diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 53f4328b..9e4936c0 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -28,3 +28,5 @@ jobs: run: go test -vet=off -count=1 ./... - name: Test with -race run: go test -vet=off -race -count=1 ./... + - name: Run + run: make run diff --git a/Makefile b/Makefile index aed2652a..68ae46dd 100644 --- a/Makefile +++ b/Makefile @@ -3,11 +3,7 @@ WORKDIR = /src/github.com/getyourguide.com/istio-config-validator run: - docker run -it --rm --name istio_config_validator \ - -v ${CURRENTPATH}:${WORKDIR} \ - -w ${WORKDIR} \ - golang:1.22 \ - go run cmd/istio-config-validator/main.go -t examples/ examples/ + go run cmd/istio-config-validator/main.go -t examples/ examples/ build: go build -o istio-config-validator cmd/istio-config-validator/main.go diff --git a/README.md b/README.md index b0508f85..96052c8d 100644 --- a/README.md +++ b/README.md @@ -66,11 +66,15 @@ testCases: Have a look in the [TestCase Reference](docs/test-cases.md) to learn more how to define the tests. ## Installation + Either install the go package + ``` # go install github.com/getyourguide/istio-config-validator/cmd/istio-config-validator@latest ``` + Or alternatively install the docker image + ``` # docker pull getyourguide/istio-config-validator:latest ``` @@ -115,17 +119,15 @@ If you're interested in contributing to this project or running a dev version, h The API for test cases does not cover all aspects of VirtualServices. -- Supported [HTTPMatchRequests](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPMatchRequest) fields to match requests against are: `authority`, `method`, `headers` and `uri`. - - Not supported ones: `scheme`, `port`, `queryParams`, etc. +- Supported [HTTPMatchRequests](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPMatchRequest) fields to match requests against are: `authority`, `method`, `headers` and `uri`. + - Not supported ones: `scheme`, `port`, `queryParams`, etc. -- Supported assert against [HTTPRouteDestination](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRouteDestination) and [HTTPRewrite](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRewrite) - - Not supported ones: [HTTPRedirect](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRedirect), etc. +- Supported assert against [HTTPRouteDestination](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRouteDestination), [HTTPRewrite](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRewrite), [HTTPFaultInjection](https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPFaultInjection), [Headers](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Headers), [Delegate](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate) and [HTTPRedirect](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRedirect). ## Security For sensitive security matters please contact [security@getyourguide.com](mailto:security@getyourguide.com). - ## Legal Copyright 2020 GetYourGuide GmbH. diff --git a/examples/multidocument_virtualservice.yml b/examples/multidocument_virtualservice.yml index 8173f041..239ba685 100644 --- a/examples/multidocument_virtualservice.yml +++ b/examples/multidocument_virtualservice.yml @@ -1,14 +1,14 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: example - namespace: example + name: example-2 + namespace: example-2 spec: gateways: - mesh hosts: - - www.example.com - - example.com + - www.example2.com + - example2.com http: - match: - uri: @@ -26,14 +26,14 @@ spec: apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: - name: example - namespace: example + name: example-3 + namespace: example-3 spec: gateways: - mesh hosts: - - www.example.com - - example.com + - www.example3.com + - example3.com http: - match: - uri: diff --git a/examples/virtualservice.yml b/examples/virtualservice.yml index 2061d596..0a939aae 100644 --- a/examples/virtualservice.yml +++ b/examples/virtualservice.yml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1alpha3 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: example @@ -10,6 +10,12 @@ spec: - www.example.com - example.com http: + - match: + - uri: + prefix: /home + redirect: + uri: / + authority: www.example.com - match: - uri: regex: /users(/.*)? diff --git a/examples/virtualservice_test.yml b/examples/virtualservice_test.yml index 5348239a..a2a791cf 100644 --- a/examples/virtualservice_test.yml +++ b/examples/virtualservice_test.yml @@ -28,6 +28,15 @@ testCases: --- # Multidoc test testCases: + - description: Redirect /home to / + wantMatch: true + request: + authority: ["www.example.com"] + method: ["GET"] + uri: ["/home"] + redirect: + uri: "/" + authority: "www.example.com" - description: Reseller is rewritten as partner wantMatch: true request: diff --git a/internal/pkg/istio-router-check/cmd/root.go b/internal/pkg/istio-router-check/cmd/root.go index 6b732f01..59a079ef 100644 --- a/internal/pkg/istio-router-check/cmd/root.go +++ b/internal/pkg/istio-router-check/cmd/root.go @@ -191,6 +191,10 @@ func (c *RootCommand) prepareTests(ctx context.Context) error { log.V(LevelDebug).Info("skipping rewrite test", "test", tc.Description, "reason", "format assertion is different in envoy tests") continue } + if tc.Redirect != nil { + log.V(LevelDebug).Info("skipping redirect test", "test", tc.Description, "reason", "format assertion is different in envoy tests") + continue + } for _, req := range inputs { var reqHeaders []envoy.Header for key, value := range req.Headers { @@ -243,10 +247,5 @@ func convertValidate(input envoy.Input, tc *parser.TestCase) (envoy.Validate, er route.GetDestination().GetHost(), ) } - if tc.Redirect != nil { - authority := cmp.Or(tc.Redirect.GetAuthority(), input.Authority) - scheme := cmp.Or(tc.Redirect.GetScheme(), "https") - output.PathRedirect = fmt.Sprintf("%s://%s%s", scheme, authority, tc.Redirect.GetUri()) - } return output, nil } diff --git a/internal/pkg/parser/virtualservice_test.go b/internal/pkg/parser/virtualservice_test.go index 70425047..ede2d0d1 100644 --- a/internal/pkg/parser/virtualservice_test.go +++ b/internal/pkg/parser/virtualservice_test.go @@ -26,9 +26,7 @@ func TestParseVirtualServices(t *testing.T) { } func TestParseMultipleVirtualServices(t *testing.T) { - expectedTestCases := []*v1alpha3.VirtualService{{Spec: networkingv1alpha3.VirtualService{ - Hosts: []string{"www.example.com", "example.com"}, - }}} + wantHosts := []string{"www.example2.com", "example2.com", "www.example3.com", "example3.com"} configfiles := []string{"../../../examples/multidocument_virtualservice.yml"} virtualServices, err := ParseVirtualServices(configfiles) @@ -36,11 +34,11 @@ func TestParseMultipleVirtualServices(t *testing.T) { require.NotEmpty(t, virtualServices) require.GreaterOrEqual(t, len(virtualServices), 2) - for _, expected := range expectedTestCases { - for _, out := range virtualServices { - assert.ElementsMatch(t, expected.Spec.Hosts, out.Spec.Hosts) - } + var gotHosts []string + for _, vs := range virtualServices { + gotHosts = append(gotHosts, vs.Spec.Hosts...) } + require.ElementsMatch(t, wantHosts, gotHosts) } func TestVirtualServiceUnknownFields(t *testing.T) { diff --git a/internal/pkg/unit/unit.go b/internal/pkg/unit/unit.go index 4e5fff2b..dde4fffe 100644 --- a/internal/pkg/unit/unit.go +++ b/internal/pkg/unit/unit.go @@ -87,7 +87,12 @@ func Run(testfiles, configfiles []string, strict bool) ([]string, []string, erro return summary, details, fmt.Errorf("headers missmatch=%v, want %v, rule matched: %v", route.Headers, testCase.Headers, route.Match) } } - + if testCase.Redirect != nil { + if reflect.DeepEqual(route.Redirect, testCase.Redirect) != testCase.WantMatch { + details = append(details, fmt.Sprintf("FAIL input:[%v]", input)) + return summary, details, fmt.Errorf("redirect missmatch=%v, want %v, rule matched: %v", route.Redirect, testCase.Redirect, route.Match) + } + } details = append(details, fmt.Sprintf("PASS input:[%v]", input)) } inputCount += len(inputs)