istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/gateway/gateway_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package gateway 16 17 import ( 18 "testing" 19 20 "istio.io/api/networking/v1alpha3" 21 "istio.io/istio/pilot/pkg/features" 22 "istio.io/istio/pkg/config/protocol" 23 "istio.io/istio/pkg/test" 24 ) 25 26 func TestIsTLSServer(t *testing.T) { 27 cases := []struct { 28 name string 29 server *v1alpha3.Server 30 expected bool 31 }{ 32 { 33 name: "tls non nil and HTTP as transport protocol", 34 server: &v1alpha3.Server{ 35 Port: &v1alpha3.Port{ 36 Number: 80, 37 Protocol: string(protocol.HTTP), 38 Name: "http", 39 }, 40 Tls: &v1alpha3.ServerTLSSettings{HttpsRedirect: true}, 41 }, 42 expected: false, 43 }, 44 { 45 name: "tls non nil and TCP as transport protocol", 46 server: &v1alpha3.Server{ 47 Port: &v1alpha3.Port{ 48 Number: 80, 49 Protocol: string(protocol.TCP), 50 Name: "tcp", 51 }, 52 Tls: &v1alpha3.ServerTLSSettings{HttpsRedirect: true}, 53 }, 54 expected: true, 55 }, 56 { 57 name: "tls nil and HTTP as transport protocol", 58 server: &v1alpha3.Server{ 59 Port: &v1alpha3.Port{ 60 Number: 80, 61 Protocol: string(protocol.HTTP), 62 Name: "http", 63 }, 64 }, 65 expected: false, 66 }, 67 { 68 name: "tls nil and TCP as transport protocol", 69 server: &v1alpha3.Server{ 70 Port: &v1alpha3.Port{ 71 Number: 80, 72 Protocol: string(protocol.TCP), 73 Name: "tcp", 74 }, 75 }, 76 expected: false, 77 }, 78 } 79 for _, tc := range cases { 80 t.Run(tc.name, func(t *testing.T) { 81 actual := IsTLSServer(tc.server) 82 if actual != tc.expected { 83 t.Errorf("IsTLSServer(%s) => %t, want %t", 84 tc.server, actual, tc.expected) 85 } 86 }) 87 } 88 } 89 90 func TestIsHTTPServer(t *testing.T) { 91 cases := []struct { 92 name string 93 server *v1alpha3.Server 94 expected bool 95 }{ 96 { 97 name: "HTTP as transport protocol", 98 server: &v1alpha3.Server{ 99 Port: &v1alpha3.Port{ 100 Number: 80, 101 Protocol: string(protocol.HTTP), 102 Name: "http", 103 }, 104 }, 105 expected: true, 106 }, 107 { 108 name: "HTTPS traffic with passthrough ServerTLS mode", 109 server: &v1alpha3.Server{ 110 Port: &v1alpha3.Port{ 111 Number: 80, 112 Protocol: string(protocol.HTTPS), 113 Name: "https", 114 }, 115 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 116 }, 117 expected: false, 118 }, 119 { 120 name: "HTTP traffic with passthrough ServerTLS mode", 121 server: &v1alpha3.Server{ 122 Port: &v1alpha3.Port{ 123 Number: 80, 124 Protocol: string(protocol.HTTP), 125 Name: "http", 126 }, 127 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 128 }, 129 expected: true, 130 }, 131 { 132 name: "HTTPS traffic with istio mutual ServerTLS mode", 133 server: &v1alpha3.Server{ 134 Port: &v1alpha3.Port{ 135 Number: 80, 136 Protocol: string(protocol.HTTPS), 137 Name: "https", 138 }, 139 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_ISTIO_MUTUAL}, 140 }, 141 expected: true, 142 }, 143 } 144 145 for _, tc := range cases { 146 t.Run(tc.name, func(t *testing.T) { 147 actual := IsHTTPServer(tc.server) 148 if actual != tc.expected { 149 t.Errorf("IsHTTPServer(%s) => %t, want %t", 150 tc.server, actual, tc.expected) 151 } 152 }) 153 } 154 } 155 156 func TestIsHTTPSServerWithTLSTermination(t *testing.T) { 157 cases := []struct { 158 name string 159 server *v1alpha3.Server 160 expected bool 161 }{ 162 { 163 name: "HTTP as transport protocol", 164 server: &v1alpha3.Server{ 165 Port: &v1alpha3.Port{ 166 Number: 80, 167 Protocol: string(protocol.HTTP), 168 Name: "http", 169 }, 170 }, 171 expected: false, 172 }, 173 { 174 name: "HTTPS traffic with passthrough ServerTLS mode", 175 server: &v1alpha3.Server{ 176 Port: &v1alpha3.Port{ 177 Number: 80, 178 Protocol: string(protocol.HTTPS), 179 Name: "https", 180 }, 181 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 182 }, 183 expected: false, 184 }, 185 { 186 name: "HTTP traffic with tls termination", 187 server: &v1alpha3.Server{ 188 Port: &v1alpha3.Port{ 189 Number: 80, 190 Protocol: string(protocol.HTTP), 191 Name: "http", 192 }, 193 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_MUTUAL}, 194 }, 195 expected: false, 196 }, 197 { 198 name: "HTTPS traffic with istio mutual ServerTLS mode", 199 server: &v1alpha3.Server{ 200 Port: &v1alpha3.Port{ 201 Number: 80, 202 Protocol: string(protocol.HTTPS), 203 Name: "https", 204 }, 205 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_ISTIO_MUTUAL}, 206 }, 207 expected: true, 208 }, 209 } 210 211 for _, tc := range cases { 212 t.Run(tc.name, func(t *testing.T) { 213 actual := IsHTTPSServerWithTLSTermination(tc.server) 214 if actual != tc.expected { 215 t.Errorf("IsHTTPServer(%s) => %t, want %t", 216 tc.server, actual, tc.expected) 217 } 218 }) 219 } 220 } 221 222 func TestIsEligibleForHTTP3Upgrade(t *testing.T) { 223 cases := []struct { 224 name string 225 server *v1alpha3.Server 226 enableQUICListeners bool 227 expected bool 228 }{ 229 { 230 name: "EnableQUICListeners set to false", 231 server: &v1alpha3.Server{ 232 Port: &v1alpha3.Port{ 233 Number: 80, 234 Protocol: string(protocol.HTTP), 235 Name: "http", 236 }, 237 }, 238 expected: false, 239 enableQUICListeners: false, 240 }, 241 { 242 name: "HTTP as transport protocol and EnableQUICListeners set to true", 243 server: &v1alpha3.Server{ 244 Port: &v1alpha3.Port{ 245 Number: 80, 246 Protocol: string(protocol.HTTP), 247 Name: "http", 248 }, 249 }, 250 expected: false, 251 enableQUICListeners: true, 252 }, 253 { 254 name: "HTTPS traffic with passthrough ServerTLS mode and EnableQUICListeners set to true", 255 server: &v1alpha3.Server{ 256 Port: &v1alpha3.Port{ 257 Number: 80, 258 Protocol: string(protocol.HTTPS), 259 Name: "https", 260 }, 261 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 262 }, 263 enableQUICListeners: true, 264 expected: false, 265 }, 266 { 267 name: "HTTPS traffic with istio mutual ServerTLS mode and EnableQUICListeners set to true", 268 server: &v1alpha3.Server{ 269 Port: &v1alpha3.Port{ 270 Number: 80, 271 Protocol: string(protocol.HTTPS), 272 Name: "https", 273 }, 274 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_ISTIO_MUTUAL}, 275 }, 276 enableQUICListeners: true, 277 expected: true, 278 }, 279 } 280 for _, tc := range cases { 281 t.Run(tc.name, func(t *testing.T) { 282 test.SetForTest(t, &features.EnableQUICListeners, tc.enableQUICListeners) 283 actual := IsEligibleForHTTP3Upgrade(tc.server) 284 if actual != tc.expected { 285 t.Errorf("IsEligibleForHTTP3Upgrade(%s) => %t, want %t", 286 tc.server, actual, tc.expected) 287 } 288 }) 289 } 290 } 291 292 func TestIsPassThroughServer(t *testing.T) { 293 cases := []struct { 294 name string 295 server *v1alpha3.Server 296 expected bool 297 }{ 298 { 299 name: "nil server TlS", 300 server: &v1alpha3.Server{ 301 Port: &v1alpha3.Port{ 302 Number: 80, 303 Protocol: string(protocol.HTTP), 304 Name: "http", 305 }, 306 }, 307 expected: false, 308 }, 309 { 310 name: "passthrough ServerTLS mode", 311 server: &v1alpha3.Server{ 312 Port: &v1alpha3.Port{ 313 Number: 80, 314 Protocol: string(protocol.HTTPS), 315 Name: "https", 316 }, 317 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 318 }, 319 expected: true, 320 }, 321 { 322 name: "auto passthrough ServerTLS mode", 323 server: &v1alpha3.Server{ 324 Port: &v1alpha3.Port{ 325 Number: 80, 326 Protocol: string(protocol.HTTP), 327 Name: "http", 328 }, 329 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH}, 330 }, 331 expected: true, 332 }, 333 { 334 name: "istio mutual ServerTLS mode", 335 server: &v1alpha3.Server{ 336 Port: &v1alpha3.Port{ 337 Number: 80, 338 Protocol: string(protocol.HTTPS), 339 Name: "https", 340 }, 341 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_ISTIO_MUTUAL}, 342 }, 343 expected: false, 344 }, 345 } 346 for _, tc := range cases { 347 t.Run(tc.name, func(t *testing.T) { 348 actual := IsPassThroughServer(tc.server) 349 if actual != tc.expected { 350 t.Errorf("IsPassThroughServer(%s) => %t, want %t", 351 tc.server, actual, tc.expected) 352 } 353 }) 354 } 355 } 356 357 func TestIsTCPServerWithTLSTermination(t *testing.T) { 358 cases := []struct { 359 name string 360 server *v1alpha3.Server 361 expected bool 362 }{ 363 { 364 name: "nil tls and HTTP", 365 server: &v1alpha3.Server{ 366 Port: &v1alpha3.Port{ 367 Number: 80, 368 Protocol: string(protocol.HTTP), 369 Name: "http", 370 }, 371 }, 372 expected: false, 373 }, 374 { 375 name: "passthrough ServerTLS mode", 376 server: &v1alpha3.Server{ 377 Port: &v1alpha3.Port{ 378 Number: 80, 379 Protocol: string(protocol.TCP), 380 Name: "tcp", 381 }, 382 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_PASSTHROUGH}, 383 }, 384 expected: false, 385 }, 386 { 387 name: "auto passthrough ServerTLS mode", 388 server: &v1alpha3.Server{ 389 Port: &v1alpha3.Port{ 390 Number: 80, 391 Protocol: string(protocol.TCP), 392 Name: "tcp", 393 }, 394 Tls: &v1alpha3.ServerTLSSettings{Mode: v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH}, 395 }, 396 expected: false, 397 }, 398 { 399 name: "tls and HTTPS", 400 server: &v1alpha3.Server{ 401 Port: &v1alpha3.Port{ 402 Number: 80, 403 Protocol: string(protocol.HTTPS), 404 Name: "https", 405 }, 406 Tls: &v1alpha3.ServerTLSSettings{CredentialName: "cert", Mode: v1alpha3.ServerTLSSettings_MUTUAL}, 407 }, 408 expected: false, 409 }, 410 { 411 name: "tls and HTTP", 412 server: &v1alpha3.Server{ 413 Port: &v1alpha3.Port{ 414 Number: 80, 415 Protocol: string(protocol.HTTP), 416 Name: "https", 417 }, 418 Tls: &v1alpha3.ServerTLSSettings{CredentialName: "cert", Mode: v1alpha3.ServerTLSSettings_MUTUAL}, 419 }, 420 expected: false, 421 }, 422 { 423 name: "tls and TLS", 424 server: &v1alpha3.Server{ 425 Port: &v1alpha3.Port{ 426 Number: 80, 427 Protocol: string(protocol.TLS), 428 Name: "tls", 429 }, 430 Tls: &v1alpha3.ServerTLSSettings{CredentialName: "cert", Mode: v1alpha3.ServerTLSSettings_MUTUAL}, 431 }, 432 expected: true, 433 }, 434 } 435 for _, tc := range cases { 436 t.Run(tc.name, func(t *testing.T) { 437 actual := IsTCPServerWithTLSTermination(tc.server) 438 if actual != tc.expected { 439 t.Errorf("IsTCPServerWithTLSTermination(%s) => %t, want %t", 440 tc.server, actual, tc.expected) 441 } 442 }) 443 } 444 }