simpler, additional e2e functional test + auth test #833
Conversation
istio.VERSION
Outdated
| export PILOT_HUB="gcr.io/istio-testing" | ||
| export PILOT_TAG="3ac357f84576f881d9f57ed76e4e14a052ac5333" | ||
| export ISTIOCTL_URL="https://storage.googleapis.com/istio-artifacts/pilot/3ac357f84576f881d9f57ed76e4e14a052ac5333/artifacts/istioctl" |
There was a problem hiding this comment.
moved after PILOT_TAG so we can eventually change it to
export ISTIOCTL_URL="https://storage.googleapis.com/istio-artifacts/pilot/$PILOT_TAG/artifacts/istioctl"
istio.VERSION
Outdated
|
|
||
| export PROXY_DEBIAN_URL="https://storage.googleapis.com/istio-artifacts/proxy//artifacts/debs" | ||
| export FORTIO_HUB="gcr.io/istio-testing" | ||
| export FORTIO_TAG="a9b5395d6fe2e8cbcbe9b0835d0b48e88620b878" |
There was a problem hiding this comment.
this tag is from a bot presubmit, the artefact building is missing so far from postsubmit (separate pr)
| rules: | ||
| - http: | ||
| paths: | ||
| - path: /.* |
There was a problem hiding this comment.
doesn't seem to work (as I expect) with a different path e.g /fortio/.* if I call fortio/debug it doesn't work (as in it doesn't call fortio with /debug)
|
@ldemailly PR needs rebase |
# Conflicts: # istio.VERSION
plus todo
|
Can you add more details in the description about what it is testing? |
fortio: added -echo-debug-path option to change the /debug to something else (because I can’t get rewrite rules to work yet, but it’s also a useful feature anyway) Rewrite rule seems to do nothing Also observed I can’t talk pod to pod getting 404s somehow
|
@ldemailly PR needs rebase |
|
@ldemailly PR needs rebase |
| @@ -59,7 +59,7 @@ func init() { | |||
|
|
|||
| // Version is the fortio package version (TODO:auto gen/extract). | |||
| const ( | |||
| Version = "0.2.2" | |||
There was a problem hiding this comment.
Do we want this to be tied to the release ? Can we do like a bookstore where people manually increase when they update it. The release process is already as complicated as it is and I don't want to add artifacts that are not essential to istio usage.
There was a problem hiding this comment.
I'm fine with the internal version to be hardcoded / manually changing when I make a significant change for now
I do want the images to be built by postsubmit though
|
this is ready now, PTAL |
| os.Exit(tc.RunTest(m)) | ||
| } | ||
|
|
||
| func TestSimpleIngress(t *testing.T) { |
There was a problem hiding this comment.
Are the comment still valid ? Could you remove the one that is not working.
There was a problem hiding this comment.
updating the comments, thanks for noticing
| os.Exit(tc.RunTest(m)) | ||
| } | ||
|
|
||
| func TestSimpleIngress(t *testing.T) { |
There was a problem hiding this comment.
Are those tests independant ? if so that s OK, but if not you might want to use setup and tear down.
There was a problem hiding this comment.
it uses framework.NewCommonConfig
| export PROXY_TAG="${PROXY_TAG}" | ||
| export ISTIO_NAMESPACE="${ISTIO_NAMESPACE}" | ||
| export AUTH_DEBIAN_URL="${AUTH_DEBIAN_URL}" | ||
| export PILOT_DEBIAN_URL="${PILOT_DEBIAN_URL}" | ||
| export PROXY_DEBIAN_URL="${PROXY_DEBIAN_URL}" | ||
|
|
||
| export FORTIO_HUB="${FORTIO_HUB}" |
There was a problem hiding this comment.
Small comment - do we need so many hubs ? Also for fortio I think it may be ok to just use ':latest' and simplify things...
(just IMHO)
There was a problem hiding this comment.
I agree it's a lot overall but I'm just following the pattern in the code where things are split by hub and tag like all the other components. a follow up PR will make the tag auto updated with the rest
| @@ -644,15 +651,17 @@ func (c *BasicClient) readResponse(conn *net.TCPConn) { | |||
| } | |||
| break // we're done! | |||
| } | |||
| } | |||
| } // end of big for loop | |||
| // Figure out whether to keep or close the socket: | |||
| if keepAlive && c.code == http.StatusOK { | |||
| c.socket = conn // keep the open socket | |||
| } else { | |||
There was a problem hiding this comment.
nit: since this appears to be the end of the method, we could just return inside of the conditional, and avoid the else.
similarly, in the contained if-else, we could just return inside the if and avoid the else altogether.
There was a problem hiding this comment.
that whole method has a big TODO refactor but I don't want to do that just before the release
devel/fortio/http.go
Outdated
| go func(secure bool, port int) { | ||
| var err error | ||
| if secure { | ||
| Errf("Secure setup not yet supported will just close incoming connections for now") |
There was a problem hiding this comment.
nit: add punctuation between "supported" and "will"
devel/fortio/http.go
Outdated
| go func(port int) { | ||
| if err := http.Serve(listener, nil); err != nil { | ||
| Fatalf("Unable to serve on %d: %v", port, err) | ||
| go func(secure bool, port int) { |
There was a problem hiding this comment.
question: any reason not make this a separate method (or two)?
something like:
if secure {
go runSecure(port, listener)
return port
}
go runInsecure(port, listener)
return port
There was a problem hiding this comment.
it was going to be a 1 liner in the then: ServeTLS except that's a 1.9 feature but maybe I can make a "closingServer()" function for now instead of inlining?
| // with "echo debug server ..." on the /debug uri. | ||
| url := "http://" + tc.Kube.Ingress + "/fortio/debug" | ||
| glog.Infof("Fetching '%s'", url) | ||
| attempts := 7 // should not take more than 70s to be live... |
There was a problem hiding this comment.
thought: we should really consider having some readiness check for Ingress.
There was a problem hiding this comment.
yes in 0.3 I hope we build up more of library functions, this is just a start using what we already have (it does add a handy getPodList() for instance)
| } | ||
| // call into the service from each of the pods | ||
| for _, pod := range podList { | ||
| glog.Infof("From pod \"%s\"", pod) |
There was a problem hiding this comment.
why glog.Infof and not t.Logf ?
There was a problem hiding this comment.
mixer_test and others seem to be using glog.* - I think we may have some capture / log parsing code that uses glog format, not sure. good question for 0.3 testing fw
| } | ||
| _ = resp.Body.Close() | ||
| bodyStr := string(body) | ||
| glog.Infof("Attempt %d: reply is\n%s\n---END--", i, bodyStr) |
| return nil | ||
| } | ||
|
|
||
| func check(err error, msg string) { |
There was a problem hiding this comment.
nit: this is only used twice, in main(). it might make sense to just inline the code there, as this doesn't represent a big savings and is arguably a bit of an anti-pattern in golang.
There was a problem hiding this comment.
I copied this part from mixer_test :-) I think we should move it to the framework if we're going to use it a lot (or inline) ?
Thx doug
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: costinm, douglas-reid The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Automatic merge from submit-queue simpler, additional e2e functional test + auth test This is for a couple things: a) an e2e test (using the e2e framework) that has minimum dependencies and fast start which can be use as a starting point for new tests that do not rely on bookinfo b) exercise fortio images, ingress rule svc2sc c) detect whether auth is working or not d) bug fix in fortio when server errors out e) faster test start and end (and updated README with the faster instructions) _background/justification_ We all spent a lot of time debugging complex end2end test over the last few weeks, Also people have been complaining that writing new tests is hard (which is partially true as I learned through writing one), and we also don't have test verifying auth is really on This PR makes progress toward solving all 3 problems, introducing a simpler (than mixer/bookinfo) test. A simpler test lets us quickly smoke test basic features. This is additional to tests that exists in pilot (as this is about end2end with all the actual components in place, same code as we release) e2e is not exclusively "website tasks testing" and should have as many sane tests as we can have A separate effort - though this simpler test does help already - is to optimize the runtime and probably split test into "every PR" tests and "nightly"... etc... ```release-note New simpler e2e functional tests, including an auth test. ``` Former-commit-id: fad04b1
Automatic merge from submit-queue simpler, additional e2e functional test + auth test This is for a couple things: a) an e2e test (using the e2e framework) that has minimum dependencies and fast start which can be use as a starting point for new tests that do not rely on bookinfo b) exercise fortio images, ingress rule svc2sc c) detect whether auth is working or not d) bug fix in fortio when server errors out e) faster test start and end (and updated README with the faster instructions) _background/justification_ We all spent a lot of time debugging complex end2end test over the last few weeks, Also people have been complaining that writing new tests is hard (which is partially true as I learned through writing one), and we also don't have test verifying auth is really on This PR makes progress toward solving all 3 problems, introducing a simpler (than mixer/bookinfo) test. A simpler test lets us quickly smoke test basic features. This is additional to tests that exists in pilot (as this is about end2end with all the actual components in place, same code as we release) e2e is not exclusively "website tasks testing" and should have as many sane tests as we can have A separate effort - though this simpler test does help already - is to optimize the runtime and probably split test into "every PR" tests and "nightly"... etc... ```release-note New simpler e2e functional tests, including an auth test. ``` Former-commit-id: fad04b1
Automatic merge from submit-queue simpler, additional e2e functional test + auth test This is for a couple things: a) an e2e test (using the e2e framework) that has minimum dependencies and fast start which can be use as a starting point for new tests that do not rely on bookinfo b) exercise fortio images, ingress rule svc2sc c) detect whether auth is working or not d) bug fix in fortio when server errors out e) faster test start and end (and updated README with the faster instructions) _background/justification_ We all spent a lot of time debugging complex end2end test over the last few weeks, Also people have been complaining that writing new tests is hard (which is partially true as I learned through writing one), and we also don't have test verifying auth is really on This PR makes progress toward solving all 3 problems, introducing a simpler (than mixer/bookinfo) test. A simpler test lets us quickly smoke test basic features. This is additional to tests that exists in pilot (as this is about end2end with all the actual components in place, same code as we release) e2e is not exclusively "website tasks testing" and should have as many sane tests as we can have A separate effort - though this simpler test does help already - is to optimize the runtime and probably split test into "every PR" tests and "nightly"... etc... ```release-note New simpler e2e functional tests, including an auth test. ``` Former-commit-id: fad04b1
* Doc fixes. * Add high-level overview and diagrams for MCP (istio#805) * document MCP * add additional note on NACK behavior * add a note about ignoring stale nonces * Add envoy metrics service configuration to ProxyConfig (istio#803) * Add envoy metrics service configuration to ProxyConfig Similar to the statsd sink config, this change is in preparation for adding support for the envoy metrics service API. * Update proto.lock * Reorder metrics_service_address just after statsd_udp_address * Update comment in the authN API to match with 1.1 behavior (istio#808) * Rename metrics_service_address to clarify that it is for Envoy's API (istio#809) Since "metrics service" is so ambiguous, this change specifically denotes that the config is for Envoy's metrics service API. The comments also now link to detailed info about the metrics service API. * Generate separate HTML page per proto under networking (istio#811) * Generate separate pages for each networking proto Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tweaks Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Fix interdoc references * separate doc and go gen * change dash to underscore * fix * more fixes * makefile fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * remove bad target * Revert "change dash to underscore" This reverts commit 7fbced66f620fb60b0d5e18af916567e313a0109. * final update Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Revert "Generate separate HTML page per proto under networking (istio#811)" This reverts commit 5f14eadd since it breaks the ability to generate reference docs in istio.io * Update to latest tools. * Revert "Update to latest tools." This reverts commit 231fadc5 which I accidentally pushed to the wrong place. * fix mcp update error diagram (istio#810) * update istio/tools (istio#815) * Revert "Revert "Generate separate HTML page per proto under networking (istio#811)"" (istio#818) * Minor updates for building docker images. (istio#817) * Add spell checking for docs. (istio#819) * Add a bunch of words to the custom dictionary. * Document exportTo restrictions (istio#820) * Doc fixes. (istio#821) * Proxy config: Add tls_certs_to_watch field (istio#824) * Proxy config: Add tls_certs_to_watch field * Address PR comment * Revert "Proxy config: Add tls_certs_to_watch field (istio#824)" (istio#825) This reverts commit e613e358ae8d4f331dd48904b0a2b176e11bf7f5. * Update gateway and sidecar hosts doc (istio#826) * Update gateway and sidecar hosts doc * regen * review comments * Update API docs (service entry, gateway, sidecar) (istio#831) * Update sidecar and gateway docs Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * gen docs Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update service entry Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * updates Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * add configurable dns refresh rate to mesh for strict dns cluster, (istio#832) * add configurable dns refresh rate to mesh for strict dns cluster, issue istio#12181 * add lock file * Hosts are not ignored in ServiceEntry for HTTPs (istio#833) * Hosts are not ignored in ServiceEntry for HTTPs * Clarify * Reword * Generate protos * Address code review comments * Fix typo * generate * make mixer config marshal deterministic (istio#846) Signed-off-by: Kuat Yessenov <kuat@google.com> * Fix some doc errors. (istio#854) This started out to just fix a bad link to unblock work on istio.io, but I ended up fixing a bunch of typos/incorrect format throughout. * Fix two more broken links. (istio#856) * Fix CRD examples for release-1.1 (istio#859) * fix MeshNetworks demo (istio#841) * fix MeshNetworks demo * generate * update * last minute doc fixes (istio#865) Signed-off-by: Shriram Rajagopalan <rshriram@gmail.com> * Clarify comment for server_name field in Mixer oop auth config (istio#800) * add mixerclient config to istio.io reference docs (istio#827) * Envoyfilter docs fix (istio#867) * Tweaks to get the mixer client config docs to be published. (istio#868) * Change where the Mixer client docs are published.
…e"` for SIMPLE and MUTUAL TLS (istio#833) * Set alpnOverride depending on TLS Mode (istio#44918) * Set alpnOverride Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> * remove test logs Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> --------- Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> * pilot: set `istio.alpn_override: false` in subset clusters (istio#46496) (istio#46529) * Add tests for destination rules with port level settings * Add test cases for subsets * Refactor AddALPNOverrideToMetadata * Update comment for AddALPNOverrideToMetadata * Fix lint error * Add release note * Fix release note --------- Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> --------- Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> Co-authored-by: Kalya Subramanian <42158129+ksubrmnn@users.noreply.github.com>
This is for a couple things:
a) an e2e test (using the e2e framework) that has minimum dependencies and fast start which can be use as a starting point for new tests that do not rely on bookinfo
b) exercise fortio images, ingress rule svc2sc
c) detect whether auth is working or not
d) bug fix in fortio when server errors out
e) faster test start and end (and updated README with the faster instructions)
background/justification
We all spent a lot of time debugging complex end2end test over the last few weeks,
Also people have been complaining that writing new tests is hard (which is partially true as I learned through writing one), and we also don't have test verifying auth is really on
This PR makes progress toward solving all 3 problems, introducing a simpler (than mixer/bookinfo) test.
A simpler test lets us quickly smoke test basic features.
This is additional to tests that exists in pilot (as this is about end2end with all the actual components in place, same code as we release)
e2e is not exclusively "website tasks testing" and should have as many sane tests as we can have
A separate effort - though this simpler test does help already - is to optimize the runtime and probably split test into "every PR" tests and "nightly"... etc...