From 219c4b5a5f8b2e23e11059176dc9372aadc7bccb Mon Sep 17 00:00:00 2001 From: bneradt Date: Wed, 17 Feb 2021 23:15:14 +0000 Subject: [PATCH] Convert the inactive_client_timeout test to use Proxy Verifier Convert the current client inactivity timeout test to use Proxy Verifier instead of a combination of curl and nc shell scripts. --- tests/gold_tests/timeout/case-inactive1.sh | 19 -- tests/gold_tests/timeout/case-inactive2.sh | 19 -- tests/gold_tests/timeout/case-inactive3.sh | 19 -- tests/gold_tests/timeout/case-inactive4.sh | 19 -- tests/gold_tests/timeout/case-inactive5.sh | 19 -- tests/gold_tests/timeout/case-inactive6.sh | 19 -- .../timeout/delay-inactive-server.sh | 20 -- .../inactive_client_post_timeout.test.py | 108 ----------- .../timeout/inactive_client_timeout.test.py | 63 +++++++ tests/gold_tests/timeout/slow_server.yaml | 171 ++++++++++++++++++ 10 files changed, 234 insertions(+), 242 deletions(-) delete mode 100644 tests/gold_tests/timeout/case-inactive1.sh delete mode 100644 tests/gold_tests/timeout/case-inactive2.sh delete mode 100644 tests/gold_tests/timeout/case-inactive3.sh delete mode 100644 tests/gold_tests/timeout/case-inactive4.sh delete mode 100644 tests/gold_tests/timeout/case-inactive5.sh delete mode 100644 tests/gold_tests/timeout/case-inactive6.sh delete mode 100644 tests/gold_tests/timeout/delay-inactive-server.sh delete mode 100644 tests/gold_tests/timeout/inactive_client_post_timeout.test.py create mode 100644 tests/gold_tests/timeout/inactive_client_timeout.test.py create mode 100644 tests/gold_tests/timeout/slow_server.yaml diff --git a/tests/gold_tests/timeout/case-inactive1.sh b/tests/gold_tests/timeout/case-inactive1.sh deleted file mode 100644 index ecee593d737..00000000000 --- a/tests/gold_tests/timeout/case-inactive1.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -i http://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/case-inactive2.sh b/tests/gold_tests/timeout/case-inactive2.sh deleted file mode 100644 index d172741ceb7..00000000000 --- a/tests/gold_tests/timeout/case-inactive2.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -k -i --http1.1 https://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/case-inactive3.sh b/tests/gold_tests/timeout/case-inactive3.sh deleted file mode 100644 index 9e6ad9d43d6..00000000000 --- a/tests/gold_tests/timeout/case-inactive3.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -k -i --http2 https://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/case-inactive4.sh b/tests/gold_tests/timeout/case-inactive4.sh deleted file mode 100644 index d434d9a577f..00000000000 --- a/tests/gold_tests/timeout/case-inactive4.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -d "post body" -k -i --http2 https://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/case-inactive5.sh b/tests/gold_tests/timeout/case-inactive5.sh deleted file mode 100644 index 79134361b05..00000000000 --- a/tests/gold_tests/timeout/case-inactive5.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -d "post body" -i http://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/case-inactive6.sh b/tests/gold_tests/timeout/case-inactive6.sh deleted file mode 100644 index 9fba54f0c42..00000000000 --- a/tests/gold_tests/timeout/case-inactive6.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nc -4 -l ${2} -c "sh ./delay-inactive-server.sh" & -sleep 1 -curl -d "post body" -k -i --http1.1 https://127.0.0.1:${1}/${3} diff --git a/tests/gold_tests/timeout/delay-inactive-server.sh b/tests/gold_tests/timeout/delay-inactive-server.sh deleted file mode 100644 index c76df43b852..00000000000 --- a/tests/gold_tests/timeout/delay-inactive-server.sh +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -sleep 4 -printf "HTTP/1.1 200\r\nTransfer-encoding: chunked\r\n\r\n" -printf "F\r\n123456789012345\r\n" -printf "0\r\n\r\n" diff --git a/tests/gold_tests/timeout/inactive_client_post_timeout.test.py b/tests/gold_tests/timeout/inactive_client_post_timeout.test.py deleted file mode 100644 index 9bf7c8f1311..00000000000 --- a/tests/gold_tests/timeout/inactive_client_post_timeout.test.py +++ /dev/null @@ -1,108 +0,0 @@ -''' -''' -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -Test.Summary = 'Testing ATS client inactivity timeout' - -Test.SkipUnless( - Condition.HasCurlFeature('http2') -) - -ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True) - -Test.ContinueOnFail = True - -Test.GetTcpPort("upstream_port1") -Test.GetTcpPort("upstream_port2") -Test.GetTcpPort("upstream_port3") -Test.GetTcpPort("upstream_port4") -Test.GetTcpPort("upstream_port5") -Test.GetTcpPort("upstream_port6") - -ts.addSSLfile("../tls/ssl/server.pem") -ts.addSSLfile("../tls/ssl/server.key") - -ts.Disk.records_config.update({ - 'proxy.config.diags.debug.enabled': 1, - 'proxy.config.diags.debug.tags': 'http', - 'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir), - 'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir), - 'proxy.config.url_remap.remap_required': 1, - 'proxy.config.http.transaction_no_activity_timeout_in': 2, -}) - -ts.Disk.remap_config.AddLines([ - 'map /case1 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port1), - 'map /case2 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port2), - 'map /case3 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port3), - 'map /case4 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port4), - 'map /case5 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port5), - 'map /case6 http://127.0.0.1:{0}'.format(Test.Variables.upstream_port6), -]) - -ts.Disk.ssl_multicert_config.AddLine( - 'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key' -) - -# Using netcat with explicit delays instead of the delay option with microserver because it appears -# that microserver will not delay responses to POST requests -# The delay-inactive-server.sh will deplay for 4 seconds before returning a response. This is more -# than the 2 second proxy.config.http.transaction_no_activity_timeout_in -# These tests exercise that the client inactivity timeout is disabled after the request and post body -# are sent. So a slow to respond server will not trigger the client inactivity timeout. - -tr4 = Test.AddTestRun("tr") -tr4.Processes.Default.StartBefore(ts, ready=When.PortOpen(ts.Variables.ssl_port)) -tr4.Setup.Copy('delay-inactive-server.sh') -tr4.Setup.Copy('case-inactive4.sh') -tr4.Processes.Default.ReturnCode = 0 -tr4.Processes.Default.Command = 'sh -x ./case-inactive4.sh {0} {1} case4'.format( - ts.Variables.ssl_port, Test.Variables.upstream_port4) -tr4.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/2 200", "Should get successful response") - -tr = Test.AddTestRun("tr") -tr.Setup.Copy('case-inactive1.sh') -tr.Processes.Default.Command = 'sh -x ./case-inactive1.sh {0} {1} case1'.format(ts.Variables.port, Test.Variables.upstream_port1) -tr.Processes.Default.Streams.stdout = Testers.ContainsExpression( - "HTTP/1.1 200", "Client inactivity should not trigger during server stall") - -tr2 = Test.AddTestRun("tr") -tr2.Setup.Copy('case-inactive2.sh') -tr2.Processes.Default.Command = 'sh -x ./case-inactive2.sh {0} {1} case2'.format( - ts.Variables.ssl_port, Test.Variables.upstream_port2) -tr2.Processes.Default.Streams.stdout = Testers.ContainsExpression( - "HTTP/1.1 200", "Client inactivity should not trigger during server stall") - -tr3 = Test.AddTestRun("tr") -tr3.Setup.Copy('case-inactive3.sh') -tr3.Processes.Default.Command = 'sh -x ./case-inactive3.sh {0} {1} case3'.format( - ts.Variables.ssl_port, Test.Variables.upstream_port3) -tr3.Processes.Default.Streams.stdout = Testers.ContainsExpression( - "HTTP/2 200", "Client inactivity should not trigger during server stall") - -tr5 = Test.AddTestRun("tr") -tr5.Setup.Copy('case-inactive5.sh') -tr5.Processes.Default.Command = 'sh -x ./case-inactive5.sh {0} {1} case5'.format(ts.Variables.port, Test.Variables.upstream_port5) -tr5.Processes.Default.Streams.stdout = Testers.ContainsExpression( - "HTTP/1.1 200", "Client inactivity timeout should not apply during server stall") - -tr6 = Test.AddTestRun("tr") -tr6.Setup.Copy('case-inactive6.sh') -tr6.Processes.Default.Command = 'sh -x ./case-inactive6.sh {0} {1} case6'.format( - ts.Variables.ssl_port, Test.Variables.upstream_port6) -tr6.Processes.Default.Streams.stdout = Testers.ContainsExpression( - "HTTP/1.1 200", "Client inactivity timeout should not apply during server stall") diff --git a/tests/gold_tests/timeout/inactive_client_timeout.test.py b/tests/gold_tests/timeout/inactive_client_timeout.test.py new file mode 100644 index 00000000000..0a22a186113 --- /dev/null +++ b/tests/gold_tests/timeout/inactive_client_timeout.test.py @@ -0,0 +1,63 @@ +''' +''' +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Test.Summary = 'Testing ATS client inactivity timeout' + +ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True) +replay_file = "slow_server.yaml" +server = Test.MakeVerifierServerProcess("server", replay_file) + +Test.ContinueOnFail = True + +ts.addSSLfile("../tls/ssl/server.pem") +ts.addSSLfile("../tls/ssl/server.key") + +ts.Disk.records_config.update({ + 'proxy.config.diags.debug.enabled': 1, + 'proxy.config.diags.debug.tags': 'http', + 'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir), + 'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir), + 'proxy.config.url_remap.remap_required': 1, + 'proxy.config.http.transaction_no_activity_timeout_in': 2, +}) + +ts.Disk.remap_config.AddLines([ + 'map https://www.tls.com/ https://127.0.0.1:{0}'.format(server.Variables.https_port), + 'map / http://127.0.0.1:{0}'.format(server.Variables.http_port), +]) + +ts.Disk.ssl_multicert_config.AddLine( + 'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key' +) + +# +# Test 1: Verify that server delay does not trigger client activity timeout. +# + +# The Proxy Verifier server will delay for 3 seconds before returning a response. This is more than +# the 2 second proxy.config.http.transaction_no_activity_timeout_in (the client inactivity timeout), +# but less than the default 30 second proxy.config.http.transaction_no_activity_timeout_out (server +# inactivity timeout). These tests therefore exercise that the client inactivity timeout does not +# get applied after the request is sent. In other words, a slow to respond server should not +# trigger the client inactivity timeout. +tr = Test.AddTestRun("Verify that server delay does not trigger client activity timeout.") +tr.AddVerifierClientProcess( + "client", replay_file, http_ports=[ts.Variables.port], + https_ports=[ts.Variables.ssl_port]) +tr.Processes.Default.StartBefore(ts) +tr.Processes.Default.StartBefore(server) diff --git a/tests/gold_tests/timeout/slow_server.yaml b/tests/gold_tests/timeout/slow_server.yaml new file mode 100644 index 00000000000..7a1aeb17244 --- /dev/null +++ b/tests/gold_tests/timeout/slow_server.yaml @@ -0,0 +1,171 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This replay file assumes that caching is enabled and +# proxy.config.http.cache.ignore_client_cc_max_age is set to 0 so that we can +# test max-age in the client requests. +# + +meta: + version: "1.0" + + blocks: + - delayed_response: &delayed_response + server-response: + delay: 3s + + status: 200 + reason: OK + headers: + fields: + - [ Content-Length, 16 ] + - [ Connection, close ] + +sessions: + +# +# An HTTP GET request. +# +- transactions: + - client-request: + method: "GET" + version: "1.1" + url: "/path/1" + headers: + fields: + - [ Host, www.no_tls.com ] + - [ uuid, 1 ] + + <<: *delayed_response + + proxy-response: + status: 200 + +# +# An HTTP POST request. +# +- transactions: + - client-request: + method: "POST" + version: "1.1" + url: "/path/2" + headers: + fields: + - [ Host, www.no_tls.com ] + - [ Content-Length, 10 ] + - [ uuid, 2 ] + + <<: *delayed_response + + proxy-response: + status: 200 + + +# +# An HTTPS GET request. +# +- protocol: [ {name: tls}, + {name: tcp}, + {name: ip} ] + + transactions: + - client-request: + method: "GET" + version: "1.1" + url: "/path/3" + headers: + fields: + - [ Host, www.tls.com ] + - [ uuid, 3 ] + + <<: *delayed_response + + proxy-response: + status: 200 + +# +# An HTTPS POST request. +# +- protocol: [ {name: tls}, + {name: tcp}, + {name: ip} ] + + transactions: + - client-request: + method: "POST" + version: "1.1" + url: "/path/4" + headers: + fields: + - [ Host, www.tls.com ] + - [ Content-Length, 10 ] + - [ uuid, 4 ] + + <<: *delayed_response + + proxy-response: + status: 200 + +# +# An HTTP/2 GET request. +# +- protocol: [ {name: http, version: 2}, + {name: tls}, + {name: tcp}, + {name: ip} ] + + transactions: + + - client-request: + headers: + fields: + - [ :method, GET ] + - [ :scheme, https ] + - [ :authority, www.tls.com ] + - [ :path, '/path/5' ] + - [ uuid, 5 ] + + <<: *delayed_response + + proxy-response: + status: 200 + +# +# An HTTP/2 POST request. +# +- protocol: [ {name: http, version: 2}, + {name: tls}, + {name: tcp}, + {name: ip} ] + + transactions: + + - client-request: + headers: + fields: + - [ :method, POST ] + - [ :scheme, https ] + - [ :authority, www.tls.com ] + - [ :path, '/path/6' ] + - [ uuid, 6 ] + content: + size: 10 + + <<: *delayed_response + + proxy-response: + status: 200