Source file src/github.com/linkerd/linkerd2/test/integration/deep/opaqueports/assertions.go

Documentation: github.com/linkerd/linkerd2/test/integration/deep/opaqueports

     1  package opaqueports
     2  
     3  import (
     4  	"fmt"
     5  	"regexp"
     6  
     7  	"github.com/linkerd/linkerd2/testutil/prommatch"
     8  )
     9  
    10  var (
    11  	authorityRE = regexp.MustCompile(`[a-zA-Z\-]+\.[a-zA-Z\-]+\.svc\.cluster\.local:[0-9]+`)
    12  )
    13  
    14  // hasNoOutboundHTTPRequest returns error if there is any
    15  // series matching request_total{direction="outbound"}
    16  func hasNoOutboundHTTPRequest(metrics, ns string) error {
    17  	m := prommatch.NewMatcher("request_total",
    18  		prommatch.Labels{
    19  			"direction": prommatch.Equals("outbound"),
    20  		})
    21  	ok, err := m.HasMatchInString(metrics)
    22  	if err != nil {
    23  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
    24  	}
    25  	if ok {
    26  		return fmt.Errorf("expected not to find HTTP outbound requests \n%s", metrics)
    27  	}
    28  	return nil
    29  }
    30  
    31  // hasOutboundHTTPRequestWithTLS checks there is a series matching:
    32  //
    33  //	request_total{
    34  //	  direction="outbound",
    35  //	  target_addr=~"[0-9\.]+:[0-9]+",
    36  //	  target_ip=~"[0-9.]+",
    37  //	  tls="true",
    38  //	  dst_namespace="default.${ns}.serviceaccount.identity.linkerd.cluster.local",
    39  //	  dst_serviceaccount="default"
    40  //	}
    41  func hasOutboundHTTPRequestWithTLS(metrics, ns string) error {
    42  	m := prommatch.NewMatcher("request_total",
    43  		prommatch.Labels{
    44  			"direction":          prommatch.Equals("outbound"),
    45  			"tls":                prommatch.Equals("true"),
    46  			"server_id":          prommatch.Equals(fmt.Sprintf("default.%s.serviceaccount.identity.linkerd.cluster.local", ns)),
    47  			"dst_namespace":      prommatch.Equals(ns),
    48  			"dst_serviceaccount": prommatch.Equals("default"),
    49  		},
    50  		prommatch.TargetAddrLabels(),
    51  		prommatch.HasPositiveValue())
    52  	ok, err := m.HasMatchInString(metrics)
    53  	if err != nil {
    54  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
    55  	}
    56  	if !ok {
    57  		return fmt.Errorf("expected to find HTTP TLS outbound requests \n%s", metrics)
    58  	}
    59  	return nil
    60  }
    61  
    62  // hasOutboundHTTPRequestNoTLS checks there is a series matching:
    63  //
    64  //	request_total{
    65  //	  direction="outbound",
    66  //	  target_addr=~"[0-9\.]+:[0-9]+",
    67  //	  target_ip=~"[0-9.]+",
    68  //	  tls="no_identity",
    69  //	  no_tls_reason="not_provided_by_service_discovery",
    70  //	  dst_namespace="default.${ns}.serviceaccount.identity.linkerd.cluster.local",
    71  //	  dst_serviceaccount="default"
    72  //	}
    73  func hasOutboundHTTPRequestNoTLS(metrics, ns string) error {
    74  	m := prommatch.NewMatcher("request_total",
    75  		prommatch.Labels{
    76  			"direction":          prommatch.Equals("outbound"),
    77  			"tls":                prommatch.Equals("no_identity"),
    78  			"no_tls_reason":      prommatch.Equals("not_provided_by_service_discovery"),
    79  			"dst_namespace":      prommatch.Equals(ns),
    80  			"dst_serviceaccount": prommatch.Equals("default"),
    81  		},
    82  		prommatch.TargetAddrLabels(),
    83  		prommatch.HasPositiveValue())
    84  	ok, err := m.HasMatchInString(metrics)
    85  	if err != nil {
    86  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
    87  	}
    88  	if !ok {
    89  		return fmt.Errorf("expected to find HTTP non-TLS outbound requests\n%s", metrics)
    90  	}
    91  	return nil
    92  }
    93  
    94  // hasInboundTCPTrafficWithTLS checks there is a series matching:
    95  //
    96  //	tcp_open_total{
    97  //	  direction="inbound",
    98  //	  peer="src",
    99  //	  tls="true",
   100  //	  client_id="default.${ns}.serviceaccount.identity.linkerd.cluster.local",
   101  //	  srv_kind="default",
   102  //	  srv_name="all-unauthenticated",
   103  //	  target_addr=~"[0-9\.]+:[0-9]+",
   104  //	  target_ip=~"[0-9\.]+"
   105  //	}
   106  func hasInboundTCPTrafficWithTLS(metrics, ns string) error {
   107  	m := prommatch.NewMatcher(
   108  		"tcp_open_total",
   109  		prommatch.Labels{
   110  			"direction": prommatch.Equals("inbound"),
   111  			"peer":      prommatch.Equals("src"),
   112  			"tls":       prommatch.Equals("true"),
   113  			"client_id": prommatch.Equals(fmt.Sprintf("default.%s.serviceaccount.identity.linkerd.cluster.local", ns)),
   114  			"srv_kind":  prommatch.Equals("default"),
   115  			"srv_name":  prommatch.Equals("all-unauthenticated"),
   116  		},
   117  		prommatch.TargetAddrLabels(),
   118  		prommatch.HasPositiveValue(),
   119  	)
   120  	ok, err := m.HasMatchInString(metrics)
   121  	if err != nil {
   122  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
   123  	}
   124  	if !ok {
   125  		return fmt.Errorf("failed to find expected metric for inbound TLS TCP traffic\n%s", metrics)
   126  	}
   127  	return nil
   128  }
   129  
   130  // hasOutboundTCPWithAuthorityAndNoTLS checks there is a series matching:
   131  //
   132  //	tcp_open_total{
   133  //	  direction="outbound",
   134  //	  peer="dst",
   135  //	  tls="no_identity",
   136  //	  no_tls_reason="not_provided_by_service_discovery",
   137  //	  authority=~"[a-zA-Z\-]+\.[a-zA-Z\-]+\.svc\.cluster\.local:[0-9]+"
   138  //	}
   139  func hasOutboundTCPWithAuthorityAndNoTLS(metrics, ns string) error {
   140  	m := prommatch.NewMatcher("tcp_open_total",
   141  		prommatch.Labels{
   142  			"direction":     prommatch.Equals("outbound"),
   143  			"peer":          prommatch.Equals("dst"),
   144  			"tls":           prommatch.Equals("no_identity"),
   145  			"no_tls_reason": prommatch.Equals("not_provided_by_service_discovery"),
   146  			"authority":     prommatch.Like(authorityRE),
   147  		},
   148  		prommatch.HasPositiveValue())
   149  	ok, err := m.HasMatchInString(metrics)
   150  	if err != nil {
   151  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
   152  	}
   153  	if !ok {
   154  		return fmt.Errorf("failed to find expected metric for outbound non-TLS TCP traffic\n%s", metrics)
   155  	}
   156  	return nil
   157  }
   158  
   159  // hasOutboundTCPWithNoTLSAndNoAuthority checks there is a series matching:
   160  //
   161  //	tcp_open_total{
   162  //	  direction="outbound",
   163  //	  peer="dst",
   164  //	  tls="no_identity",
   165  //	  no_tls_reason="not_provided_by_service_discovery",
   166  //	  authority=""
   167  //	}
   168  func hasOutboundTCPWithNoTLSAndNoAuthority(metrics, ns string) error {
   169  	m := prommatch.NewMatcher("tcp_open_total",
   170  		prommatch.Labels{
   171  			"direction":     prommatch.Equals("outbound"),
   172  			"peer":          prommatch.Equals("dst"),
   173  			"tls":           prommatch.Equals("no_identity"),
   174  			"no_tls_reason": prommatch.Equals("not_provided_by_service_discovery"),
   175  			"authority":     prommatch.Absent(),
   176  		})
   177  	ok, err := m.HasMatchInString(metrics)
   178  	if err != nil {
   179  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
   180  	}
   181  	if !ok {
   182  		return fmt.Errorf("failed to find expected metric for outbound non-TLS TCP traffic\n%s", metrics)
   183  	}
   184  	return nil
   185  }
   186  
   187  // hasOutboundTCPWithTLSAndAuthority checks there is a series matching:
   188  //
   189  //	tcp_open_total{
   190  //	  direction="outbound",
   191  //	  peer="dst",
   192  //	  tls="true",
   193  //	  target_addr=~"[0-9\.]+:[0-9]+",
   194  //	  authority=~"[a-zA-Z\-]+\.[a-zA-Z\-]+\.svc\.cluster\.local:[0-9]+"
   195  //	}
   196  func hasOutboundTCPWithTLSAndAuthority(metrics, ns string) error {
   197  	m := prommatch.NewMatcher("tcp_open_total",
   198  		prommatch.Labels{
   199  			"direction": prommatch.Equals("outbound"),
   200  			"peer":      prommatch.Equals("dst"),
   201  			"tls":       prommatch.Equals("true"),
   202  			"authority": prommatch.Like(authorityRE),
   203  		},
   204  		prommatch.TargetAddrLabels(),
   205  		prommatch.HasPositiveValue())
   206  	ok, err := m.HasMatchInString(metrics)
   207  	if err != nil {
   208  		return fmt.Errorf("failed to run a check against the provided metrics: %w", err)
   209  	}
   210  	if !ok {
   211  		return fmt.Errorf("failed to find expected metric for outbound TLS TCP traffic\n%s", metrics)
   212  	}
   213  	return nil
   214  }
   215  
   216  // hasOutboundTCPWithTLSAndNoAuthority checks there is a series matching:
   217  //
   218  //	tcp_open_total{
   219  //	  direction="outbound",
   220  //	  peer="dst",
   221  //	  tls="true",
   222  //	  target_addr=~"[0-9\.]+:[0-9]+",
   223  //	  authority=""
   224  //	}
   225  func hasOutboundTCPWithTLSAndNoAuthority(metrics, ns string) error {
   226  	m := prommatch.NewMatcher("tcp_open_total",
   227  		prommatch.Labels{
   228  			"direction": prommatch.Equals("outbound"),
   229  			"peer":      prommatch.Equals("dst"),
   230  			"tls":       prommatch.Equals("true"),
   231  			"authority": prommatch.Absent(),
   232  		},
   233  		prommatch.TargetAddrLabels(),
   234  		prommatch.HasPositiveValue())
   235  	ok, err := m.HasMatchInString(metrics)
   236  	if err != nil {
   237  		return fmt.Errorf("failed to run a check of against the provided metrics: %w", err)
   238  	}
   239  	if !ok {
   240  		return fmt.Errorf("failed to find expected metric for outbound TLS TCP traffic\n%s", metrics)
   241  	}
   242  	return nil
   243  }
   244  

View as plain text