fuzz

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2019 License: Apache-2.0 Imports: 30 Imported by: 6

README

Fuzz

Validator TODO

  • Specific SSL certificate presented is correct.
    • For every SSL certificate, check one domain and make sure we get the cert assigned to the given domain.
  • Service specific contents (Add IngressModel interface)
    • annotations will decorate the request, response
    • validators transform the response
    • ModelResponder creates the responses that
    • Responder() takes HTTP request and writes the response back.
  • Snapshots of GCP state for whitebox testing.
    • Take a snapshot of the load balancer tree starting from the ForwardingRule.

Documentation

Index

Constants

View Source
const (
	NegResourceType = "networkEndpointGroup"
)

Variables

This section is empty.

Functions

func BackendConfigForPath

func BackendConfigForPath(host, path string, ing *v1beta1.Ingress, env ValidatorEnv) (*backendconfig.BackendConfig, error)

BackendConfigForPath returns the BackendConfig associated with the given path. Note: This function returns an empty object (not nil pointer) if a BackendConfig did not exist in the given environment.

func NewService

func NewService(name, ns string, port int) *v1.Service

NewService is a helper function for creating a simple Service spec.

func ServiceForPath added in v1.6.0

func ServiceForPath(host, path string, ing *v1beta1.Ingress, env ValidatorEnv) (*v1.Service, *v1.ServicePort, error)

ServiceForPath returns the Service and ServicePort associated with the given path.

Types

type BackendConfigBuilder

type BackendConfigBuilder struct {
	// contains filtered or unexported fields
}

BackendConfigBuilder is syntactic sugar for creating BackendConfig specs for testing purposes.

backendConfig := NewBackendConfigBuilder("ns1", "name1").Build()

func NewBackendConfigBuilder

func NewBackendConfigBuilder(ns, name string) *BackendConfigBuilder

NewBackendConfigBuilder instantiates a new BackendConfig.

func NewBackendConfigBuilderFromExisting

func NewBackendConfigBuilderFromExisting(b *backendconfig.BackendConfig) *BackendConfigBuilder

NewBackendConfigBuilderFromExisting creates a BackendConfigBuilder from an existing BackendConfig object. The BackendConfigBuilder object will be copied.

func (*BackendConfigBuilder) Build

Build returns a constructed BackendConfig. The BackendConfig is a copy, so the Builder can be reused to construct multiple BackendConfig definitions.

func (*BackendConfigBuilder) EnableCDN

func (b *BackendConfigBuilder) EnableCDN(enabled bool) *BackendConfigBuilder

EnableCDN enables or disables CDN on the BackendConfig.

func (*BackendConfigBuilder) SetAffinityCookieTtlSec added in v1.5.0

func (b *BackendConfigBuilder) SetAffinityCookieTtlSec(ttl int64) *BackendConfigBuilder

SetAffinityCookieTtlSec specifies the session affinity cookie TTL on the BackendConfig.

func (*BackendConfigBuilder) SetCachePolicy

func (b *BackendConfigBuilder) SetCachePolicy(cachePolicy *backendconfig.CacheKeyPolicy) *BackendConfigBuilder

SetCachePolicy specifies the cache policy on the BackendConfig.

func (*BackendConfigBuilder) SetConnectionDrainingTimeout added in v1.5.0

func (b *BackendConfigBuilder) SetConnectionDrainingTimeout(timeout int64) *BackendConfigBuilder

SetConnectionDrainingTimeout defines the BackendConfig's draining timeout

func (*BackendConfigBuilder) SetIAPConfig

func (b *BackendConfigBuilder) SetIAPConfig(enabled bool, secret string) *BackendConfigBuilder

SetIAPConfig enables or disables IAP on the BackendConfig and also sets the secret which contains the OAuth credentials.

func (*BackendConfigBuilder) SetSecurityPolicy

func (b *BackendConfigBuilder) SetSecurityPolicy(securityPolicy string) *BackendConfigBuilder

SetSecurityPolicy sets security policy on the BackendConfig.

func (*BackendConfigBuilder) SetSessionAffinity added in v1.5.0

func (b *BackendConfigBuilder) SetSessionAffinity(affinity string) *BackendConfigBuilder

SetSessionAffinity specifies the session affinity on the BackendConfig.

func (*BackendConfigBuilder) SetTimeout added in v1.5.0

func (b *BackendConfigBuilder) SetTimeout(timeout int64) *BackendConfigBuilder

SetTimeout defines the BackendConfig's connection timeout

type BackendService

type BackendService struct {
	GA    *compute.BackendService
	Alpha *computealpha.BackendService
	Beta  *computebeta.BackendService
}

BackendService is a union of the API version types.

type CheckResponseAction

type CheckResponseAction int

CheckResponseAction is the action to be taken when evaluating the CheckResponse.

const (
	// CheckResponseContinue continues with the standard response checking.
	CheckResponseContinue CheckResponseAction = iota
	// CheckResponseSkip skips the standard response checking.
	CheckResponseSkip CheckResponseAction = iota
)

type DefaultValidatorEnv

type DefaultValidatorEnv struct {
	// contains filtered or unexported fields
}

DefaultValidatorEnv is a ValidatorEnv that gets data from the Kubernetes clientset.

func (*DefaultValidatorEnv) BackendConfigs

func (e *DefaultValidatorEnv) BackendConfigs() (map[string]*backendconfig.BackendConfig, error)

BackendConfigs implements ValidatorEnv.

func (*DefaultValidatorEnv) Cloud

func (e *DefaultValidatorEnv) Cloud() cloud.Cloud

DefaultValidatorEnv implements ValidatorEnv.

func (*DefaultValidatorEnv) Namer added in v1.6.0

func (e *DefaultValidatorEnv) Namer() *utils.Namer

DefaultValidatorEnv implements ValidatorEnv.

func (*DefaultValidatorEnv) Services

func (e *DefaultValidatorEnv) Services() (map[string]*v1.Service, error)

Services implements ValidatorEnv.

type Feature

type Feature interface {
	// Name of the feature.
	Name() string
	// NewValidator returns a new validator instance.
	NewValidator() FeatureValidator
}

Feature represents an extension to the "vanilla" behavior of Ingress.

type FeatureValidator

type FeatureValidator interface {
	// Name of the feature.
	Name() string
	// ConfigureAttributes of the validation for given the environment and
	// the Ingress object.
	ConfigureAttributes(env ValidatorEnv, ing *v1beta1.Ingress, a *IngressValidatorAttributes) error
	// ModifyRequest adds the appropriate headers for testing the feature, if
	// necessary.
	ModifyRequest(host, path string, req *http.Request)
	// CheckResponse checks the HTTP response from the validation for
	// correctness. Return (CheckResponseContinue, nil) if you wish to continue
	// with the standard Response validation. Return (CheckResponseSkip, nil)
	// if you wish to skip the standard Response validation for the current
	// request. If (_, err) is returned, then the response is considered to be
	// an error.
	CheckResponse(host, path string, resp *http.Response, body []byte) (CheckResponseAction, error)

	HasAlphaResource(resourceType string) bool
	HasBetaResource(resourceType string) bool
}

FeatureValidator is a validator for the Feature. It has various hooks to the standard validation routine.

func FeatureValidators

func FeatureValidators(fs []Feature) []FeatureValidator

FeatureValidators returns a list of validators.

type ForwardingRule

type ForwardingRule struct {
	GA    *compute.ForwardingRule
	Alpha *computealpha.ForwardingRule
	Beta  *computebeta.ForwardingRule
}

ForwardingRule is a union of the API version types.

type GCLB

type GCLB struct {
	VIP string

	ForwardingRule       map[meta.Key]*ForwardingRule
	TargetHTTPProxy      map[meta.Key]*TargetHTTPProxy
	TargetHTTPSProxy     map[meta.Key]*TargetHTTPSProxy
	URLMap               map[meta.Key]*URLMap
	BackendService       map[meta.Key]*BackendService
	NetworkEndpointGroup map[meta.Key]*NetworkEndpointGroup
}

GCLB contains the resources for a load balancer.

func GCLBForVIP

func GCLBForVIP(ctx context.Context, c cloud.Cloud, vip string, validators []FeatureValidator) (*GCLB, error)

GCLBForVIP retrieves all of the resources associated with the GCLB for a given VIP.

func NewGCLB

func NewGCLB(vip string) *GCLB

NewGCLB returns an empty GCLB.

func (*GCLB) CheckNEGDeletion added in v1.6.0

func (g *GCLB) CheckNEGDeletion(ctx context.Context, c cloud.Cloud, options *GCLBDeleteOptions) error

Check that all NEGs associated with the GCLB have been deleted

func (*GCLB) CheckResourceDeletion

func (g *GCLB) CheckResourceDeletion(ctx context.Context, c cloud.Cloud, options *GCLBDeleteOptions) error

CheckResourceDeletion checks the existence of the resources. Returns nil if all of the associated resources no longer exist.

type GCLBDeleteOptions

type GCLBDeleteOptions struct {
	// SkipDefaultBackend indicates whether to skip checking for the
	// system default backend.
	SkipDefaultBackend bool
}

GCLBDeleteOptions may be provided when cleaning up GCLB resource.

type HostPath

type HostPath struct {
	Host string
	Path string
}

HostPath maps an entry in Ingress to a specific service. Host == "" and Path == "" denotes the default backend.

type IngressBuilder

type IngressBuilder struct {
	// contains filtered or unexported fields
}

IngressBuilder is syntactic sugar for creating Ingress specs for testing purposes.

ing := NewIngressBuilder("ns1", "name1", "127.0.0.1").Build()

func NewIngressBuilder

func NewIngressBuilder(ns, name, vip string) *IngressBuilder

NewIngressBuilder instantiates a new IngressBuilder.

func NewIngressBuilderFromExisting

func NewIngressBuilderFromExisting(i *v1beta1.Ingress) *IngressBuilder

NewIngressBuilderFromExisting creates a IngressBuilder from an existing Ingress object. The Ingress object will be copied.

func (*IngressBuilder) AddHost

func (i *IngressBuilder) AddHost(host string) *IngressBuilder

AddHost adds a rule for a host entry if it did not yet exist.

func (*IngressBuilder) AddPath

func (i *IngressBuilder) AddPath(host, path, service string, port intstr.IntOrString) *IngressBuilder

AddPath a new path for the given host if it did not already exist.

func (*IngressBuilder) AddPresharedCerts added in v1.6.0

func (i *IngressBuilder) AddPresharedCerts(names []string) *IngressBuilder

AddPresharedCerts adds preshared certs via the annotation. Note that a value added in a previous call to this function will be overwritten.

func (*IngressBuilder) AddStaticIP added in v1.6.0

func (i *IngressBuilder) AddStaticIP(name string) *IngressBuilder

AddStaticIP adds the name of an address that exists in GCP via the annotation. Note that a value added in a previous call to this function will be overwritten.

func (*IngressBuilder) AddTLS

func (i *IngressBuilder) AddTLS(hosts []string, secretName string) *IngressBuilder

AddTLS adds a TLS secret reference.

func (*IngressBuilder) Build

func (i *IngressBuilder) Build() *v1beta1.Ingress

Build returns a constructed Ingress. The Ingress is a copy, so the Builder can be reused to construct multiple Ingress definitions.

func (*IngressBuilder) DefaultBackend

func (i *IngressBuilder) DefaultBackend(service string, port intstr.IntOrString) *IngressBuilder

DefaultBackend sets the default backend.

func (*IngressBuilder) Host

func (i *IngressBuilder) Host(host string) *v1beta1.IngressRule

Host returns the rule for a host and creates it if it did not exist.

func (*IngressBuilder) Path

func (i *IngressBuilder) Path(host, path, service string, port intstr.IntOrString) *v1beta1.HTTPIngressPath

Path returns the Path matching the (host, path), appending the entry if it does not already exist.

type IngressResult

type IngressResult struct {
	Err   error
	Paths []*PathResult
}

IngressResult is the result of an Ingress validation.

type IngressValidator

type IngressValidator struct {
	// contains filtered or unexported fields
}

IngressValidator encapsulates the logic required to validate a given configuration is behaving correctly.

func NewIngressValidator

func NewIngressValidator(env ValidatorEnv, ing *v1beta1.Ingress, features []Feature, attribs *IngressValidatorAttributes) (*IngressValidator, error)

NewIngressValidator returns a new validator for checking the correctness of an Ingress spec against the behavior of the instantiated load balancer. If attribs is nil, then the default set of attributes will be used.

func (*IngressValidator) Check

Check runs all of the checks against the instantiated load balancer.

func (*IngressValidator) CheckPaths

func (v *IngressValidator) CheckPaths(ctx context.Context, vr *IngressResult) error

CheckPaths checks the host, paths that have been configured. Checks are run in parallel.

type IngressValidatorAttributes

type IngressValidatorAttributes struct {
	CheckHTTP           bool
	CheckHTTPS          bool
	RejectInsecureCerts bool
	RequestTimeout      time.Duration
	// HTTPPort and HTTPSPort are used only for unit testing.
	HTTPPort  int
	HTTPSPort int
}

IngressValidatorAttributes are derived attributes governing how the Ingress is validated. Features will use this structure to express changes to the standard checks by modifying this struct.

type MockValidatorEnv

type MockValidatorEnv struct {
	BackendConfigsMap map[string]*backendconfig.BackendConfig
	ServicesMap       map[string]*v1.Service
	MockCloud         *cloud.MockGCE
	IngressNamer      *utils.Namer
}

MockValidatorEnv is an environment that is used for mock testing.

func (*MockValidatorEnv) BackendConfigs

func (e *MockValidatorEnv) BackendConfigs() (map[string]*backendconfig.BackendConfig, error)

BackendConfigs implements ValidatorEnv.

func (*MockValidatorEnv) Cloud

func (e *MockValidatorEnv) Cloud() cloud.Cloud

Cloud implements ValidatorEnv.

func (*MockValidatorEnv) Namer added in v1.6.0

func (e *MockValidatorEnv) Namer() *utils.Namer

Cloud implements ValidatorEnv.

func (*MockValidatorEnv) Services

func (e *MockValidatorEnv) Services() (map[string]*v1.Service, error)

Services implements ValidatorEnv.

type NetworkEndpointGroup added in v1.6.0

type NetworkEndpointGroup struct {
	Alpha *computealpha.NetworkEndpointGroup
	Beta  *computebeta.NetworkEndpointGroup
}

NetworkEndpointGroup is a union of the API version types.

type NullValidator

type NullValidator struct {
}

NullValidator is a feature that does nothing. Embed this object to reduce the amount of boilerplate required to implement a feature that doesn't require all of the hooks.

func (*NullValidator) CheckResponse

CheckResponse implements Feature.

func (*NullValidator) ConfigureAttributes

func (*NullValidator) ConfigureAttributes(env ValidatorEnv, ing *v1beta1.Ingress, a *IngressValidatorAttributes) error

ConfigureAttributes implements Feature.

func (*NullValidator) HasAlphaResource

func (*NullValidator) HasAlphaResource(resourceType string) bool

HasAlphaResource implements Feature.

func (*NullValidator) HasBetaResource

func (*NullValidator) HasBetaResource(resourceType string) bool

HasBetaResource implements Feature.

func (*NullValidator) ModifyRequest

func (*NullValidator) ModifyRequest(string, string, *http.Request)

ModifyRequest implements Feature.

type PathResult

type PathResult struct {
	Scheme string
	Host   string
	Path   string
	Err    error
}

PathResult is the result of validating a path.

type ServiceMap

type ServiceMap map[HostPath]*v1beta1.IngressBackend

ServiceMap is a map of (host, path) to the appropriate backend.

func ServiceMapFromIngress

func ServiceMapFromIngress(ing *v1beta1.Ingress) ServiceMap

ServiceMapFromIngress creates a service map from the Ingress object. Note: duplicate entries (e.g. invalid configurations) will result in the first entry to be chosen.

type TargetHTTPProxy

type TargetHTTPProxy struct {
	GA    *compute.TargetHttpProxy
	Alpha *computealpha.TargetHttpProxy
	Beta  *computebeta.TargetHttpProxy
}

TargetHTTPProxy is a union of the API version types.

type TargetHTTPSProxy

type TargetHTTPSProxy struct {
	GA    *compute.TargetHttpsProxy
	Alpha *computealpha.TargetHttpsProxy
	Beta  *computebeta.TargetHttpsProxy
}

TargetHTTPSProxy is a union of the API version types.

type URLMap

type URLMap struct {
	GA    *compute.UrlMap
	Alpha *computealpha.UrlMap
	Beta  *computebeta.UrlMap
}

URLMap is a union of the API version types.

type ValidatorEnv

type ValidatorEnv interface {
	BackendConfigs() (map[string]*backendconfig.BackendConfig, error)
	Services() (map[string]*v1.Service, error)
	Cloud() cloud.Cloud
	Namer() *utils.Namer
}

ValidatorEnv captures non-Ingress spec related environment that affect the set of validations and Features.

func NewDefaultValidatorEnv

func NewDefaultValidatorEnv(config *rest.Config, ns string, gce cloud.Cloud) (ValidatorEnv, error)

NewDefaultValidatorEnv returns a new ValidatorEnv.

Directories

Path Synopsis
Package features configures additional extra features for the Ingress.
Package features configures additional extra features for the Ingress.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL