Skip to content

proxy: Identity integration tests don't exercise HTTP proxy #4947

New issue
New issue
Closed
Closed
proxy: Identity integration tests don't exercise HTTP proxy#4947
Assignees
hawkw
Labels
area/proxywontfix
@olix0r

Description

@olix0r
olix0r
opened on Sep 8, 2020

Tests like http[1|2]_outbound_tls_works_before_identity_is_certified don't actually exercise the http proxy. Instead, they incorrectly build their own TLS'd HTTP clients and servers, and then exercise the TCP proxy. In order to modify the TCP forwarding stack, these tests must be changed to exercise the actual proxy behavior.

https://github.com/linkerd/linkerd2-proxy/blob/23995e7fb6eae5ede81048bdf9e4f68f7e81c7a9/linkerd/app/integration/tests/identity.rs#L201-L217

If I understand correctly, all of the TLS-related infrastructure in the tests should be removed (client, server); and we should instead use normal plaintext clients and validate the states otherwise (headers? metrics?)

[     0.33353667s] TRACE ThreadId(03) proxy{test=http1_outbound_tls_works_before_identity_is_certified:proxy}:outbound:accept{peer.addr=127.0.0.1:35580}: linkerd2_proxy_http::version: Not HTTP bytes=[22, 3, 1, 1, 17, 1, 0, 1, 13, 3, 3, 97, 162, 23, 33, 20, 185, 45, 122, 141, 51, 68, 175, 140, 253, 33, 2, 250, 197, 145, 41, 187, 74, 166, 191, 9, 123, 240, 107, 196, 86, 231, 188, 32, 171, 60, 74, 193, 51, 5, 120, 167, 88, 184, 141, 80, 92, 244, 225, 38, 205, 45, 214, 74, 220, 76, 53, 191, 143, 143, 11, 12, 175, 216, 195, 11, 0, 20, 19, 3, 19, 2, 19, 1, 204, 169, 204, 168, 192, 44, 192, 43, 192, 48, 192, 47, 0, 255, 1, 0, 0, 176, 0, 43, 0, 5, 4, 3, 4, 3, 3, 0, 0, 0, 58, 0, 56, 0, 0, 53, 98, 97, 114, 46, 110, 115, 49, 46, 115, 101, 114, 118, 105, 99, 101, 97, 99, 99, 111, 117, 110, 116, 46, 105, 100, 101, 110, 116, 105, 116, 121, 46, 108, 105, 110, 107, 101, 114, 100, 46, 99, 108, 117, 115, 116, 101, 114, 46, 108, 111, 99, 97, 108, 0, 11, 0, 2, 1, 0, 0, 10, 0, 8, 0, 6, 0, 29, 0, 24, 0, 23, 0, 13, 0, 18, 0, 16, 5, 3, 4, 3, 8, 6, 8, 5, 8, 4, 6, 1, 5, 1, 4, 1, 0, 23, 0, 0, 0, 5, 0, 5, 1, 0, 0, 0, 0, 0, 51, 0, 38, 0, 36, 0, 29, 0, 32, 208, 251, 16, 139, 56, 124, 247, 205, 106, 121, 70, 247, 210, 125, 134, 126, 228, 142, 160, 169, 204, 187, 150, 58, 167, 7, 48, 62, 173, 232, 51, 86, 0, 45, 0, 2, 1, 1, 0, 35, 0, 0]
[     0.33470237s] TRACE ThreadId(03) proxy{test=http1_outbound_tls_works_before_identity_is_certified:proxy}:outbound:accept{peer.addr=127.0.0.1:35580}: linkerd2_proxy_http::version: h2.preface=[80, 82, 73, 32, 42, 32, 72, 84, 84, 80, 47, 50, 46, 48, 13, 10, 13, 10, 83, 77, 13, 10, 13, 10]
[     0.33524683s] TRACE ThreadId(03) proxy{test=http1_outbound_tls_works_before_identity_is_certified:proxy}:outbound:accept{peer.addr=127.0.0.1:35580}: linkerd2_proxy_http::detect: Forwarding TCP

Metadata

Metadata

Assignees

Labels

area/proxywontfix

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions