fuzz

package
v1.9.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2020 License: Apache-2.0 Imports: 34 Imported by: 6

README

Fuzz

Validator TODO

  • Specific SSL certificate presented is correct.
    • For every SSL certificate, check one domain and make sure we get the cert assigned to the given domain.
  • Service specific contents (Add IngressModel interface)
    • annotations will decorate the request, response
    • validators transform the response
    • ModelResponder creates the responses that
    • Responder() takes HTTP request and writes the response back.
  • Snapshots of GCP state for whitebox testing.
    • Take a snapshot of the load balancer tree starting from the ForwardingRule.

Documentation

Index

Constants

View Source
const (
	NegResourceType = "networkEndpointGroup"
	IgResourceType  = "instanceGroup"
	HttpProtocol    = Protocol("HTTP")
	HttpsProtocol   = Protocol("HTTPS")
)

Variables

This section is empty.

Functions

func BackendConfigForPath

func BackendConfigForPath(host, path string, ing *v1beta1.Ingress, env ValidatorEnv) (*backendconfig.BackendConfig, error)

BackendConfigForPath returns the BackendConfig associated with the given path. Note: This function returns an empty object (not nil pointer) if a BackendConfig did not exist in the given environment.

func NetworkEndpointsInNegs added in v1.7.0

func NetworkEndpointsInNegs(ctx context.Context, c cloud.Cloud, name string, zones []string) (map[meta.Key]*NetworkEndpoints, error)

NetworkEndpointsInNegs retrieves the network Endpoints from NEGs with one name in multiple zones

func NewService

func NewService(name, ns string, port int) *v1.Service

NewService is a helper function for creating a simple Service spec.

func RegionalGCLBForVIP added in v1.8.0

func RegionalGCLBForVIP(ctx context.Context, c cloud.Cloud, gclb *GCLB, params *GCLBForVIPParams) error

GCLBForVIP retrieves all of the resources associated with the GCLB for a given VIP.

func ServiceForPath added in v1.6.0

func ServiceForPath(host, path string, ing *v1beta1.Ingress, env ValidatorEnv) (*v1.Service, *v1.ServicePort, error)

ServiceForPath returns the Service and ServicePort associated with the given path.

Types

type BackendConfigBuilder

type BackendConfigBuilder struct {
	// contains filtered or unexported fields
}

BackendConfigBuilder is syntactic sugar for creating BackendConfig specs for testing purposes.

backendConfig := NewBackendConfigBuilder("ns1", "name1").Build()

func NewBackendConfigBuilder

func NewBackendConfigBuilder(ns, name string) *BackendConfigBuilder

NewBackendConfigBuilder instantiates a new BackendConfig.

func NewBackendConfigBuilderFromExisting

func NewBackendConfigBuilderFromExisting(b *backendconfig.BackendConfig) *BackendConfigBuilder

NewBackendConfigBuilderFromExisting creates a BackendConfigBuilder from an existing BackendConfig object. The BackendConfigBuilder object will be copied.

func (*BackendConfigBuilder) AddCustomRequestHeader added in v1.7.0

func (b *BackendConfigBuilder) AddCustomRequestHeader(header string) *BackendConfigBuilder

func (*BackendConfigBuilder) Build

Build returns a constructed BackendConfig. The BackendConfig is a copy, so the Builder can be reused to construct multiple BackendConfig definitions.

func (*BackendConfigBuilder) EnableCDN

func (b *BackendConfigBuilder) EnableCDN(enabled bool) *BackendConfigBuilder

EnableCDN enables or disables CDN on the BackendConfig.

func (*BackendConfigBuilder) SetAffinityCookieTtlSec added in v1.5.0

func (b *BackendConfigBuilder) SetAffinityCookieTtlSec(ttl int64) *BackendConfigBuilder

SetAffinityCookieTtlSec specifies the session affinity cookie TTL on the BackendConfig.

func (*BackendConfigBuilder) SetCachePolicy

func (b *BackendConfigBuilder) SetCachePolicy(cachePolicy *backendconfig.CacheKeyPolicy) *BackendConfigBuilder

SetCachePolicy specifies the cache policy on the BackendConfig.

func (*BackendConfigBuilder) SetConnectionDrainingTimeout added in v1.5.0

func (b *BackendConfigBuilder) SetConnectionDrainingTimeout(timeout int64) *BackendConfigBuilder

SetConnectionDrainingTimeout defines the BackendConfig's draining timeout

func (*BackendConfigBuilder) SetIAPConfig

func (b *BackendConfigBuilder) SetIAPConfig(enabled bool, secret string) *BackendConfigBuilder

SetIAPConfig enables or disables IAP on the BackendConfig and also sets the secret which contains the OAuth credentials.

func (*BackendConfigBuilder) SetSecurityPolicy

func (b *BackendConfigBuilder) SetSecurityPolicy(securityPolicy string) *BackendConfigBuilder

SetSecurityPolicy sets security policy on the BackendConfig.

func (*BackendConfigBuilder) SetSessionAffinity added in v1.5.0

func (b *BackendConfigBuilder) SetSessionAffinity(affinity string) *BackendConfigBuilder

SetSessionAffinity specifies the session affinity on the BackendConfig.

func (*BackendConfigBuilder) SetTimeout added in v1.5.0

func (b *BackendConfigBuilder) SetTimeout(timeout int64) *BackendConfigBuilder

SetTimeout defines the BackendConfig's connection timeout

type BackendService

type BackendService struct {
	GA    *compute.BackendService
	Alpha *computealpha.BackendService
	Beta  *computebeta.BackendService
}

BackendService is a union of the API version types.

type CheckResponseAction

type CheckResponseAction int

CheckResponseAction is the action to be taken when evaluating the CheckResponse.

const (
	// CheckResponseContinue continues with the standard response checking.
	CheckResponseContinue CheckResponseAction = iota
	// CheckResponseSkip skips the standard response checking.
	CheckResponseSkip CheckResponseAction = iota
)

type DefaultValidatorEnv

type DefaultValidatorEnv struct {
	// contains filtered or unexported fields
}

DefaultValidatorEnv is a ValidatorEnv that gets data from the Kubernetes clientset.

func (*DefaultValidatorEnv) BackendConfigs

func (e *DefaultValidatorEnv) BackendConfigs() (map[string]*backendconfig.BackendConfig, error)

BackendConfigs implements ValidatorEnv.

func (*DefaultValidatorEnv) BackendNamer added in v1.9.0

func (e *DefaultValidatorEnv) BackendNamer() namer.BackendNamer

Namer implements ValidatorEnv.

func (*DefaultValidatorEnv) Cloud

func (e *DefaultValidatorEnv) Cloud() cloud.Cloud

Cloud implements ValidatorEnv.

func (*DefaultValidatorEnv) FrontendNamerFactory added in v1.9.0

func (e *DefaultValidatorEnv) FrontendNamerFactory() namer.IngressFrontendNamerFactory

DefaultValidatorEnv implements ValidatorEnv.

func (*DefaultValidatorEnv) Services

func (e *DefaultValidatorEnv) Services() (map[string]*v1.Service, error)

Services implements ValidatorEnv.

type Feature

type Feature interface {
	// Name of the feature.
	Name() string
	// NewValidator returns a new validator instance.
	NewValidator() FeatureValidator
}

Feature represents an extension to the "vanilla" behavior of Ingress.

type FeatureValidator

type FeatureValidator interface {
	// Name of the feature.
	Name() string
	// ConfigureAttributes of the validation for given the environment and
	// the Ingress object.
	ConfigureAttributes(env ValidatorEnv, ing *v1beta1.Ingress, a *IngressValidatorAttributes) error
	// ModifyRequest adds the appropriate headers for testing the feature, if
	// necessary.
	ModifyRequest(host, path string, req *http.Request)
	// CheckResponse checks the HTTP response from the validation for
	// correctness. Return (CheckResponseContinue, nil) if you wish to continue
	// with the standard Response validation. Return (CheckResponseSkip, nil)
	// if you wish to skip the standard Response validation for the current
	// request. If (_, err) is returned, then the response is considered to be
	// an error.
	CheckResponse(host, path string, resp *http.Response, body []byte) (CheckResponseAction, error)

	// TODO(shance): ideally we should use features.ResourceVersions and scope here
	HasAlphaResource(resourceType string) bool
	HasBetaResource(resourceType string) bool
}

FeatureValidator is a validator for the Feature. It has various hooks to the standard validation routine.

func FeatureValidators

func FeatureValidators(fs []Feature) []FeatureValidator

FeatureValidators returns a list of validators.

type ForwardingRule

type ForwardingRule struct {
	GA    *compute.ForwardingRule
	Alpha *computealpha.ForwardingRule
	Beta  *computebeta.ForwardingRule
}

ForwardingRule is a union of the API version types.

type GCLB

type GCLB struct {
	VIP string

	ForwardingRule       map[meta.Key]*ForwardingRule
	TargetHTTPProxy      map[meta.Key]*TargetHTTPProxy
	TargetHTTPSProxy     map[meta.Key]*TargetHTTPSProxy
	URLMap               map[meta.Key]*URLMap
	BackendService       map[meta.Key]*BackendService
	NetworkEndpointGroup map[meta.Key]*NetworkEndpointGroup
	InstanceGroup        map[meta.Key]*InstanceGroup
}

GCLB contains the resources for a load balancer.

func GCLBForVIP

func GCLBForVIP(ctx context.Context, c cloud.Cloud, params *GCLBForVIPParams) (*GCLB, error)

GCLBForVIP retrieves all of the resources associated with the GCLB for a given VIP.

func NewGCLB

func NewGCLB(vip string) *GCLB

NewGCLB returns an empty GCLB.

func (*GCLB) CheckNEGDeletion added in v1.6.0

func (g *GCLB) CheckNEGDeletion(ctx context.Context, c cloud.Cloud, options *GCLBDeleteOptions) error

CheckNEGDeletion checks that all NEGs associated with the GCLB have been deleted

func (*GCLB) CheckResourceDeletion

func (g *GCLB) CheckResourceDeletion(ctx context.Context, c cloud.Cloud, options *GCLBDeleteOptions) error

CheckResourceDeletion checks the existence of the resources. Returns nil if all of the associated resources no longer exist.

func (*GCLB) CheckResourceDeletionByProtocol added in v1.9.0

func (g *GCLB) CheckResourceDeletionByProtocol(ctx context.Context, c cloud.Cloud, options *GCLBDeleteOptions, protocol Protocol) error

CheckResourceDeletionByProtocol checks the existence of the resources for given protocol. Returns nil if all of the associated frontend resources no longer exist.

type GCLBDeleteOptions

type GCLBDeleteOptions struct {
	// SkipDefaultBackend indicates whether to skip checking for the
	// system default backend.
	SkipDefaultBackend bool
	// SkipBackends indicates whether to skip checking for the backends.
	// This is enabled only when we know that backends are shared among multiple ingresses
	// in which case shared backends are not cleaned up on ingress deletion.
	SkipBackends bool
	// CheckHttpFrontendResources indicates whether to check just the http
	// frontend resources.
	CheckHttpFrontendResources bool
	// CheckHttpsFrontendResources indicates whether to check just the https
	// frontend resources.
	CheckHttpsFrontendResources bool
}

GCLBDeleteOptions may be provided when cleaning up GCLB resource.

type GCLBForVIPParams added in v1.8.0

type GCLBForVIPParams struct {
	VIP        string
	Region     string
	Network    string
	Validators []FeatureValidator
}

type HostPath

type HostPath struct {
	Host string
	Path string
}

HostPath maps an entry in Ingress to a specific service. Host == "" and Path == "" denotes the default backend.

type IngressBuilder

type IngressBuilder struct {
	// contains filtered or unexported fields
}

IngressBuilder is syntactic sugar for creating Ingress specs for testing purposes.

ing := NewIngressBuilder("ns1", "name1", "127.0.0.1").Build()

func NewIngressBuilder

func NewIngressBuilder(ns, name, vip string) *IngressBuilder

NewIngressBuilder instantiates a new IngressBuilder.

func NewIngressBuilderFromExisting

func NewIngressBuilderFromExisting(i *v1beta1.Ingress) *IngressBuilder

NewIngressBuilderFromExisting creates a IngressBuilder from an existing Ingress object. The Ingress object will be copied.

func (*IngressBuilder) AddHost

func (i *IngressBuilder) AddHost(host string) *IngressBuilder

AddHost adds a rule for a host entry if it did not yet exist.

func (*IngressBuilder) AddPath

func (i *IngressBuilder) AddPath(host, path, service string, port intstr.IntOrString) *IngressBuilder

AddPath a new path for the given host if it did not already exist.

func (*IngressBuilder) AddPresharedCerts added in v1.6.0

func (i *IngressBuilder) AddPresharedCerts(names []string) *IngressBuilder

AddPresharedCerts adds preshared certs via the annotation. Note that a value added in a previous call to this function will be overwritten.

func (*IngressBuilder) AddStaticIP added in v1.6.0

func (i *IngressBuilder) AddStaticIP(name string) *IngressBuilder

AddStaticIP adds the name of an address that exists in GCP via the annotation. Note that a value added in a previous call to this function will be overwritten.

func (*IngressBuilder) AddTLS

func (i *IngressBuilder) AddTLS(hosts []string, secretName string) *IngressBuilder

AddTLS adds a TLS secret reference.

func (*IngressBuilder) Build

func (i *IngressBuilder) Build() *v1beta1.Ingress

Build returns a constructed Ingress. The Ingress is a copy, so the Builder can be reused to construct multiple Ingress definitions.

func (*IngressBuilder) ConfigureForILB added in v1.7.0

func (i *IngressBuilder) ConfigureForILB() *IngressBuilder

Configure for ILB adds the ILB ingress class annotation

func (*IngressBuilder) DefaultBackend

func (i *IngressBuilder) DefaultBackend(service string, port intstr.IntOrString) *IngressBuilder

DefaultBackend sets the default backend.

func (*IngressBuilder) Host

func (i *IngressBuilder) Host(host string) *v1beta1.IngressRule

Host returns the rule for a host and creates it if it did not exist.

func (*IngressBuilder) Path

func (i *IngressBuilder) Path(host, path, service string, port intstr.IntOrString) *v1beta1.HTTPIngressPath

Path returns the Path matching the (host, path), appending the entry if it does not already exist.

func (*IngressBuilder) SetAllowHttp added in v1.8.0

func (i *IngressBuilder) SetAllowHttp(val bool) *IngressBuilder

SetAllowHttp sets the AllowHTTP annotation on the ingress

func (*IngressBuilder) SetIngressClass added in v1.7.0

func (i *IngressBuilder) SetIngressClass(name string) *IngressBuilder

SetIngressClass sets Ingress class to given name.

func (*IngressBuilder) SetTLS added in v1.9.0

func (i *IngressBuilder) SetTLS(tlsCerts []v1beta1.IngressTLS) *IngressBuilder

SetTLS sets TLS certs to given list.

type IngressResult

type IngressResult struct {
	Err   error
	Paths []*PathResult
}

IngressResult is the result of an Ingress validation.

type IngressValidator

type IngressValidator struct {
	// contains filtered or unexported fields
}

IngressValidator encapsulates the logic required to validate a given configuration is behaving correctly.

func NewIngressValidator

func NewIngressValidator(env ValidatorEnv, ing *v1beta1.Ingress, features []Feature, whiteboxTests []WhiteboxTest, attribs *IngressValidatorAttributes) (*IngressValidator, error)

NewIngressValidator returns a new validator for checking the correctness of an Ingress spec against the behavior of the instantiated load balancer. If attribs is nil, then the default set of attributes will be used.

func (*IngressValidator) Check

Check runs all of the checks against the instantiated load balancer.

func (*IngressValidator) CheckPaths

func (v *IngressValidator) CheckPaths(ctx context.Context, vr *IngressResult) error

CheckPaths checks the host, paths that have been configured. Checks are run in parallel.

func (*IngressValidator) FrontendNamingSchemeTest added in v1.9.0

func (v *IngressValidator) FrontendNamingSchemeTest(gclb *GCLB) error

FrontendNamingSchemeTest asserts that correct naming scheme is used.

func (*IngressValidator) PerformWhiteboxTests added in v1.8.0

func (v *IngressValidator) PerformWhiteboxTests(gclb *GCLB) error

PerformWhiteboxTests runs additional whitebox tests.

func (*IngressValidator) Vip added in v1.7.0

func (v *IngressValidator) Vip() *string

Vip for the load balancer. This currently uses the first entry, returns nil if the VIP is not available.

type IngressValidatorAttributes

type IngressValidatorAttributes struct {
	CheckHTTP           bool
	CheckHTTPS          bool
	RejectInsecureCerts bool
	RequestTimeout      time.Duration
	Region              string
	// HTTPPort and HTTPSPort are used only for unit testing.
	HTTPPort  int
	HTTPSPort int
}

IngressValidatorAttributes are derived attributes governing how the Ingress is validated. Features will use this structure to express changes to the standard checks by modifying this struct.

func DefaultAttributes added in v1.8.0

func DefaultAttributes() *IngressValidatorAttributes

DefaultAttributes are the base attributes for validation.

type InstanceGroup added in v1.7.0

type InstanceGroup struct {
	GA *compute.InstanceGroup
}

InstanceGroup is a union of the API version types.

type MockValidatorEnv

type MockValidatorEnv struct {
	BackendConfigsMap map[string]*backendconfig.BackendConfig
	ServicesMap       map[string]*v1.Service
	MockCloud         *cloud.MockGCE
	IngressNamer      *namer.Namer
	// contains filtered or unexported fields
}

MockValidatorEnv is an environment that is used for mock testing.

func (*MockValidatorEnv) BackendConfigs

func (e *MockValidatorEnv) BackendConfigs() (map[string]*backendconfig.BackendConfig, error)

BackendConfigs implements ValidatorEnv.

func (*MockValidatorEnv) BackendNamer added in v1.9.0

func (e *MockValidatorEnv) BackendNamer() namer.BackendNamer

Namer implements ValidatorEnv.

func (*MockValidatorEnv) Cloud

func (e *MockValidatorEnv) Cloud() cloud.Cloud

Cloud implements ValidatorEnv.

func (*MockValidatorEnv) FrontendNamerFactory added in v1.9.0

func (e *MockValidatorEnv) FrontendNamerFactory() namer.IngressFrontendNamerFactory

FrontendNamerFactory implements ValidatorEnv.

func (*MockValidatorEnv) Services

func (e *MockValidatorEnv) Services() (map[string]*v1.Service, error)

Services implements ValidatorEnv.

type NetworkEndpointGroup added in v1.6.0

type NetworkEndpointGroup struct {
	GA    *compute.NetworkEndpointGroup
	Alpha *computealpha.NetworkEndpointGroup
	Beta  *computebeta.NetworkEndpointGroup
}

NetworkEndpointGroup is a union of the API version types.

type NetworkEndpoints added in v1.7.0

type NetworkEndpoints struct {
	NEG       *compute.NetworkEndpointGroup
	Endpoints []*compute.NetworkEndpointWithHealthStatus
}

NetworkEndpoints contains the NEG definition and the network Endpoints in NEG

type NullValidator

type NullValidator struct {
}

NullValidator is a feature that does nothing. Embed this object to reduce the amount of boilerplate required to implement a feature that doesn't require all of the hooks.

func (*NullValidator) CheckResponse

CheckResponse implements Feature.

func (*NullValidator) ConfigureAttributes

func (*NullValidator) ConfigureAttributes(env ValidatorEnv, ing *v1beta1.Ingress, a *IngressValidatorAttributes) error

ConfigureAttributes implements Feature.

func (*NullValidator) HasAlphaResource

func (*NullValidator) HasAlphaResource(resourceType string) bool

HasAlphaResource implements Feature.

func (*NullValidator) HasBetaResource

func (*NullValidator) HasBetaResource(resourceType string) bool

HasBetaResource implements Feature.

func (*NullValidator) ModifyRequest

func (*NullValidator) ModifyRequest(string, string, *http.Request)

ModifyRequest implements Feature.

type PathResult

type PathResult struct {
	Scheme string
	Host   string
	Path   string
	Err    error
}

PathResult is the result of validating a path.

type Protocol added in v1.9.0

type Protocol string

Protocol specifies GCE loadbalancer protocol.

type ServiceMap

type ServiceMap map[HostPath]*v1beta1.IngressBackend

ServiceMap is a map of (host, path) to the appropriate backend.

func ServiceMapFromIngress

func ServiceMapFromIngress(ing *v1beta1.Ingress) ServiceMap

ServiceMapFromIngress creates a service map from the Ingress object. Note: duplicate entries (e.g. invalid configurations) will result in the first entry to be chosen.

type TargetHTTPProxy

type TargetHTTPProxy struct {
	GA    *compute.TargetHttpProxy
	Alpha *computealpha.TargetHttpProxy
	Beta  *computebeta.TargetHttpProxy
}

TargetHTTPProxy is a union of the API version types.

type TargetHTTPSProxy

type TargetHTTPSProxy struct {
	GA    *compute.TargetHttpsProxy
	Alpha *computealpha.TargetHttpsProxy
	Beta  *computebeta.TargetHttpsProxy
}

TargetHTTPSProxy is a union of the API version types.

type URLMap

type URLMap struct {
	GA    *compute.UrlMap
	Alpha *computealpha.UrlMap
	Beta  *computebeta.UrlMap
}

URLMap is a union of the API version types.

type ValidatorEnv

type ValidatorEnv interface {
	BackendConfigs() (map[string]*backendconfig.BackendConfig, error)
	Services() (map[string]*v1.Service, error)
	Cloud() cloud.Cloud
	BackendNamer() namer.BackendNamer
	FrontendNamerFactory() namer.IngressFrontendNamerFactory
}

ValidatorEnv captures non-Ingress spec related environment that affect the set of validations and Features.

func NewDefaultValidatorEnv

func NewDefaultValidatorEnv(config *rest.Config, ns string, gce cloud.Cloud) (ValidatorEnv, error)

NewDefaultValidatorEnv returns a new ValidatorEnv.

type WhiteboxTest added in v1.8.0

type WhiteboxTest interface {
	// Name of the test.
	Name() string
	// Test is the test to run.
	Test(ing *v1beta1.Ingress, gclb *GCLB) error
}

WhiteboxTest represents a whitebox test than can be run for an Ingress. The test validates a part of the Ingress spec against GCE resources.

Directories

Path Synopsis
Package features configures additional extra features for the Ingress.
Package features configures additional extra features for the Ingress.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL