From d80a5b10099f365203d33b49f96baca1d3e1bf1c Mon Sep 17 00:00:00 2001 From: John Esmet Date: Thu, 8 Apr 2021 16:11:26 +0000 Subject: [PATCH] (from AES) Fix AuthenticationTestV1 flakes --- cmd/kat-server/services/http.go | 6 ++++-- python/tests/t_extauth.py | 34 ++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/cmd/kat-server/services/http.go b/cmd/kat-server/services/http.go index c57f4680ad..bb8d0ef802 100644 --- a/cmd/kat-server/services/http.go +++ b/cmd/kat-server/services/http.go @@ -147,7 +147,9 @@ func (h *HTTP) handler(w http.ResponseWriter, r *http.Request) { if b, _ := ioutil.ReadAll(r.Body); b != nil { body := string(b) - log.Printf("received body: %s", body) + if len(body) > 0 { + log.Printf("received body: %s", body) + } w.Header()[http.CanonicalHeaderKey("Auth-Request-Body")] = []string{body} } defer r.Body.Close() @@ -219,6 +221,6 @@ func (h *HTTP) handler(w http.ResponseWriter, r *http.Request) { b = []byte(fmt.Sprintf("Error: %v", err)) } - log.Printf("%s (%s): writing response HTTP %v", backend, conntype, statusCode) + log.Printf("%s (%s): \"%s %s\" -> HTTP %v", r.Method, r.URL.Path, backend, conntype, statusCode) w.Write(b) } diff --git a/python/tests/t_extauth.py b/python/tests/t_extauth.py index 5ae89ec08e..0095b58208 100644 --- a/python/tests/t_extauth.py +++ b/python/tests/t_extauth.py @@ -483,41 +483,39 @@ def config(self): def queries(self): # [0] - yield Query(self.url("target/"), headers={"Requested-Status": "401", + yield Query(self.url("target/0"), headers={"Requested-Status": "401", "Baz": "baz", "Request-Header": "Baz"}, expected=401) # [1] - yield Query(self.url("target/"), headers={"requested-status": "302", + yield Query(self.url("target/1"), headers={"requested-status": "302", "location": "foo", "requested-header": "location"}, expected=302) # [2] - yield Query(self.url("target/"), headers={"Requested-Status": "401", + yield Query(self.url("target/2"), headers={"Requested-Status": "401", "X-Foo": "foo", "Requested-Header": "X-Foo"}, expected=401) # [3] - yield Query(self.url("target/"), headers={"Requested-Status": "401", + yield Query(self.url("target/3"), headers={"Requested-Status": "401", "X-Bar": "bar", "Requested-Header": "X-Bar"}, expected=401) # [4] - yield Query(self.url("target/"), headers={"Requested-Status": "200", + yield Query(self.url("target/4"), headers={"Requested-Status": "200", "Authorization": "foo-11111", "Requested-Header": "Authorization"}, expected=200) # [5] - yield Query(self.url("target/"), headers={"X-Forwarded-Proto": "https"}, expected=200) + yield Query(self.url("target/5"), headers={"X-Forwarded-Proto": "https"}, expected=200) # [6] - yield Query(self.url("target/unauthed/"), headers={"Requested-Status": "200"}, expected=200) + yield Query(self.url("target/unauthed/6"), headers={"Requested-Status": "200"}, expected=200) # [7] - yield Query(self.url("target/"), headers={"Requested-Status": "500"}, expected=503) + yield Query(self.url("target/7"), headers={"Requested-Status": "500"}, expected=503) # Create some traffic to make it more likely that both auth services get at least one # request for i in range(20): - yield Query(self.url("target/"), headers={"Requested-Status": "200", - "Authorization": "foo-11111", - "Requested-Header": "Authorization"}) + yield Query(self.url("target/" + str(8 + i)), headers={"Requested-Status": "403"}, expected=403) def check_backend_name(self, result) -> bool: backend_name = result.backend.name @@ -528,9 +526,10 @@ def check_backend_name(self, result) -> bool: return (backend_name == self.auth1.path.k8s) or (backend_name == self.auth2.path.k8s) def check(self): + # [0] Verifies all request headers sent to the authorization server. assert self.check_backend_name(self.results[0]) - assert self.results[0].backend.request.url.path == "/extauth/target/" + assert self.results[0].backend.request.url.path == "/extauth/target/0" assert self.results[0].backend.request.headers["x-forwarded-proto"]== ["http"] assert self.results[0].backend.request.headers["content-length"]== ["0"] assert "x-forwarded-for" in self.results[0].backend.request.headers @@ -609,15 +608,20 @@ def check(self): except ValueError as e: assert False, "could not parse Extauth header '%s': %s" % (eahdr, e) - assert self.backend_counts.get(self.auth1.path.k8s, 0) > 0, "auth1 got no requests" - assert self.backend_counts.get(self.auth2.path.k8s, 0) > 0, "auth2 got no requests" - # [7] Verifies that envoy returns customized status_on_error code. assert self.results[7].status == 503 # TODO(gsagula): Write tests for all UCs which request header headers # are overridden, e.g. Authorization. + for i in range(20): + assert self.check_backend_name(self.results[8+i]) + + print ("auth1 service got %d requests" % self.backend_counts.get(self.auth1.path.k8s, -1)) + print ("auth2 service got %d requests" % self.backend_counts.get(self.auth2.path.k8s, -1)) + assert self.backend_counts.get(self.auth1.path.k8s, 0) > 0, "auth1 got no requests" + assert self.backend_counts.get(self.auth2.path.k8s, 0) > 0, "auth2 got no requests" + class AuthenticationTest(AmbassadorTest): target: ServiceType