Added test for HTTP tunneling (#10695)

Author: ryanrolds

changelog/v1.19.0-beta14/http-tunnel-tests.yaml

@@ -0,0 +1,4 @@
+changelog:
+- type: NON_USER_FACING
+  description: Add a test for HTTP tunneling.
+  

test/kubernetes/e2e/defaults/defaults.go

@@ -8,8 +8,25 @@ import (
 
 	"github.com/solo-io/gloo/pkg/utils/kubeutils/kubectl"
 	"github.com/solo-io/skv2/codegen/util"
+
+	_ "embed"
 )
 
+//go:embed testdata/curl_pod.yaml
+var CurlPodYaml []byte
+
+//go:embed testdata/http_echo.yaml
+var HttpEchoPodYaml []byte
+
+//go:embed testdata/tcp_echo.yaml
+var TcpEchoPodYaml []byte
+
+//go:embed testdata/nginx_pod.yaml
+var NginxPodYaml []byte
+
+//go:embed testdata/httpbin.yaml
+var HttpbinYaml []byte
+
 var (
 	CurlPodExecOpt = kubectl.PodExecOptions{
 		Name:      "curl",

test/kubernetes/e2e/defaults/testdata/httpbin.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: httpbin
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: httpbin
+  namespace: httpbin
+  labels:
+    app: httpbin
+spec:
+  containers:
+  - name: httpbin
+    image: mccutchen/go-httpbin:v2.14.0
+    ports:
+    - containerPort: 8080
+      name: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: httpbin
+  namespace: httpbin
+spec:
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http
+  selector:
+    app: httpbin

test/kubernetes/e2e/features/http_tunnel/suite.go

@@ -0,0 +1,160 @@
+package http_tunnel
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"regexp"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/solo-io/gloo/pkg/utils/kubeutils"
+	"github.com/solo-io/gloo/pkg/utils/requestutils/curl"
+	"github.com/solo-io/gloo/projects/gateway/pkg/defaults"
+	"github.com/solo-io/gloo/test/gomega/matchers"
+	"github.com/solo-io/gloo/test/kubernetes/e2e"
+	testDefaults "github.com/solo-io/gloo/test/kubernetes/e2e/defaults"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	_ "embed"
+)
+
+const (
+	httpbinExampleCom = "httpbin.example.com"
+)
+
+var _ e2e.NewSuiteFunc = NewTestingSuite
+
+//go:embed testdata/squid.yaml
+var squidYaml []byte
+
+//go:embed testdata/proxy.yaml
+var proxyYaml []byte
+
+//go:embed testdata/edge.yaml
+var edgeYaml []byte
+
+//go:embed testdata/gateway.yaml
+var gatewayYaml []byte
+
+// testingSuite is the entire Suite of tests for the HTTP Tunnel feature
+type testingSuite struct {
+	suite.Suite
+	ctx              context.Context
+	testInstallation *e2e.TestInstallation
+}
+
+func NewTestingSuite(
+	ctx context.Context,
+	testInst *e2e.TestInstallation,
+) suite.TestingSuite {
+	return &testingSuite{
+		ctx:              ctx,
+		testInstallation: testInst,
+	}
+}
+
+func (s *testingSuite) SetupSuite() {
+	err := s.testInstallation.Actions.Kubectl().Apply(s.ctx, squidYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Apply(s.ctx, testDefaults.HttpbinYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Apply(s.ctx, testDefaults.CurlPodYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Apply(s.ctx, proxyYaml)
+	s.Require().NoError(err)
+
+	if s.testInstallation.Metadata.K8sGatewayEnabled {
+		err = s.testInstallation.Actions.Kubectl().Apply(s.ctx, gatewayYaml)
+		s.Require().NoError(err)
+	} else {
+		err = s.testInstallation.Actions.Kubectl().Apply(s.ctx, edgeYaml)
+		s.Require().NoError(err)
+	}
+}
+
+func (s *testingSuite) TearDownSuite() {
+	if s.testInstallation.Metadata.K8sGatewayEnabled {
+		err := s.testInstallation.Actions.Kubectl().Delete(s.ctx, gatewayYaml)
+		s.Require().NoError(err)
+	} else {
+		err := s.testInstallation.Actions.Kubectl().Delete(s.ctx, edgeYaml)
+		s.Require().NoError(err)
+	}
+
+	err := s.testInstallation.Actions.Kubectl().Delete(s.ctx, proxyYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Delete(s.ctx, testDefaults.CurlPodYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Delete(s.ctx, testDefaults.HttpbinYaml)
+	s.Require().NoError(err)
+
+	err = s.testInstallation.Actions.Kubectl().Delete(s.ctx, squidYaml)
+	s.Require().NoError(err)
+}
+
+func (s *testingSuite) AfterTest(suiteName, testName string) {
+	if s.T().Failed() {
+		s.testInstallation.PreFailHandler(s.ctx, e2e.PreFailHandlerOption{
+			TestName: testName,
+		})
+	}
+}
+
+func (s *testingSuite) TestHttpTunnel() {
+	opts := []curl.Option{
+		curl.WithHostHeader(httpbinExampleCom),
+		curl.WithPath("/headers"),
+	}
+	if s.testInstallation.Metadata.K8sGatewayEnabled {
+		opts = append(opts,
+			curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{
+				Name:      "gloo-proxy-gw",
+				Namespace: "default",
+			})),
+		)
+	} else {
+		opts = append(opts,
+			curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{
+				Name:      defaults.GatewayProxyName,
+				Namespace: s.testInstallation.Metadata.InstallNamespace,
+			})),
+			curl.WithPort(80),
+		)
+	}
+
+	// confirm that the httpbin service is reachable
+	s.testInstallation.AssertionsT(s.T()).AssertEventualCurlResponse(
+		s.ctx,
+		testDefaults.CurlPodExecOpt,
+		opts,
+		&matchers.HttpResponse{
+			StatusCode: http.StatusOK,
+			Body:       matchers.JSONContains([]byte(`{"headers":{"Host":["httpbin.example.com"]}}`)),
+		},
+	)
+
+	// confirm that the squid proxy connected to the httpbin service
+	s.testInstallation.AssertionsT(s.T()).Assert.Eventually(func() bool {
+		logs, err := s.testInstallation.Actions.Kubectl().GetContainerLogs(s.ctx, "default", "squid")
+		if err != nil {
+			fmt.Printf("Error getting squid logs: %v\n", err)
+			return false
+		}
+
+		pattern := "TCP_TUNNEL/200 [0-9]+ CONNECT httpbin.httpbin.svc.cluster.local:8080"
+		match, err := regexp.Match(pattern, []byte(logs))
+		if err != nil {
+			fmt.Printf("Error matching squid logs: %v\n", err)
+			return false
+		}
+
+		return match
+	}, time.Second*30, time.Second*3, "squid logs should indicate a connection to the httpbin service")
+}

test/kubernetes/e2e/features/http_tunnel/testdata/edge.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: gateway.solo.io/v1
+kind: VirtualService
+metadata:
+  name: squid-proxy
+  namespace: default
+spec:
+  virtualHost:
+    domains:
+      - 'httpbin.example.com'
+    routes:
+      - matchers:
+         - prefix: /
+        routeAction:
+          single:
+            upstream:
+              name: squid-proxy
+              namespace: default
+        options:
+          autoHostRewrite: true

test/kubernetes/e2e/features/http_tunnel/testdata/gateway.yaml

@@ -0,0 +1,43 @@
+---
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: gw
+spec:
+  gatewayClassName: gloo-gateway
+  listeners:
+    - protocol: HTTP
+      port: 8080
+      name: http
+      allowedRoutes:
+        namespaces:
+          from: Same
+---
+apiVersion: gateway.solo.io/v1
+kind: RouteOption
+metadata:
+  name: rewrite
+spec:
+  options:
+    hostRewrite: httpbin.example.com
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: static-upstream
+spec:
+  parentRefs:
+    - name: gw
+  hostnames:
+    - httpbin.example.com
+  rules:
+    - backendRefs:
+      - name: squid-proxy
+        kind: Upstream
+        group: gloo.solo.io
+      filters:
+      - type: ExtensionRef
+        extensionRef:
+          group: gateway.solo.io
+          kind: RouteOption
+          name: rewrite

test/kubernetes/e2e/features/http_tunnel/testdata/proxy.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: gloo.solo.io/v1
+kind: Upstream
+metadata:
+  name: squid-proxy
+  namespace: default
+spec:
+  static:
+    hosts:
+    - addr: squid.default.svc.cluster.local
+      port: 3128
+  httpProxyHostname: "httpbin.httpbin.svc.cluster.local:8080"

test/kubernetes/e2e/features/http_tunnel/testdata/squid.yaml

@@ -0,0 +1,82 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: squid
+  labels:
+    app: squid
+spec:
+  volumes:
+  - name: squid-config
+    configMap:
+      name: squid-config
+  containers:
+  - name: squid-container
+    image: ubuntu/squid:5.2-22.04_beta
+    env:
+    - name: TZ
+      value: "UTC"
+    ports:
+    - containerPort: 3128
+    volumeMounts:
+    - name: squid-config
+      mountPath: /etc/squid/squid.conf
+      subPath: squid.conf
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: squid
+spec:
+  selector:
+    app: squid
+  ports:
+  - protocol: TCP
+    port: 3128
+    targetPort: 3128
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: squid-config
+data:
+  squid.conf: |
+    acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+    acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+    acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+    acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+    acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+    acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+    acl localnet src fc00::/7       	# RFC 4193 local private network range
+    acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+    acl SSL_ports port 443
+    acl Safe_ports port 80		# http
+    acl Safe_ports port 21		# ftp
+    acl Safe_ports port 443		# https
+    acl Safe_ports port 70		# gopher
+    acl Safe_ports port 210		# wais
+    acl Safe_ports port 1025-65535	# unregistered ports
+    acl Safe_ports port 280		# http-mgmt
+    acl Safe_ports port 488		# gss-http
+    acl Safe_ports port 591		# filemaker
+    acl Safe_ports port 777		# multiling http
+    acl CONNECT method CONNECT
+    http_access deny !Safe_ports
+    #commented out to allow non-TSL connections
+    #http_access deny CONNECT !SSL_ports
+    http_access allow localhost manager
+    http_access deny manager
+    http_access allow localhost
+    http_access allow localnet
+    http_access deny all
+    http_port 3128
+    coredump_dir /var/spool/squid
+    refresh_pattern ^ftp:		1440	20%	10080
+    refresh_pattern ^gopher:	1440	0%	1440
+    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+    refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+    refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
+    refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
+    refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+    refresh_pattern .		0	20%	4320
+    logfile_rotate 0