Add proxy protocol tests
This commit is contained in:
parent
d1d8b01dfb
commit
e8633d17e8
8 changed files with 177 additions and 23 deletions
3
Makefile
3
Makefile
|
@ -20,7 +20,7 @@ GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/nul
|
|||
TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
|
||||
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
|
||||
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
|
||||
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -v "/var/run/docker.sock:/var/run/docker.sock")
|
||||
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
|
||||
TRAEFIK_DOC_IMAGE := traefik-docs
|
||||
|
||||
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
|
||||
|
@ -71,6 +71,7 @@ test-unit: build ## run the unit tests
|
|||
|
||||
test-integration: build ## run the integration tests
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary test-integration
|
||||
TEST_HOST=1 ./script/make.sh test-integration
|
||||
|
||||
validate: build ## validate gofmt, golint and go vet
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-glide validate-gofmt validate-govet validate-golint validate-misspell validate-vendor
|
||||
|
|
24
integration/fixtures/proxy-protocol/with.toml
Normal file
24
integration/fixtures/proxy-protocol/with.toml
Normal file
|
@ -0,0 +1,24 @@
|
|||
logLevel = "DEBUG"
|
||||
defaultEntryPoints = ["http"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":8000"
|
||||
[entryPoints.http.proxyProtocol]
|
||||
trustedIPs = ["{{.HaproxyIP}}"]
|
||||
|
||||
[web]
|
||||
address = ":8080"
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend1]
|
||||
[backends.backend1.servers.server1]
|
||||
url = "http://{{.WhoamiIP}}"
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend1]
|
||||
backend = "backend1"
|
||||
[frontends.frontend1.routes.test_1]
|
||||
rule = "Path:/whoami"
|
24
integration/fixtures/proxy-protocol/without.toml
Normal file
24
integration/fixtures/proxy-protocol/without.toml
Normal file
|
@ -0,0 +1,24 @@
|
|||
logLevel = "DEBUG"
|
||||
defaultEntryPoints = ["http"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":8000"
|
||||
[entryPoints.http.proxyProtocol]
|
||||
trustedIPs = ["1.2.3.4"]
|
||||
|
||||
[web]
|
||||
address = ":8080"
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend1]
|
||||
[backends.backend1.servers.server1]
|
||||
url = "http://{{.WhoamiIP}}"
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend1]
|
||||
backend = "backend1"
|
||||
[frontends.frontend1.routes.test_1]
|
||||
rule = "Path:/whoami"
|
|
@ -20,6 +20,8 @@ import (
|
|||
)
|
||||
|
||||
var integration = flag.Bool("integration", false, "run integration tests")
|
||||
var container = flag.Bool("container", false, "run container integration tests")
|
||||
var host = flag.Bool("host", false, "run host integration tests")
|
||||
|
||||
func Test(t *testing.T) {
|
||||
check.TestingT(t)
|
||||
|
@ -32,6 +34,8 @@ func init() {
|
|||
return
|
||||
}
|
||||
|
||||
if *container {
|
||||
// tests launched from a container
|
||||
check.Suite(&AccessLogSuite{})
|
||||
check.Suite(&AcmeSuite{})
|
||||
check.Suite(&ConstraintSuite{})
|
||||
|
@ -54,6 +58,11 @@ func init() {
|
|||
check.Suite(&TimeoutSuite{})
|
||||
check.Suite(&WebsocketSuite{})
|
||||
}
|
||||
if *host {
|
||||
// tests launched from the host
|
||||
check.Suite(&ProxyProtocolSuite{})
|
||||
}
|
||||
}
|
||||
|
||||
var traefikBinary = "../dist/traefik"
|
||||
|
||||
|
|
59
integration/proxy_protocol_test.go
Normal file
59
integration/proxy_protocol_test.go
Normal file
|
@ -0,0 +1,59 @@
|
|||
package integration
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/containous/traefik/integration/try"
|
||||
"github.com/go-check/check"
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
type ProxyProtocolSuite struct{ BaseSuite }
|
||||
|
||||
func (s *ProxyProtocolSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "proxy-protocol")
|
||||
s.composeProject.Start(c)
|
||||
}
|
||||
|
||||
func (s *ProxyProtocolSuite) TestProxyProtocolTrusted(c *check.C) {
|
||||
gatewayIP := s.composeProject.Container(c, "haproxy").NetworkSettings.Gateway
|
||||
haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
|
||||
whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
|
||||
file := s.adaptFile(c, "fixtures/proxy-protocol/with.toml", struct {
|
||||
HaproxyIP string
|
||||
WhoamiIP string
|
||||
}{haproxyIP, whoamiIP})
|
||||
defer os.Remove(file)
|
||||
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer cmd.Process.Kill()
|
||||
|
||||
err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+gatewayIP))
|
||||
display(c)
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
func (s *ProxyProtocolSuite) TestProxyProtocolNotTrusted(c *check.C) {
|
||||
haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
|
||||
whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
|
||||
file := s.adaptFile(c, "fixtures/proxy-protocol/without.toml", struct {
|
||||
HaproxyIP string
|
||||
WhoamiIP string
|
||||
}{haproxyIP, whoamiIP})
|
||||
defer os.Remove(file)
|
||||
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer cmd.Process.Kill()
|
||||
|
||||
err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+haproxyIP))
|
||||
display(c)
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
7
integration/resources/compose/proxy-protocol.yml
Normal file
7
integration/resources/compose/proxy-protocol.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
haproxy:
|
||||
image: haproxy
|
||||
volumes:
|
||||
- ../haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
|
||||
|
||||
whoami:
|
||||
image: emilevauge/whoami
|
21
integration/resources/haproxy/haproxy.cfg
Normal file
21
integration/resources/haproxy/haproxy.cfg
Normal file
|
@ -0,0 +1,21 @@
|
|||
global
|
||||
maxconn 4096
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode http
|
||||
retries 3
|
||||
option redispatch
|
||||
maxconn 2000
|
||||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
|
||||
frontend TestServerTest
|
||||
bind 0.0.0.0:80
|
||||
mode tcp
|
||||
default_backend TestServerNodes
|
||||
|
||||
backend TestServerNodes
|
||||
mode tcp
|
||||
server TestServer01 172.17.0.1:8000 send-proxy
|
|
@ -13,4 +13,13 @@ fi
|
|||
cd integration
|
||||
echo "Testing against…"
|
||||
docker version
|
||||
CGO_ENABLED=0 go test -integration $TESTFLAGS
|
||||
|
||||
if [ -n "$TEST_CONTAINER" ]; then
|
||||
echo "Testing from container…"
|
||||
CGO_ENABLED=0 go test -integration -container $TESTFLAGS
|
||||
fi
|
||||
|
||||
if [ -n "$TEST_HOST" ]; then
|
||||
echo "Testing from host…"
|
||||
CGO_ENABLED=0 go test -integration -host $TESTFLAGS
|
||||
fi
|
Loading…
Reference in a new issue