istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/telemetry/policy/traffic_allow_any_test.go (about) 1 //go:build integ 2 // +build integ 3 4 // Copyright Istio Authors 5 // 6 // Licensed under the Apache License, Version 2.0 (the "License"); 7 // you may not use this file except in compliance with the License. 8 // You may obtain a copy of the License at 9 // 10 // http://www.apache.org/licenses/LICENSE-2.0 11 // 12 // Unless required by applicable law or agreed to in writing, software 13 // distributed under the License is distributed on an "AS IS" BASIS, 14 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 // See the License for the specific language governing permissions and 16 // limitations under the License. 17 18 package policy 19 20 import ( 21 "net/http" 22 "testing" 23 24 "istio.io/istio/pkg/test/framework/components/prometheus" 25 ) 26 27 func TestOutboundTrafficPolicy_AllowAny(t *testing.T) { 28 cases := []*TestCase{ 29 { 30 Name: "HTTP Traffic", 31 PortName: "http", 32 Expected: Expected{ 33 Query: prometheus.Query{ 34 Metric: "istio_requests_total", 35 Aggregation: "sum", 36 Labels: map[string]string{ 37 "reporter": "source", 38 "destination_service_name": "PassthroughCluster", 39 "response_code": "200", 40 }, 41 }, 42 StatusCode: http.StatusOK, 43 Protocol: "HTTP/1.1", 44 }, 45 }, 46 { 47 Name: "HTTP H2 Traffic", 48 PortName: "http", 49 HTTP2: true, 50 Expected: Expected{ 51 Query: prometheus.Query{ 52 Metric: "istio_requests_total", 53 Aggregation: "sum", 54 Labels: map[string]string{ 55 "reporter": "source", 56 "destination_service_name": "PassthroughCluster", 57 "response_code": "200", 58 }, 59 }, 60 StatusCode: http.StatusOK, 61 Protocol: "HTTP/2.0", 62 }, 63 }, 64 { 65 Name: "HTTPS Traffic", 66 PortName: "https", 67 Expected: Expected{ 68 Query: prometheus.Query{ 69 Metric: "istio_tcp_connections_opened_total", 70 Aggregation: "sum", 71 Labels: map[string]string{ 72 "reporter": "source", 73 "destination_service_name": "PassthroughCluster", 74 }, 75 }, 76 StatusCode: http.StatusOK, 77 Protocol: "HTTP/1.1", 78 }, 79 }, 80 { 81 Name: "HTTPS Traffic Conflict", 82 PortName: "https-conflict", 83 Expected: Expected{ 84 Query: prometheus.Query{ 85 Metric: "istio_tcp_connections_opened_total", 86 Aggregation: "sum", 87 Labels: map[string]string{ 88 "reporter": "source", 89 "destination_service_name": "PassthroughCluster", 90 }, 91 }, 92 StatusCode: http.StatusOK, 93 Protocol: "HTTP/1.1", 94 }, 95 }, 96 { 97 Name: "HTTPS H2 Traffic", 98 PortName: "https", 99 HTTP2: true, 100 Expected: Expected{ 101 Query: prometheus.Query{ 102 Metric: "istio_tcp_connections_opened_total", 103 Aggregation: "sum", 104 Labels: map[string]string{ 105 "reporter": "source", 106 "destination_service_name": "PassthroughCluster", 107 }, 108 }, 109 StatusCode: http.StatusOK, 110 Protocol: "HTTP/2.0", 111 }, 112 }, 113 { 114 Name: "HTTPS H2 Traffic Conflict", 115 PortName: "https-conflict", 116 HTTP2: true, 117 Expected: Expected{ 118 Query: prometheus.Query{ 119 Metric: "istio_tcp_connections_opened_total", 120 Aggregation: "sum", 121 Labels: map[string]string{ 122 "reporter": "source", 123 "destination_service_name": "PassthroughCluster", 124 }, 125 }, 126 StatusCode: http.StatusOK, 127 Protocol: "HTTP/2.0", 128 }, 129 }, 130 { 131 Name: "HTTP Traffic Egress", 132 PortName: "http", 133 Host: "some-external-site.com", 134 Expected: Expected{ 135 Query: prometheus.Query{ 136 Metric: "istio_requests_total", 137 Aggregation: "sum", 138 Labels: map[string]string{ 139 "reporter": "source", 140 "destination_service_name": "istio-egressgateway", 141 "response_code": "200", 142 }, 143 }, 144 StatusCode: http.StatusOK, 145 Protocol: "HTTP/1.1", 146 RequestHeaders: map[string]string{ 147 // We inject this header in the VirtualService 148 "Handled-By-Egress-Gateway": "true", 149 }, 150 }, 151 }, 152 { 153 Name: "HTTP H2 Traffic Egress", 154 PortName: "http", 155 HTTP2: true, 156 Host: "some-external-site.com", 157 Expected: Expected{ 158 Query: prometheus.Query{ 159 Metric: "istio_requests_total", 160 Aggregation: "sum", 161 Labels: map[string]string{ 162 "reporter": "source", 163 "destination_service_name": "istio-egressgateway", 164 "response_code": "200", 165 }, 166 }, 167 StatusCode: http.StatusOK, 168 // Even though we send h2 to the gateway, the gateway should send h1, as configured by the ServiceEntry 169 Protocol: "HTTP/1.1", 170 RequestHeaders: map[string]string{ 171 // We inject this header in the VirtualService 172 "Handled-By-Egress-Gateway": "true", 173 }, 174 }, 175 }, 176 // TODO add HTTPS through gateway 177 { 178 Name: "TCP", 179 PortName: "tcp", 180 Expected: Expected{ 181 Metric: "istio_tcp_connections_closed_total", 182 PromQueryFormat: `sum(istio_tcp_connections_closed_total{reporter="source",destination_service_name="PassthroughCluster",source_workload="client-v1"})`, 183 StatusCode: http.StatusOK, 184 Protocol: "TCP", 185 }, 186 }, 187 { 188 Name: "TCP Conflict", 189 PortName: "tcp", 190 Expected: Expected{ 191 Metric: "istio_tcp_connections_closed_total", 192 PromQueryFormat: `sum(istio_tcp_connections_closed_total{reporter="source",destination_service_name="PassthroughCluster",source_workload="client-v1"})`, 193 StatusCode: http.StatusOK, 194 Protocol: "TCP", 195 }, 196 }, 197 } 198 199 RunExternalRequest(t, cases, prom, AllowAny) 200 }