AuTest for incoming PROXY Protocol v1

tests/gold_tests/proxy_protocol/gold/test_case_0_stderr.gold

@@ -0,0 +1,11 @@
+``
+> PROXY TCP4 127.0.0.1 127.0.0.1 ``
+> GET /get HTTP/1.1
+> Host: localhost:``
+> User-Agent: curl/``
+``
+< HTTP/1.1 200 OK
+< Server: ATS/``
+< Date: ``
+< Age: ``
+``

tests/gold_tests/proxy_protocol/gold/test_case_0_stdout.gold

@@ -0,0 +1,9 @@
+{
+``
+  "headers": {
+``
+    "Forwarded": "for=127.0.0.1;proto=http",
+``
+  },
+``
+}

tests/gold_tests/proxy_protocol/gold/test_case_1_stderr.gold

@@ -0,0 +1,11 @@
+``
+> PROXY TCP4 127.0.0.1 127.0.0.1 ``
+> GET /get HTTP/1.1
+> Host: localhost:``
+> User-Agent: curl/``
+``
+< HTTP/1.1 200 OK
+< Server: ATS/``
+< Date: ``
+< Age: ``
+``

tests/gold_tests/proxy_protocol/gold/test_case_1_stdout.gold

@@ -0,0 +1,9 @@
+{
+``
+  "headers": {
+``
+    "Forwarded": "for=127.0.0.1;proto=https",
+``
+  },
+``
+}

tests/gold_tests/proxy_protocol/proxy_protocol.test.py

@@ -0,0 +1,91 @@
+'''
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import sys
+
+Test.Summary = 'Test PROXY Protocol'
+Test.SkipUnless(
+    Condition.HasCurlOption("--haproxy-protocol")
+)
+Test.ContinueOnFail = True
+
+
+class ProxyProtocolTest:
+    def __init__(self):
+        self.setupOriginServer()
+        self.setupTS()
+
+    def setupOriginServer(self):
+        self.httpbin = Test.MakeHttpBinServer("httpbin")
+        # TODO: when httpbin 0.8.0 or later is released, remove below json pretty print hack
+        self.json_printer = f'''
+{sys.executable} -c "import sys,json; print(json.dumps(json.load(sys.stdin), indent=2, separators=(',', ': ')))"
+'''
+
+    def setupTS(self):
+        self.ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True, enable_cache=False)
+
+        self.ts.addSSLfile("ssl/server.pem")
+        self.ts.addSSLfile("ssl/server.key")
+        self.ts.Disk.ssl_multicert_config.AddLine("dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key")
+
+        self.ts.Disk.remap_config.AddLine(
+            f"map / http://127.0.0.1:{self.httpbin.Variables.Port}/")
+
+        self.ts.Disk.records_config.update({
+            "proxy.config.http.server_ports": f"{self.ts.Variables.port}:pp {self.ts.Variables.ssl_port}:ssl:pp",
+            "proxy.config.http.proxy_protocol_allowlist": "127.0.0.1",
+            "proxy.config.http.insert_forwarded": "for|proto",
+            "proxy.config.ssl.server.cert.path": f"{self.ts.Variables.SSLDir}",
+            "proxy.config.ssl.server.private_key.path": f"{self.ts.Variables.SSLDir}",
+            "proxy.config.diags.debug.enabled": 1,
+            "proxy.config.diags.debug.tags": "proxyprotocol",
+        })
+
+    def addTestCase0(self):
+        """
+        Incoming PROXY Protocol v1 on TCP port
+        """
+        tr = Test.AddTestRun()
+        tr.Processes.Default.StartBefore(self.httpbin)
+        tr.Processes.Default.StartBefore(self.ts)
+        tr.Processes.Default.Command = f"curl -vs --haproxy-protocol http://localhost:{self.ts.Variables.port}/get | {self.json_printer}"
+        tr.Processes.Default.ReturnCode = 0
+        tr.Processes.Default.Streams.stdout = "gold/test_case_0_stdout.gold"
+        tr.Processes.Default.Streams.stderr = "gold/test_case_0_stderr.gold"
+        tr.StillRunningAfter = self.httpbin
+        tr.StillRunningAfter = self.ts
+
+    def addTestCase1(self):
+        """
+        Incoming PROXY Protocol v1 on SSL port
+        """
+        tr = Test.AddTestRun()
+        tr.Processes.Default.Command = f"curl -vsk --haproxy-protocol --http1.1 https://localhost:{self.ts.Variables.ssl_port}/get | {self.json_printer}"
+        tr.Processes.Default.ReturnCode = 0
+        tr.Processes.Default.Streams.stdout = "gold/test_case_1_stdout.gold"
+        tr.Processes.Default.Streams.stderr = "gold/test_case_1_stderr.gold"
+        tr.StillRunningAfter = self.httpbin
+        tr.StillRunningAfter = self.ts
+
+    def run(self):
+        self.addTestCase0()
+        self.addTestCase1()
+
+
+ProxyProtocolTest().run()

tests/gold_tests/proxy_protocol/ssl/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDWMHOiUF+ORmZjAxI8MWE9dblb7gQSJ36WCXlPFiFx6ynF+S1E
+kXAYpIip5X0pzDUaIbLukxJUAAnOtMEO0PCgxJQUrEtRWh8wiJdbdQJF0Zs/9R+u
+SUgb61f+mdTQvhqefBGx+xrpfAcgtcWiZuSA9Q3fvpDj5WOWSPWXBUuxywIDAQAB
+AoGBAJPxRX2gjFAGWmQbU/YVmXfNH6navh8X/nx9sLeqrpE0AFeJI/ZPiqDKzMal
+B43eSfNxwVi+ZxN0L1ICUbL9KKZvHs/QBxWLA1fGVAXrz7sRplEVvakPpTfHoEnv
+sKaMWVKaK/S5WGbDhElb6zb/Lwo19DsIAPjGYqFvzFJBmobJAkEA9iSeTGkR9X26
+GywZoYrIMlRh34htOIRx1UUq88rFzdrCF21kQ4lhBIkX5OZMMy652i2gyak4OZTe
+YewIv8jw9QJBAN7EQNHG8jPwXfVp91/fqxVQEfumuP2i6uiWWYQgZCmla2+0xcLZ
+pMQ6sQEe10hhTrVnzHgAUVp50Ntn2jwBX78CQF09veGAI9d1Cxzj9cmmAvRd1r2Q
+tp8kPOLnUsALXib+6WtqewLCdcf8DtsdClyRJMIraq85tRzK8fryKNZNzkkCQEgA
+yS7FDj5JgCU15hZgFk1iPx3HCt44jZM2HaL+UUHAzRQjKxTLAl3G1rWVAWLMyQML
+lORoveLvotl4HOruSsMCQQCAx9dV9JUSFoyc1CWILp/FgUH/se4cjQCThGO0DoQQ
+vGTYmntY7j9WRJ9esQrjdD6Clw8zM/45GIBNwnXzqo7Z
+-----END RSA PRIVATE KEY-----

tests/gold_tests/proxy_protocol/ssl/server.pem

@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDWMHOiUF+ORmZjAxI8MWE9dblb7gQSJ36WCXlPFiFx6ynF+S1E
+kXAYpIip5X0pzDUaIbLukxJUAAnOtMEO0PCgxJQUrEtRWh8wiJdbdQJF0Zs/9R+u
+SUgb61f+mdTQvhqefBGx+xrpfAcgtcWiZuSA9Q3fvpDj5WOWSPWXBUuxywIDAQAB
+AoGBAJPxRX2gjFAGWmQbU/YVmXfNH6navh8X/nx9sLeqrpE0AFeJI/ZPiqDKzMal
+B43eSfNxwVi+ZxN0L1ICUbL9KKZvHs/QBxWLA1fGVAXrz7sRplEVvakPpTfHoEnv
+sKaMWVKaK/S5WGbDhElb6zb/Lwo19DsIAPjGYqFvzFJBmobJAkEA9iSeTGkR9X26
+GywZoYrIMlRh34htOIRx1UUq88rFzdrCF21kQ4lhBIkX5OZMMy652i2gyak4OZTe
+YewIv8jw9QJBAN7EQNHG8jPwXfVp91/fqxVQEfumuP2i6uiWWYQgZCmla2+0xcLZ
+pMQ6sQEe10hhTrVnzHgAUVp50Ntn2jwBX78CQF09veGAI9d1Cxzj9cmmAvRd1r2Q
+tp8kPOLnUsALXib+6WtqewLCdcf8DtsdClyRJMIraq85tRzK8fryKNZNzkkCQEgA
+yS7FDj5JgCU15hZgFk1iPx3HCt44jZM2HaL+UUHAzRQjKxTLAl3G1rWVAWLMyQML
+lORoveLvotl4HOruSsMCQQCAx9dV9JUSFoyc1CWILp/FgUH/se4cjQCThGO0DoQQ
+vGTYmntY7j9WRJ9esQrjdD6Clw8zM/45GIBNwnXzqo7Z
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICszCCAhwCCQCl0Y79KkYjpzANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAklMMRIwEAYDVQQHEwlDaGFtcGFpZ24xDjAMBgNVBAoTBVlh
+aG9vMQ0wCwYDVQQLEwRFZGdlMSgwJgYDVQQDEx9qdWljZXByb2R1Y2UuY29ycC5u
+ZTEueWFob28uY29tMSQwIgYJKoZIhvcNAQkBFhVwZXJzaWEuYXppekB5YWhvby5j
+b20wHhcNMTcwODI4MDI1MjI5WhcNMjcwODI2MDI1MjI5WjCBnTELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAklMMRIwEAYDVQQHEwlDaGFtcGFpZ24xDjAMBgNVBAoTBVlh
+aG9vMQ0wCwYDVQQLEwRFZGdlMSgwJgYDVQQDEx9qdWljZXByb2R1Y2UuY29ycC5u
+ZTEueWFob28uY29tMSQwIgYJKoZIhvcNAQkBFhVwZXJzaWEuYXppekB5YWhvby5j
+b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYwc6JQX45GZmMDEjwxYT11
+uVvuBBInfpYJeU8WIXHrKcX5LUSRcBikiKnlfSnMNRohsu6TElQACc60wQ7Q8KDE
+lBSsS1FaHzCIl1t1AkXRmz/1H65JSBvrV/6Z1NC+Gp58EbH7Gul8ByC1xaJm5ID1
+Dd++kOPlY5ZI9ZcFS7HLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASZbz+d+DdI+
+ypesJrlBRosXh0w8sIjkUSSdT/OuKEVzfH/dRcb4VZDW/W2gmm0VEqSN2xYYVpW3
+hUsW2J+kByqFqX6selREwo8ui8kkyBJVo0y/MCrGM0C3qw1cSaiKoa5OqlOyO3hb
+ZC9IIyWmpBxRmJFfIwS6MoTpe0/ZTJQ=
+-----END CERTIFICATE-----