Add proxy protocol tests
This commit is contained in:
parent
d1d8b01dfb
commit
e8633d17e8
8 changed files with 177 additions and 23 deletions
3
Makefile
3
Makefile
|
@ -20,7 +20,7 @@ GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/nul
|
||||||
TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
|
TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
|
||||||
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
|
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
|
||||||
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
|
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
|
||||||
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -v "/var/run/docker.sock:/var/run/docker.sock")
|
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
|
||||||
TRAEFIK_DOC_IMAGE := traefik-docs
|
TRAEFIK_DOC_IMAGE := traefik-docs
|
||||||
|
|
||||||
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
|
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
|
||||||
|
@ -71,6 +71,7 @@ test-unit: build ## run the unit tests
|
||||||
|
|
||||||
test-integration: build ## run the integration tests
|
test-integration: build ## run the integration tests
|
||||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary test-integration
|
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary test-integration
|
||||||
|
TEST_HOST=1 ./script/make.sh test-integration
|
||||||
|
|
||||||
validate: build ## validate gofmt, golint and go vet
|
validate: build ## validate gofmt, golint and go vet
|
||||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-glide validate-gofmt validate-govet validate-golint validate-misspell validate-vendor
|
$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-glide validate-gofmt validate-govet validate-golint validate-misspell validate-vendor
|
||||||
|
|
24
integration/fixtures/proxy-protocol/with.toml
Normal file
24
integration/fixtures/proxy-protocol/with.toml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
logLevel = "DEBUG"
|
||||||
|
defaultEntryPoints = ["http"]
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":8000"
|
||||||
|
[entryPoints.http.proxyProtocol]
|
||||||
|
trustedIPs = ["{{.HaproxyIP}}"]
|
||||||
|
|
||||||
|
[web]
|
||||||
|
address = ":8080"
|
||||||
|
|
||||||
|
[file]
|
||||||
|
|
||||||
|
[backends]
|
||||||
|
[backends.backend1]
|
||||||
|
[backends.backend1.servers.server1]
|
||||||
|
url = "http://{{.WhoamiIP}}"
|
||||||
|
|
||||||
|
[frontends]
|
||||||
|
[frontends.frontend1]
|
||||||
|
backend = "backend1"
|
||||||
|
[frontends.frontend1.routes.test_1]
|
||||||
|
rule = "Path:/whoami"
|
24
integration/fixtures/proxy-protocol/without.toml
Normal file
24
integration/fixtures/proxy-protocol/without.toml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
logLevel = "DEBUG"
|
||||||
|
defaultEntryPoints = ["http"]
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":8000"
|
||||||
|
[entryPoints.http.proxyProtocol]
|
||||||
|
trustedIPs = ["1.2.3.4"]
|
||||||
|
|
||||||
|
[web]
|
||||||
|
address = ":8080"
|
||||||
|
|
||||||
|
[file]
|
||||||
|
|
||||||
|
[backends]
|
||||||
|
[backends.backend1]
|
||||||
|
[backends.backend1.servers.server1]
|
||||||
|
url = "http://{{.WhoamiIP}}"
|
||||||
|
|
||||||
|
[frontends]
|
||||||
|
[frontends.frontend1]
|
||||||
|
backend = "backend1"
|
||||||
|
[frontends.frontend1.routes.test_1]
|
||||||
|
rule = "Path:/whoami"
|
|
@ -20,6 +20,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var integration = flag.Bool("integration", false, "run integration tests")
|
var integration = flag.Bool("integration", false, "run integration tests")
|
||||||
|
var container = flag.Bool("container", false, "run container integration tests")
|
||||||
|
var host = flag.Bool("host", false, "run host integration tests")
|
||||||
|
|
||||||
func Test(t *testing.T) {
|
func Test(t *testing.T) {
|
||||||
check.TestingT(t)
|
check.TestingT(t)
|
||||||
|
@ -32,6 +34,8 @@ func init() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *container {
|
||||||
|
// tests launched from a container
|
||||||
check.Suite(&AccessLogSuite{})
|
check.Suite(&AccessLogSuite{})
|
||||||
check.Suite(&AcmeSuite{})
|
check.Suite(&AcmeSuite{})
|
||||||
check.Suite(&ConstraintSuite{})
|
check.Suite(&ConstraintSuite{})
|
||||||
|
@ -54,6 +58,11 @@ func init() {
|
||||||
check.Suite(&TimeoutSuite{})
|
check.Suite(&TimeoutSuite{})
|
||||||
check.Suite(&WebsocketSuite{})
|
check.Suite(&WebsocketSuite{})
|
||||||
}
|
}
|
||||||
|
if *host {
|
||||||
|
// tests launched from the host
|
||||||
|
check.Suite(&ProxyProtocolSuite{})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var traefikBinary = "../dist/traefik"
|
var traefikBinary = "../dist/traefik"
|
||||||
|
|
||||||
|
|
59
integration/proxy_protocol_test.go
Normal file
59
integration/proxy_protocol_test.go
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
package integration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/containous/traefik/integration/try"
|
||||||
|
"github.com/go-check/check"
|
||||||
|
checker "github.com/vdemeester/shakers"
|
||||||
|
)
|
||||||
|
|
||||||
|
type ProxyProtocolSuite struct{ BaseSuite }
|
||||||
|
|
||||||
|
func (s *ProxyProtocolSuite) SetUpSuite(c *check.C) {
|
||||||
|
s.createComposeProject(c, "proxy-protocol")
|
||||||
|
s.composeProject.Start(c)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ProxyProtocolSuite) TestProxyProtocolTrusted(c *check.C) {
|
||||||
|
gatewayIP := s.composeProject.Container(c, "haproxy").NetworkSettings.Gateway
|
||||||
|
haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
|
||||||
|
whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
|
||||||
|
file := s.adaptFile(c, "fixtures/proxy-protocol/with.toml", struct {
|
||||||
|
HaproxyIP string
|
||||||
|
WhoamiIP string
|
||||||
|
}{haproxyIP, whoamiIP})
|
||||||
|
defer os.Remove(file)
|
||||||
|
|
||||||
|
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||||
|
defer display(c)
|
||||||
|
err := cmd.Start()
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
defer cmd.Process.Kill()
|
||||||
|
|
||||||
|
err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+gatewayIP))
|
||||||
|
display(c)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ProxyProtocolSuite) TestProxyProtocolNotTrusted(c *check.C) {
|
||||||
|
haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
|
||||||
|
whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
|
||||||
|
file := s.adaptFile(c, "fixtures/proxy-protocol/without.toml", struct {
|
||||||
|
HaproxyIP string
|
||||||
|
WhoamiIP string
|
||||||
|
}{haproxyIP, whoamiIP})
|
||||||
|
defer os.Remove(file)
|
||||||
|
|
||||||
|
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||||
|
defer display(c)
|
||||||
|
err := cmd.Start()
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
defer cmd.Process.Kill()
|
||||||
|
|
||||||
|
err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+haproxyIP))
|
||||||
|
display(c)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
}
|
7
integration/resources/compose/proxy-protocol.yml
Normal file
7
integration/resources/compose/proxy-protocol.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
haproxy:
|
||||||
|
image: haproxy
|
||||||
|
volumes:
|
||||||
|
- ../haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
|
||||||
|
|
||||||
|
whoami:
|
||||||
|
image: emilevauge/whoami
|
21
integration/resources/haproxy/haproxy.cfg
Normal file
21
integration/resources/haproxy/haproxy.cfg
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
global
|
||||||
|
maxconn 4096
|
||||||
|
|
||||||
|
defaults
|
||||||
|
log global
|
||||||
|
mode http
|
||||||
|
retries 3
|
||||||
|
option redispatch
|
||||||
|
maxconn 2000
|
||||||
|
timeout connect 5000
|
||||||
|
timeout client 50000
|
||||||
|
timeout server 50000
|
||||||
|
|
||||||
|
frontend TestServerTest
|
||||||
|
bind 0.0.0.0:80
|
||||||
|
mode tcp
|
||||||
|
default_backend TestServerNodes
|
||||||
|
|
||||||
|
backend TestServerNodes
|
||||||
|
mode tcp
|
||||||
|
server TestServer01 172.17.0.1:8000 send-proxy
|
|
@ -13,4 +13,13 @@ fi
|
||||||
cd integration
|
cd integration
|
||||||
echo "Testing against…"
|
echo "Testing against…"
|
||||||
docker version
|
docker version
|
||||||
CGO_ENABLED=0 go test -integration $TESTFLAGS
|
|
||||||
|
if [ -n "$TEST_CONTAINER" ]; then
|
||||||
|
echo "Testing from container…"
|
||||||
|
CGO_ENABLED=0 go test -integration -container $TESTFLAGS
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$TEST_HOST" ]; then
|
||||||
|
echo "Testing from host…"
|
||||||
|
CGO_ENABLED=0 go test -integration -host $TESTFLAGS
|
||||||
|
fi
|
Loading…
Reference in a new issue