Add proxy protocol tests

2017-10-30 10:02:03 +01:00 · 2017-10-30 10:02:03 +01:00 · e8633d17e8
commit e8633d17e8
parent d1d8b01dfb
8 changed files with 177 additions and 23 deletions
--- a/integration/fixtures/proxy-protocol/with.toml
+++ b/integration/fixtures/proxy-protocol/with.toml
@ -0,0 +1,24 @@
+logLevel = "DEBUG"
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+[entryPoints.http]
+address = ":8000"
+[entryPoints.http.proxyProtocol]
+trustedIPs = ["{{.HaproxyIP}}"]
+
+[web]
+address = ":8080"
+
+[file]
+
+[backends]
+[backends.backend1]
+[backends.backend1.servers.server1]
+url = "http://{{.WhoamiIP}}"
+
+[frontends]
+[frontends.frontend1]
+backend = "backend1"
+[frontends.frontend1.routes.test_1]
+rule = "Path:/whoami"
--- a/integration/fixtures/proxy-protocol/without.toml
+++ b/integration/fixtures/proxy-protocol/without.toml
@ -0,0 +1,24 @@
+logLevel = "DEBUG"
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+[entryPoints.http]
+address = ":8000"
+[entryPoints.http.proxyProtocol]
+trustedIPs = ["1.2.3.4"]
+
+[web]
+address = ":8080"
+
+[file]
+
+[backends]
+[backends.backend1]
+[backends.backend1.servers.server1]
+url = "http://{{.WhoamiIP}}"
+
+[frontends]
+[frontends.frontend1]
+backend = "backend1"
+[frontends.frontend1.routes.test_1]
+rule = "Path:/whoami"
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -20,6 +20,8 @@ import (
 )

 var integration = flag.Bool("integration", false, "run integration tests")
+var container = flag.Bool("container", false, "run container integration tests")
+var host = flag.Bool("host", false, "run host integration tests")

 func Test(t *testing.T) {
 	check.TestingT(t)
@ -32,27 +34,34 @@ func init() {
 		return
 	}

-	check.Suite(&AccessLogSuite{})
-	check.Suite(&AcmeSuite{})
-	check.Suite(&ConstraintSuite{})
-	check.Suite(&ConsulCatalogSuite{})
-	check.Suite(&ConsulSuite{})
-	check.Suite(&DockerSuite{})
-	check.Suite(&DynamoDBSuite{})
-	check.Suite(&ErrorPagesSuite{})
-	check.Suite(&EtcdSuite{})
-	check.Suite(&EurekaSuite{})
-	check.Suite(&FileSuite{})
-	check.Suite(&GRPCSuite{})
-	check.Suite(&HealthCheckSuite{})
-	check.Suite(&HTTPSSuite{})
-	check.Suite(&LogRotationSuite{})
-	check.Suite(&MarathonSuite{})
-	check.Suite(&MesosSuite{})
-	check.Suite(&RateLimitSuite{})
-	check.Suite(&SimpleSuite{})
-	check.Suite(&TimeoutSuite{})
-	check.Suite(&WebsocketSuite{})
+	if *container {
+		// tests launched from a container
+		check.Suite(&AccessLogSuite{})
+		check.Suite(&AcmeSuite{})
+		check.Suite(&ConstraintSuite{})
+		check.Suite(&ConsulCatalogSuite{})
+		check.Suite(&ConsulSuite{})
+		check.Suite(&DockerSuite{})
+		check.Suite(&DynamoDBSuite{})
+		check.Suite(&ErrorPagesSuite{})
+		check.Suite(&EtcdSuite{})
+		check.Suite(&EurekaSuite{})
+		check.Suite(&FileSuite{})
+		check.Suite(&GRPCSuite{})
+		check.Suite(&HealthCheckSuite{})
+		check.Suite(&HTTPSSuite{})
+		check.Suite(&LogRotationSuite{})
+		check.Suite(&MarathonSuite{})
+		check.Suite(&MesosSuite{})
+		check.Suite(&RateLimitSuite{})
+		check.Suite(&SimpleSuite{})
+		check.Suite(&TimeoutSuite{})
+		check.Suite(&WebsocketSuite{})
+	}
+	if *host {
+		// tests launched from the host
+		check.Suite(&ProxyProtocolSuite{})
+	}
 }

 var traefikBinary = "../dist/traefik"
--- a/integration/proxy_protocol_test.go
+++ b/integration/proxy_protocol_test.go
@ -0,0 +1,59 @@
+package integration
+
+import (
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/containous/traefik/integration/try"
+	"github.com/go-check/check"
+	checker "github.com/vdemeester/shakers"
+)
+
+type ProxyProtocolSuite struct{ BaseSuite }
+
+func (s *ProxyProtocolSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "proxy-protocol")
+	s.composeProject.Start(c)
+}
+
+func (s *ProxyProtocolSuite) TestProxyProtocolTrusted(c *check.C) {
+	gatewayIP := s.composeProject.Container(c, "haproxy").NetworkSettings.Gateway
+	haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
+	whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/proxy-protocol/with.toml", struct {
+		HaproxyIP string
+		WhoamiIP  string
+	}{haproxyIP, whoamiIP})
+	defer os.Remove(file)
+
+	cmd, display := s.traefikCmd(withConfigFile(file))
+	defer display(c)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+gatewayIP))
+	display(c)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *ProxyProtocolSuite) TestProxyProtocolNotTrusted(c *check.C) {
+	haproxyIP := s.composeProject.Container(c, "haproxy").NetworkSettings.IPAddress
+	whoamiIP := s.composeProject.Container(c, "whoami").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/proxy-protocol/without.toml", struct {
+		HaproxyIP string
+		WhoamiIP  string
+	}{haproxyIP, whoamiIP})
+	defer os.Remove(file)
+
+	cmd, display := s.traefikCmd(withConfigFile(file))
+	defer display(c)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	err = try.GetRequest("http://"+haproxyIP+"/whoami", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.BodyContains("X-Forwarded-For: "+haproxyIP))
+	display(c)
+	c.Assert(err, checker.IsNil)
+}
--- a/integration/resources/compose/proxy-protocol.yml
+++ b/integration/resources/compose/proxy-protocol.yml
@ -0,0 +1,7 @@
+haproxy:
+  image: haproxy
+  volumes:
+    - ../haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
+
+whoami:
+  image: emilevauge/whoami
--- a/integration/resources/haproxy/haproxy.cfg
+++ b/integration/resources/haproxy/haproxy.cfg
@ -0,0 +1,21 @@
+global
+   maxconn 4096
+
+defaults
+   log   global
+   mode   http
+   retries   3
+   option redispatch
+   maxconn   2000
+   timeout connect 5000
+   timeout client  50000
+   timeout server  50000
+
+frontend TestServerTest
+    bind 0.0.0.0:80
+    mode tcp
+    default_backend TestServerNodes
+
+backend TestServerNodes
+    mode tcp
+    server TestServer01 172.17.0.1:8000 send-proxy