OUTBOUND" | ||
| }, | ||
| { | ||
| "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
| "name": "prepared_query:geo-cache:127.10.10.10:8181", | ||
| "address": { | ||
| "socketAddress": { | ||
| "address": "127.10.10.10", | ||
| "portValue": 8181 | ||
| } | ||
| }, | ||
| "filterChains": [ | ||
| { | ||
| "filters": [ | ||
| { | ||
| "name": "envoy.filters.network.tcp_proxy", | ||
| "typedConfig": { | ||
| "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
| "statPrefix": "upstream.prepared_query_geo-cache", | ||
| "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "trafficDirection": "OUTBOUND" | ||
| }, | ||
| { | ||
| "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
| "name": "public_listener:0.0.0.0:9999", | ||
| "address": { | ||
| "socketAddress": { | ||
| "address": "0.0.0.0", | ||
| "portValue": 9999 | ||
| } | ||
| }, | ||
| "filterChains": [ | ||
| { | ||
| "filters": [ | ||
| { | ||
| "name": "envoy.filters.network.rbac", | ||
| "typedConfig": { | ||
| "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", | ||
| "rules": {}, | ||
| "statPrefix": "connect_authz" | ||
| } | ||
| }, | ||
| { | ||
| "name": "envoy.filters.network.tcp_proxy", | ||
| "typedConfig": { | ||
| "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
| "statPrefix": "public_listener", | ||
| "cluster": "local_app" | ||
| } | ||
| } | ||
| ], | ||
| "transportSocket": { | ||
| "name": "tls", | ||
| "typedConfig": { | ||
| "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", | ||
| "commonTlsContext": { | ||
| "tlsParams": {}, | ||
| "tlsCertificates": [ | ||
| { | ||
| "certificateChain": { | ||
| "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" | ||
| }, | ||
| "privateKey": { | ||
| "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" | ||
| } | ||
| } | ||
| ], | ||
| "validationContext": { | ||
| "trustedCa": { | ||
| "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" | ||
| } | ||
| } | ||
| }, | ||
| "requireClientCertificate": true | ||
| } | ||
| } | ||
| } | ||
| ], | ||
| "trafficDirection": "INBOUND" | ||
| } | ||
| ], | ||
| "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
| "nonce": "00000001" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # Remote Debugging Integration Tests | ||
|
|
||
| - [Introduction](#introduction) | ||
| - [How it works](#how-it-works) | ||
| - [Getting Started](#getting-started) | ||
| - [Prerequisites](#prerequisites) | ||
| - [Running Upgrade integration tests](#debugging-integration-tests) | ||
| - [Building images](#building-images) | ||
| - [Remote debugging using GoLand](#remote-debugging-using-goland) | ||
|
|
||
|
|
||
| ## Introduction | ||
|
|
||
| Remote debugging integration tests allows you to attach your debugger to the consul container and debug go code running on that container. | ||
|
|
||
| ### How it works | ||
| The `dev-docker-dbg` Make target will build consul docker container that has the following: | ||
| - [delve (dlv) debugger](https://github.com/go-delve/delve) installed. | ||
| - a port exposed on the container that allows a debugger from your development environment to connect and attach to the consul process and debug it remotely. | ||
| - logs out the host and port information so that you have the information needed to connect to the port. | ||
|
|
||
| The integration tests have been modified to expose the `--debug` flag that will switch the test from using a `consul:local` image that can be built using `make dev-docker` to using the `consul-dbg:local` image that was build from `make dev-docker-dbg`. | ||
|
|
||
| The test is run in debug mode with a breakpoint set to just after the cluster is created and you can retrieve the port information. From there, you can set up a remote debugging session that connects to this port. | ||
|
|
||
| ## Getting Started | ||
| ### Prerequisites | ||
| To run/debug integration tests locally, the following tools are required on your machine: | ||
| - Install [Go](https://go.dev/) (the version should match that of our CI config's Go image). | ||
| - Install [`Makefile`](https://www.gnu.org/software/make/manual/make.html). | ||
| - Install [`Docker`](https://docs.docker.com/get-docker/) required to run tests locally. | ||
|
|
||
| ### Debugging integration tests | ||
| #### Building images | ||
| - Build a consul image with dlv installed and a port exposed that the debugger can attach to. | ||
| ``` | ||
| make dev-docker-dbg | ||
| ``` | ||
| - Build a consul-envoy container image from the consul root directory that is required for testing but not for debugging. | ||
| ``` | ||
| docker build consul-envoy:target-version --build-arg CONSUL_IMAGE=consul:local --build-arg ENVOY_VERSION=1.24.6 -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets | ||
| ``` | ||
|
|
||
| #### Remote debugging using GoLand | ||
| (For additional information, see [GoLand's documentation on remote debugging](https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.html#attach-to-a-process-on-a-remote-machine).) | ||
| ##### Set up the Debug Configuration for your test | ||
| - Create the configuration for debugging the test. (You may have to debug the test once so GoLand creates the configuration for you.) | ||
| - Go to `Run > Edit Configurations` and select the appropriate configuration. | ||
| - Add `--debug` to `Program arguments` and click OK. | ||
|
|
||
| <img src="./util/test_debug_configuration.png" alt="isolated" width="550"/> | ||
| ##### Obtain the debug port of your container | ||
| (This is required every time a test is debugged.) | ||
|
|
||
| - Put a breakpoint in the test that you are running right after the cluster has been created. This should be on the line after the call to `topology.NewCluster()`. | ||
| - Debug the test and wait for the debug session to stop on the breakpoint in the test. | ||
| - In the Debug window, search for `debug info` on the Console tab and note the host and port. | ||
|
|
||
| <img src="./util/test_debug_info.png" alt="isolated" width="550"/> | ||
| - Go to `Run > Edit Configurations` and add a `Go Remote` configuration with the host and port that your test has exposed. Click OK. | ||
|
|
||
| <img src="./util/test_debug_remote_configuration.png" alt="isolated" width="550"/> | ||
| - Debug the configuration that you just created. Verify that it shows as connected in the `Debugger` of this configuration in the `Debug` window. | ||
|
|
||
| <img src="./util/test_debug_remote_connected.png" alt="isolated" width="550"/> | ||
| ##### Debug the consul backend | ||
| - Set an appropriate breakpoint in the backend code of the endpoint that your test will call and that you wish to debug. | ||
| - Go to the test debugging tab for the integration test in the `Debug` window and `Resume Program`. | ||
|
|
||
| <img src="./util/test_debug_resume_program.png" alt="isolated" width="350"/> | ||
| - The remote debugging session should stop on the breakpoint, and you can freely debug the code path. | ||
|
|
||
| <img src="./util/test_debug_breakpoint_hit.png" alt="isolated" width="550"/> | ||
|
|
||
| #### Remote debugging using VSCode | ||
| (For additional information, see [VSCode's documentation on remote debugging](https://github.com/golang/vscode-go/blob/master/docs/debugging.md#remote-debugging).) | ||
|
|
||
| [comment]: <> (TODO: Openly looking for someone to add VSCode specific instructions.) |
Binary file added
BIN
+640 KB
test/integration/consul-container/test/util/test_debug_breakpoint_hit.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+287 KB
test/integration/consul-container/test/util/test_debug_configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+279 KB
test/integration/consul-container/test/util/test_debug_remote_configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+109 KB
test/integration/consul-container/test/util/test_debug_remote_connected.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+50.8 KB
test/integration/consul-container/test/util/test_debug_resume_program.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.