From e41b497978b3035aae30c86477d5d8e8b47df574 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Wed, 13 Oct 2021 18:06:55 +0200 Subject: [PATCH] REGTESTS: Add scripts to test support of TCP/HTTP rules in defaults sections 3 scripts are added: * startup/default_rules.vtc to check configuration parsing * http-rules/default_rules.vtc to check evaluation of HTTP rules * tcp-rules/default_rules.vtc to check evaluation of TCP rules --- reg-tests/http-rules/default_rules.vtc | 112 +++++++++++++++ reg-tests/startup/default_rules.vtc | 186 +++++++++++++++++++++++++ reg-tests/tcp-rules/default_rules.vtc | 62 +++++++++ 3 files changed, 360 insertions(+) create mode 100644 reg-tests/http-rules/default_rules.vtc create mode 100644 reg-tests/startup/default_rules.vtc create mode 100644 reg-tests/tcp-rules/default_rules.vtc diff --git a/reg-tests/http-rules/default_rules.vtc b/reg-tests/http-rules/default_rules.vtc new file mode 100644 index 000000000..a72776c07 --- /dev/null +++ b/reg-tests/http-rules/default_rules.vtc @@ -0,0 +1,112 @@ +varnishtest "Test declaration of HTTP rules in default sections" + +#REQUIRE_VERSION=2.5 + +feature ignore_unknown_macro + +server s1 { + rxreq + expect req.http.x-frontend == "fe" + expect req.http.x-backend == "be" + expect req.http.x-test1-frt == "def_front" + expect req.http.x-test1-bck == "def_back" + txresp +} -start + +server s2 { + rxreq + txresp +} -start + +haproxy h1 -conf { + defaults common + mode http + timeout connect 1s + timeout client 1s + timeout server 1s + + defaults def_front from common + http-request set-header x-frontend "%[fe_name]" + http-request set-var(txn.test1) "str(def_front)" + http-response set-header x-frontend "%[fe_name]" + http-response set-var(txn.test2) "str(def_front)" + http-after-response set-var(txn.test3) "str(def_front)" + + defaults def_back from common + http-request set-header x-backend "%[be_name]" + http-request set-var(txn.test1) "str(def_back)" + http-response set-header x-backend "%[be_name]" + http-response set-var(txn.test2) "str(def_back)" + http-after-response set-var(txn.test3) "str(def_back)" + + frontend fe from def_front + bind "fd@${feh1}" + + http-request set-header x-test1-frt "%[var(txn.test1)]" + http-response set-header x-test2-frt "%[var(txn.test2)]" + http-after-response set-header x-test3-frt "%[var(txn.test3)]" + + default_backend be + + backend be from def_back + http-request set-header x-test1-bck "%[var(txn.test1)]" + http-response set-header x-test2-bck "%[var(txn.test2)]" + http-after-response set-header x-test3-bck "%[var(txn.test3)]" + + server s1 ${s1_addr}:${s1_port} + +} -start + + +haproxy h2 -conf { + defaults common + mode http + timeout connect 1s + timeout client 1s + timeout server 1s + + defaults def_front from common + http-request allow + http-response allow + http-after-response allow + + defaults def_back from common + http-request allow + http-response allow + http-after-response allow + + frontend fe from def_front + bind "fd@${feh2}" + + http-request deny status 403 + http-response deny status 502 + http-after-response set-status 502 + + default_backend be + + backend be from def_back + http-request deny status 403 + http-response deny status 502 + http-after-response set-status 502 + + server s2 ${s2_addr}:${s2_port} + +} -start + +client c1 -connect ${h1_feh1_sock} { + txreq -req GET -url / + rxresp + expect resp.status == 200 + expect resp.http.x-frontend == "fe" + expect resp.http.x-backend == "be" + expect resp.http.x-test2-bck == "def_back" + expect resp.http.x-test2-frt == "def_front" + expect resp.http.x-test3-bck == "def_back" + expect resp.http.x-test3-frt == "def_front" +} -run + +client c2 -connect ${h2_feh2_sock} { + txreq -req GET -url / + rxresp + expect resp.status == 200 +} -run diff --git a/reg-tests/startup/default_rules.vtc b/reg-tests/startup/default_rules.vtc new file mode 100644 index 000000000..4c8051312 --- /dev/null +++ b/reg-tests/startup/default_rules.vtc @@ -0,0 +1,186 @@ +varnishtest "Misuses of defaults section defining TCP/HTTP rules" + +#REQUIRE_VERSION=2.5 + +feature ignore_unknown_macro + +# +# anonymous defaults section cannot define TCP/HTTP rules +# +haproxy h1 -conf-BAD {} { + defaults + http-request set-header X-Hdr 1 +} + +haproxy h2 -conf-BAD {} { + defaults + http-response set-header X-Hdr 1 +} + +haproxy h3 -conf-BAD {} { + defaults + http-after-request set-header X-Hdr 1 +} + +haproxy h4 -conf-BAD {} { + defaults + tcp-request connection accept +} + +haproxy h5 -conf-BAD {} { + defaults + tcp-request session accept +} + +haproxy h6 -conf-BAD {} { + defaults + tcp-request inspect-delay 5s + tcp-request content accept +} + +haproxy h7 -conf-BAD {} { + defaults + tcp-response inspect-delay 5s + tcp-response content accept +} + +# +# defaults section defining TCP/HTTP rules cannot be used to init another +# defaults section +# +haproxy h8 -conf-BAD {} { + defaults invalid + tcp-response inspect-delay 5s + tcp-response content accept + + defaults from invalid + mode tcp +} + +# +# defaults section defining TCP/HTTP rules cannot be used to init a listen +# section +# +haproxy h9 -conf-BAD {} { + defaults invalid + tcp-request inspect-delay 5s + tcp-request content accept + + listen li from invalid + mode tcp + bind "fd@${lih9}" + server www 127.0.0.1:80 +} + +# +# defaults section defining TCP/HTTP rules cannot be used to init frontend and +# backend sections at the same time +# +# +haproxy h10 -conf-BAD {} { + defaults invalid + tcp-request inspect-delay 5s + tcp-request content accept + + frontend fe from invalid + mode tcp + bind "fd@${feh10}" + default_backend be1 + + backend be from invalid + mode tcp + server www 127.0.0.1:80 +} + +# +# defaults section defining 'tcp-request connection' or 'tcp-request session' +# rules cannot be used to init backend sections +# +haproxy h11 -conf-BAD {} { + defaults invalid + tcp-request connection accept + + backend be from invalid + mode tcp + server www 127.0.0.1:80 +} + +haproxy h12 -conf-BAD {} { + defaults invalid + tcp-request session accept + + backend be from invalid + mode tcp + server www 127.0.0.1:80 +} + +# +# defaults section defining 'tcp-response content' rules cannot be used to init +# a frontend section +# +haproxy h13 -conf-BAD {} { + defaults invalid + tcp-response inspect-delay 5s + tcp-response content accept + + frontend fe from invalid + mode tcp + bind "fd@${feh10}" +} + +haproxy h14 -conf-OK { + defaults tcp + tcp-response inspect-delay 5s + tcp-response content accept + + backend be from tcp + mode tcp + server www 127.0.0.1:80 +} + +# +# Check arguments resolutions in rules. FE/BE arguments must be resolved, but +# SRV/TAB arguments without an explicit proxy name are not allowed. +# + +haproxy h15 -conf-BAD {} { + defaults invalid + mode http + http-request set-header x-test "%[srv_conn(www)]" + + backend be from invalid + server www 127.0.0.1:80 +} + +haproxy h16 -conf-BAD {} { + defaults invalid + mode http + http-request track-sc0 src + http-request deny deny_status 429 if { sc_http_req_rate(0) gt 20 } + + backend be + stick-table type ip size 100k expire 30s store http_req_rate(10s) + server www 127.0.0.1:80 +} + +haproxy h17 -conf-OK { + defaults common + mode http + + defaults def_front from common + http-request set-header x-test1 "%[fe_conn]" + + defaults def_back from common + http-request track-sc0 src table be + http-request deny deny_status 429 if { sc_http_req_rate(0,be) gt 20 } + http-request set-header x-test2 "%[be_conn]" + http-request set-header x-test3 "%[srv_conn(be/www)]" + + frontend fe from def_front + bind "fd@${feh15}" + default_backend be + + backend be from def_back + stick-table type ip size 100k expire 30s store http_req_rate(10s) + server www 127.0.0.1:80 +} diff --git a/reg-tests/tcp-rules/default_rules.vtc b/reg-tests/tcp-rules/default_rules.vtc new file mode 100644 index 000000000..826a336cb --- /dev/null +++ b/reg-tests/tcp-rules/default_rules.vtc @@ -0,0 +1,62 @@ +varnishtest "Test declaration of TCP rules in default sections" + +#REQUIRE_VERSION=2.5 + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp + expect req.http.x-test1-frt == "def_front" + expect req.http.x-test1-bck == "def_back" +} -start + +haproxy h1 -conf { + defaults common + mode http + timeout connect 1s + timeout client 1s + timeout server 1s + + defaults def_front from common + tcp-request connection accept + tcp-request session accept + tcp-request inspect-delay 5s + tcp-request content set-var(txn.test1) "str(def_front)" + tcp-request content accept + + defaults def_back from common + tcp-request inspect-delay 5s + tcp-request content set-var(txn.test1) "str(def_back)" + tcp-request content accept + + tcp-response inspect-delay 5s + tcp-response content set-var(txn.test2) "str(def_back)" + tcp-response content accept + + frontend fe from def_front + bind "fd@${feh1}" + tcp-request connection reject + tcp-request session reject + tcp-request content reject + + http-request set-header x-test1-frt "%[var(txn.test1)]" + + default_backend be + + backend be from def_back + tcp-response content reject + + http-request set-header x-test1-bck "%[var(txn.test1)]" + http-response set-header x-test2 "%[var(txn.test2)]" + + server s1 ${s1_addr}:${s1_port} + +} -start + +client c1 -connect ${h1_feh1_sock} { + txreq -req GET -url / + rxresp + expect resp.status == 200 + expect resp.http.x-test2 == "def_back" +} -run