def requirements(self):
# We're replacing super()'s requirements deliberately here. Without a Host header they can't work.
yield ("url", Query(self.url("ambassador/v0/check_ready"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True))
yield ("url", Query(self.url("ambassador/v0/check_alive"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True))
yield ("url", Query(self.url("ambassador/v0/check_ready"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True))
yield ("url", Query(self.url("ambassador/v0/check_alive"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True))
def queries(self):
for i in range(100):
yield Query(self.parent.url("%s/mark/%d" % (self.name, i % 10)))
yield Query(self.parent.url("%s/check/" % self.name), phase=2)
def queries(self):
for q in self.parent.queries():
yield Query(q.url) # redundant with parent
yield Query(q.url, headers={"Origin": "https://www.test-cors.org"})
def queries(self):
yield Query(self.url("server-name/"), expected=301)
def queries(self):
yield Query(self.url("findme/"))
yield Query(self.url("findme-array/"))
yield Query(self.url("findme-array2/"))
yield Query(self.url("missme/"), expected=404)
yield Query(self.url("missme-array/"), expected=404)
def requirements(self):
yield ("url", Query("http://%s" % self.path.fqdn))
yield ("url", Query("https://%s" % self.path.fqdn))
def queries(self):
yield Query(self.parent.url(self.name + "/"))
yield Query(self.parent.url(self.name + "/"),
headers={"X-Route": "target2"})
def queries(self):
yield Query(self.parent.url("edge_stack/admin/"), expected=200)
yield Query(self.parent.url(self.name + "/"), expected=200)
def requirements(self):
yield from super().requirements()
yield ("url", Query("http://shadow.plain-namespace/clear/"))
def queries(self):
# Expect that requests with escaped slashes are rejected by Envoy. We know this is rejected
# by envoy because in a previous test, without the reject_requests_with_escaped_slashes,
# this same request got status 404.
yield Query(self.url(self.name + "/status/%2F200"), expected=400)
def queries(self):
yield Query(self.parent.url(self.name + "/"), expected=404)
yield Query(self.parent.url(self.name + "/", scheme="ws"),
messages=["one", "two", "three"])
def queries(self):
# Sanity test that escaped slashes are not rejected by default. The upstream
# httpbin server doesn't know what to do with this request, though, so expect
# a 404. In another test, we'll expect HTTP 400 with reject_requests_with_escaped_slashes
yield Query(self.url(self.name + "/status/%2F200"), expected=404)
def queries(self):
yield Query(self.url("ambassador/v0/diag/?json=true"))
def queries(self):
yield Query(self.url("target/"), insecure=True)
yield Query(self.url("target/", scheme="http"), expected=301)
def requirements(self):
yield ("url", Query(self.url("ambassador/v0/check_ready")))
yield ("url", Query(self.url("ambassador/v0/check_alive")))
def queries(self):
yield Query(self.parent.url(self.name + "/"))
yield Query(self.parent.url(f'need-normalization/../{self.name}/'))
yield Query(self.parent.url(self.name + "-nested/"))
yield Query(self.parent.url(self.name + "-non-existent/"),
expected=404)
def requirements(self):
if self.use_superpod:
yield from ()
yield ("url", Query("http://%s" % self.path.fqdn))
yield ("url", Query("https://%s" % self.path.fqdn))
def queries(self):
yield Query(self.url(self.name + "-1/"))
yield Query(self.url(self.name + "-2/"))
def queries(self):
# [0]
yield Query(self.url("target/"), headers={"Requested-Status": "200"}, expected=200)
# [1]
yield Query(self.url("target/"), headers={"Requested-Status": "503"}, expected=503)
def queries(self):
yield Query(self.parent.url(self.name + "/"))
def requirements(self):
yield ("url", Query("http://%s/ambassador/check/" % self.path.fqdn))
def queries(self):
for i in range(100):
yield Query(self.parent.url(self.name + "/"))
def queries(self):
yield Query(self.url("ambassador/v0/diag/?json=true&filter=errors"),
phase=2)
def queries(self):
yield Query(
self.parent.url(self.name) +
"/response-headers?zoo=Zoo&test=Test&koo=Koot")
def requirements(self):
yield from super().requirements()
yield ("url", Query("http://shadow/clear/"))
def queries(self):
yield Query(self.parent.url(self.name + "/"))
yield Query(self.parent.url(f'need-normalization/../{self.name}/'))
def queries(self):
yield Query(self.url(""), expected=404)
yield Query(self.url(""), headers={'Host': 'random.host.whatever'}, expected=404)
yield Query(self.url(""), headers={'Host': 'helloworld-go.default.example.com'}, expected=200)
def queries(self):
yield Query(self.url("config_dump"), phase=2)
def queries(self):
for q in self.parent.queries():
idx = q.url.find("/", q.url.find("://") + 3)
upped = q.url[:idx] + q.url[idx:].upper()
assert upped != q.url
yield Query(upped)
def queries(self):
# 0: Get some info from diagd for self.check() to inspect
yield Query(self.url("ambassador/v0/diag/?json=true&filter=errors"),
headers={"Host": "tls-context-host-1" },
insecure=True,
sni=True)
# 1-5: Host #1 - TLS
yield Query(self.url("target-1/", scheme="https"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True,
expected=200)
yield Query(self.url("target-2/", scheme="https"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-3/", scheme="https"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-shared/", scheme="https"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True,
expected=200)
yield Query(self.url(".well-known/acme-challenge/foo", scheme="https"), headers={"Host": "tls-context-host-1"}, insecure=True, sni=True,
expected=404)
# 6-10: Host #1 - cleartext (action: Route)
yield Query(self.url("target-1/", scheme="http"), headers={"Host": "tls-context-host-1"},
expected=200)
yield Query(self.url("target-2/", scheme="http"), headers={"Host": "tls-context-host-1"},
expected=404)
yield Query(self.url("target-3/", scheme="http"), headers={"Host": "tls-context-host-1"},
expected=404)
yield Query(self.url("target-shared/", scheme="http"), headers={"Host": "tls-context-host-1"},
expected=200)
yield Query(self.url(".well-known/acme-challenge/foo", scheme="http"), headers={"Host": "tls-context-host-1"},
expected=404)
# 11-15: Host #2 - TLS
yield Query(self.url("target-1/", scheme="https"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-2/", scheme="https"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True,
expected=200)
yield Query(self.url("target-3/", scheme="https"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-shared/", scheme="https"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True,
expected=200)
yield Query(self.url(".well-known/acme-challenge/foo", scheme="https"), headers={"Host": "tls-context-host-2"}, insecure=True, sni=True,
expected=404)
# 16-20: Host #2 - cleartext (action: Redirect)
yield Query(self.url("target-1/", scheme="http"), headers={"Host": "tls-context-host-2"},
expected=(404 if bug_single_insecure_action else 301))
yield Query(self.url("target-2/", scheme="http"), headers={"Host": "tls-context-host-2"},
expected=(200 if bug_single_insecure_action else 301))
yield Query(self.url("target-3/", scheme="http"), headers={"Host": "tls-context-host-2"},
expected=(404 if bug_single_insecure_action else 301))
yield Query(self.url("target-shared/", scheme="http"), headers={"Host": "tls-context-host-2"},
expected=(200 if bug_single_insecure_action else 301))
yield Query(self.url(".well-known/acme-challenge/foo", scheme="http"), headers={"Host": "tls-context-host-2"},
expected=404)
# 21-25: Host #3 - TLS
yield Query(self.url("target-1/", scheme="https"), headers={"Host": "ambassador.example.com"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-2/", scheme="https"), headers={"Host": "ambassador.example.com"}, insecure=True, sni=True,
expected=404)
yield Query(self.url("target-3/", scheme="https"), headers={"Host": "ambassador.example.com"}, insecure=True, sni=True,
expected=200)
yield Query(self.url("target-shared/", scheme="https"), headers={"Host": "ambassador.example.com"}, insecure=True, sni=True,
expected=200)
yield Query(self.url(".well-known/acme-challenge/foo", scheme="https"), headers={"Host": "ambassador.example.com"}, insecure=True, sni=True,
expected=200)
# 26-30: Host #3 - cleartext (action: Reject)
yield Query(self.url("target-1/", scheme="http"), headers={"Host": "ambassador.example.com"},
expected=404)
yield Query(self.url("target-2/", scheme="http"), headers={"Host": "ambassador.example.com"},
expected=404)
yield Query(self.url("target-3/", scheme="http"), headers={"Host": "ambassador.example.com"},
expected=(200 if bug_single_insecure_action else 404))
yield Query(self.url("target-shared/", scheme="http"), headers={"Host": "ambassador.example.com"},
expected=(200 if bug_single_insecure_action else 404))
yield Query(self.url(".well-known/acme-challenge/foo", scheme="http"), headers={"Host": "ambassador.example.com"},
expected=200)