From c77f9e4f9ecc96a7dee82f57cb2d8b6673d5c3c5 Mon Sep 17 00:00:00 2001 From: Sean Sullivan Date: Wed, 29 Jan 2025 03:56:55 +0000 Subject: [PATCH] Websocket HTTPS proxy support Kubernetes-commit: f73945aae56b51078318199ff2f0ecae91bc489e --- go.mod | 11 +- go.sum | 19 ++-- tools/remotecommand/fallback_test.go | 44 ++++---- tools/remotecommand/websocket_test.go | 139 ++++++++++++++++++++------ 4 files changed, 149 insertions(+), 64 deletions(-) diff --git a/go.mod b/go.mod index d2b11571..aa92a25e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/google/gnostic-models v0.6.9 github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 - github.com/gorilla/websocket v1.5.3 + github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/peterbourgon/diskv v2.0.1+incompatible @@ -25,8 +25,8 @@ require ( golang.org/x/time v0.9.0 google.golang.org/protobuf v1.36.5 gopkg.in/evanphx/json-patch.v4 v4.12.0 - k8s.io/api v0.0.0-20250320031247-741ca7705f8e - k8s.io/apimachinery v0.0.0-20250319092800-e8a77bd768fd + k8s.io/api v0.0.0 + k8s.io/apimachinery v0.0.0 k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 @@ -62,3 +62,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace ( + k8s.io/api => ../api + k8s.io/apimachinery => ../apimachinery +) diff --git a/go.sum b/go.sum index f2635eb2..ad2e7b58 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,8 @@ +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -22,6 +25,7 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= @@ -34,10 +38,11 @@ github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgY github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= -github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -93,13 +98,16 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -111,11 +119,13 @@ golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -146,10 +156,7 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.0.0-20250320031247-741ca7705f8e h1:O3P0nY3fp1Hj0yurtChVY3bTcCVY0QVwgtEVjCxZu9E= -k8s.io/api v0.0.0-20250320031247-741ca7705f8e/go.mod h1:JO0tyTI0qSXXaGVhLdqwfi3RMbS2g9hcYvzBmZP5wVk= -k8s.io/apimachinery v0.0.0-20250319092800-e8a77bd768fd h1:KoXgjwEokLM8o95kMxowg5vp5iQ4v46Kk+zobsqeTgU= -k8s.io/apimachinery v0.0.0-20250319092800-e8a77bd768fd/go.mod h1:D2UW665TVSpInyOuG6C+PMtC1MZheP0KQz65UPQEiI4= +k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= diff --git a/tools/remotecommand/fallback_test.go b/tools/remotecommand/fallback_test.go index 6991bcd6..0cd77514 100644 --- a/tools/remotecommand/fallback_test.go +++ b/tools/remotecommand/fallback_test.go @@ -288,7 +288,7 @@ KR8NJEkK99Vh/tew6jAMll70xFrE7aF8VLXJVE7w4sQzuvHxl9Q= `) // See (https://github.com/kubernetes/kubernetes/issues/126134). -func TestFallbackClient_WebSocketHTTPSProxyCausesSPDYFallback(t *testing.T) { +func TestFallbackClient_WebSocketHTTPSProxyNoFallback(t *testing.T) { cert, err := tls.X509KeyPair(localhostCert, localhostKey) if err != nil { t.Errorf("https (valid hostname): proxy_test: %v", err) @@ -309,42 +309,40 @@ func TestFallbackClient_WebSocketHTTPSProxyCausesSPDYFallback(t *testing.T) { proxyLocation, err := url.Parse(proxyServer.URL) require.NoError(t, err) - // Create fake SPDY server. Copy received STDIN data back onto STDOUT stream. - spdyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - var stdin, stdout bytes.Buffer - ctx, err := createHTTPStreams(w, req, &StreamOptions{ - Stdin: &stdin, - Stdout: &stdout, - }) + // Create fake WebSocket server. Copy received STDIN data back onto STDOUT stream. + websocketServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + conns, err := webSocketServerStreams(req, w, streamOptionsFromRequest(req)) if err != nil { w.WriteHeader(http.StatusForbidden) return } - defer ctx.conn.Close() //nolint:errcheck - _, err = io.Copy(ctx.stdoutStream, ctx.stdinStream) + defer conns.conn.Close() //nolint:errcheck + // Loopback the STDIN stream onto the STDOUT stream. + _, err = io.Copy(conns.stdoutStream, conns.stdinStream) if err != nil { - t.Fatalf("error copying STDIN to STDOUT: %v", err) + t.Fatalf("websocket copy error: %v", err) } })) - defer spdyServer.Close() //nolint:errcheck + defer websocketServer.Close() //nolint:errcheck - backendLocation, err := url.Parse(spdyServer.URL) + // Now create the WebSocket client (executor), and point it to the TLS proxy server. + // The proxy server should open a websocket connection to the fake websocket server. + websocketServer.URL = websocketServer.URL + "?" + "stdin=true" + "&" + "stdout=true" + websocketLocation, err := url.Parse(websocketServer.URL) require.NoError(t, err) - clientConfig := &rest.Config{ - Host: spdyServer.URL, + Host: websocketLocation.Host, TLSClientConfig: rest.TLSClientConfig{CAData: localhostCert}, Proxy: func(req *http.Request) (*url.URL, error) { return proxyLocation, nil }, } - - // Websocket with https proxy will fail in dialing (falling back to SPDY). - websocketExecutor, err := NewWebSocketExecutor(clientConfig, "GET", backendLocation.String()) + websocketExecutor, err := NewWebSocketExecutor(clientConfig, "GET", websocketServer.URL) require.NoError(t, err) - spdyExecutor, err := NewSPDYExecutor(clientConfig, "POST", backendLocation) + emptyURL, _ := url.Parse("") + spdyExecutor, err := NewSPDYExecutor(clientConfig, "POST", emptyURL) require.NoError(t, err) - // Fallback to spdyExecutor with websocket https proxy error; spdyExecutor succeeds against fake spdy server. + // No fallback to spdyExecutor with websocket. sawHTTPSProxyError := false exec, err := NewFallbackExecutor(websocketExecutor, spdyExecutor, func(err error) bool { if httpstream.IsUpgradeFailure(err) { @@ -396,9 +394,9 @@ func TestFallbackClient_WebSocketHTTPSProxyCausesSPDYFallback(t *testing.T) { t.Errorf("unexpected data received: %d sent: %d", len(data), len(randomData)) } - // Ensure the https proxy error was observed - if !sawHTTPSProxyError { - t.Errorf("expected to see https proxy error") + // Ensure the https proxy error was *not* observed + if sawHTTPSProxyError { + t.Errorf("expected to *not* see https proxy error") } // Ensure the proxy was called once if e, a := int64(1), proxyCalled.Load(); e != a { diff --git a/tools/remotecommand/websocket_test.go b/tools/remotecommand/websocket_test.go index b70afcac..9f064d93 100644 --- a/tools/remotecommand/websocket_test.go +++ b/tools/remotecommand/websocket_test.go @@ -20,6 +20,7 @@ import ( "bytes" "context" "crypto/rand" + "crypto/tls" "encoding/json" "fmt" "io" @@ -31,16 +32,18 @@ import ( "reflect" "strings" "sync" + "sync/atomic" "testing" "time" gwebsocket "github.com/gorilla/websocket" + "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/httpstream" "k8s.io/apimachinery/pkg/util/httpstream/wsstream" + utilnettesting "k8s.io/apimachinery/pkg/util/net/testing" "k8s.io/apimachinery/pkg/util/remotecommand" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/rest" @@ -1342,38 +1345,110 @@ func createWebSocketStreams(req *http.Request, w http.ResponseWriter, opts *opti return wsStreams, nil } -// See (https://github.com/kubernetes/kubernetes/issues/126134). -func TestWebSocketClient_HTTPSProxyErrorExpected(t *testing.T) { - urlStr := "http://127.0.0.1/never-used" + "?" + "stdin=true" + "&" + "stdout=true" - websocketLocation, err := url.Parse(urlStr) - if err != nil { - t.Fatalf("Unable to parse WebSocket server URL: %s", urlStr) - } - // proxy url with https scheme will trigger websocket dialing error. - httpsProxyFunc := func(req *http.Request) (*url.URL, error) { return url.Parse("https://127.0.0.1") } - exec, err := NewWebSocketExecutor(&rest.Config{Host: websocketLocation.Host, Proxy: httpsProxyFunc}, "GET", urlStr) - if err != nil { - t.Errorf("unexpected error creating websocket executor: %v", err) - } - var stdout bytes.Buffer - options := &StreamOptions{ - Stdout: &stdout, - } - errorChan := make(chan error) - go func() { - // Start the streaming on the WebSocket "exec" client. - errorChan <- exec.StreamWithContext(context.Background(), *options) - }() - - select { - case <-time.After(wait.ForeverTestTimeout): - t.Fatalf("expect stream to be closed after connection is closed.") - case err := <-errorChan: - if err == nil { - t.Errorf("expected error but received none") +func TestWebSocketClient_ProxySucceeds(t *testing.T) { + // Validate websocket proxy succeeds for each of the enumerated schemes. + proxySchemes := []string{"http", "https"} + for _, proxyScheme := range proxySchemes { + // Create the proxy handler, keeping track of how many times it was called. + var proxyCalled atomic.Int64 + proxyHandler := utilnettesting.NewHTTPProxyHandler(t, func(req *http.Request) bool { + proxyCalled.Add(1) + return true + }) + defer proxyHandler.Wait() + // Create/Start the proxy server, adding TLS functionality depending on scheme. + proxyServer := httptest.NewUnstartedServer(proxyHandler) + if proxyScheme == "https" { + cert, err := tls.X509KeyPair(localhostCert, localhostKey) + if err != nil { + t.Errorf("https (valid hostname): proxy_test: %v", err) + } + proxyServer.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} + proxyServer.StartTLS() + } else { + proxyServer.Start() } - if !httpstream.IsHTTPSProxyError(err) { - t.Errorf("expected https proxy error, got (%s)", err) + defer proxyServer.Close() //nolint:errcheck + proxyLocation, err := url.Parse(proxyServer.URL) + require.NoError(t, err) + t.Logf("Proxy URL: %s", proxyLocation.String()) + + // Create fake WebSocket server. Copy received STDIN data back onto STDOUT stream. + websocketServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + conns, err := webSocketServerStreams(req, w, streamOptionsFromRequest(req)) + if err != nil { + t.Fatalf("error on webSocketServerStreams: %v", err) + } + defer conns.conn.Close() //nolint:errcheck + // Loopback the STDIN stream onto the STDOUT stream. + _, err = io.Copy(conns.stdoutStream, conns.stdinStream) + if err != nil { + t.Fatalf("error copying STDIN to STDOUT: %v", err) + } + })) + defer websocketServer.Close() //nolint:errcheck + + // Now create the WebSocket client (executor), and point it to the TLS proxy server. + // The proxy server should open a websocket connection to the fake websocket server. + websocketServer.URL = websocketServer.URL + "?" + "stdin=true" + "&" + "stdout=true" + websocketLocation, err := url.Parse(websocketServer.URL) + require.NoError(t, err) + clientConfig := &rest.Config{ + Host: websocketLocation.Host, + // Unused if "http" scheme. + TLSClientConfig: rest.TLSClientConfig{CAData: localhostCert}, + Proxy: func(req *http.Request) (*url.URL, error) { + return proxyLocation, nil + }, + } + exec, err := NewWebSocketExecutor(clientConfig, "GET", websocketServer.URL) + require.NoError(t, err) + + // Generate random data, and set it up to stream on STDIN. The data will be + // returned on the STDOUT buffer. + randomSize := 1024 * 1024 + randomData := make([]byte, randomSize) + if _, err := rand.Read(randomData); err != nil { + t.Errorf("unexpected error reading random data: %v", err) + } + var stdout bytes.Buffer + options := &StreamOptions{ + Stdin: bytes.NewReader(randomData), + Stdout: &stdout, + } + errorChan := make(chan error) + go func() { + // Start the streaming on the WebSocket "exec" client. + errorChan <- exec.StreamWithContext(context.Background(), *options) + }() + + select { + case <-time.After(wait.ForeverTestTimeout): + t.Fatalf("expect stream to be closed after connection is closed.") + case err := <-errorChan: + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + // Validate remote command v5 protocol was negotiated. + streamExec := exec.(*wsStreamExecutor) + if remotecommand.StreamProtocolV5Name != streamExec.negotiated { + t.Fatalf("expected remote command v5 protocol, got (%s)", streamExec.negotiated) + } + } + data, err := io.ReadAll(bytes.NewReader(stdout.Bytes())) + if err != nil { + t.Fatalf("error reading the stream: %v", err) + } + // Check the random data sent on STDIN was the same returned on STDOUT. + t.Logf("comparing %d random bytes sent data versus received", len(randomData)) + if !bytes.Equal(randomData, data) { + t.Errorf("unexpected data received: %d sent: %d", len(data), len(randomData)) + } else { + t.Log("success--random bytes are the same") + } + // Ensure the proxy was called once + if e, a := int64(1), proxyCalled.Load(); e != a { + t.Errorf("expected %d proxy call, got %d", e, a) } } }