mirror of
https://github.com/kubernetes/client-go.git
synced 2026-05-15 11:43:33 +00:00
Compare commits
9 Commits
v0.30.3
...
release-1.
| Author | SHA1 | Date | |
|---|---|---|---|
|
04736883c5 | ||
|
804c220d8f | ||
|
|
8a9438e118 | ||
|
cdafd6eb86 | ||
|
|
8981a9a956 | ||
|
f2cf545be1 | ||
|
|
274256ef2e | ||
|
c594704d12 | ||
|
|
b6e8438bf5 |
@@ -5661,6 +5661,7 @@ var schemaYAML = typed.YAMLObject(`types:
|
||||
- name: ip
|
||||
type:
|
||||
scalar: string
|
||||
default: ""
|
||||
- name: io.k8s.api.core.v1.HostPathVolumeSource
|
||||
map:
|
||||
fields:
|
||||
@@ -6747,6 +6748,7 @@ var schemaYAML = typed.YAMLObject(`types:
|
||||
- name: ip
|
||||
type:
|
||||
scalar: string
|
||||
default: ""
|
||||
- name: io.k8s.api.core.v1.PodOS
|
||||
map:
|
||||
fields:
|
||||
|
||||
8
go.mod
8
go.mod
@@ -24,8 +24,8 @@ require (
|
||||
golang.org/x/term v0.18.0
|
||||
golang.org/x/time v0.3.0
|
||||
google.golang.org/protobuf v1.33.0
|
||||
k8s.io/api v0.0.0-20240510070028-a669f183e8f1
|
||||
k8s.io/apimachinery v0.0.0-20240405200823-37988e577e16
|
||||
k8s.io/api v0.0.0-20240822113641-f67709f69651
|
||||
k8s.io/apimachinery v0.0.0-20240729091232-07dc100ca27c
|
||||
k8s.io/klog/v2 v2.120.1
|
||||
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
|
||||
@@ -41,7 +41,9 @@ require (
|
||||
github.com/go-openapi/jsonpointer v0.19.6 // indirect
|
||||
github.com/go-openapi/jsonreference v0.20.2 // indirect
|
||||
github.com/go-openapi/swag v0.22.3 // indirect
|
||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
|
||||
github.com/google/btree v1.0.1 // indirect
|
||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
|
||||
github.com/josharian/intern v1.0.0 // indirect
|
||||
github.com/json-iterator/go v1.1.12 // indirect
|
||||
github.com/mailru/easyjson v0.7.7 // indirect
|
||||
@@ -50,10 +52,12 @@ require (
|
||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
|
||||
github.com/onsi/ginkgo/v2 v2.15.0 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
golang.org/x/sys v0.18.0 // indirect
|
||||
golang.org/x/text v0.14.0 // indirect
|
||||
golang.org/x/tools v0.18.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
|
||||
14
go.sum
14
go.sum
@@ -1,5 +1,8 @@
|
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
|
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
@@ -44,6 +47,7 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm
|
||||
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
|
||||
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
|
||||
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
|
||||
@@ -90,6 +94,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
|
||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
@@ -116,6 +121,7 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
|
||||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
|
||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
@@ -153,10 +159,10 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
k8s.io/api v0.0.0-20240510070028-a669f183e8f1 h1:oQ8oUAAItxQflmX8rh4LGZ27bC+ybKvOzh4+1qVdDzk=
|
||||
k8s.io/api v0.0.0-20240510070028-a669f183e8f1/go.mod h1:72LmHV9KJWB464cJMYgnWZqh3GiKgX70hjmgoYjR67Y=
|
||||
k8s.io/apimachinery v0.0.0-20240405200823-37988e577e16 h1:GjoXk5Gb8LqhZJjGbYOqIw8JbuDJZv9MKd94i2DXzg8=
|
||||
k8s.io/apimachinery v0.0.0-20240405200823-37988e577e16/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
|
||||
k8s.io/api v0.0.0-20240822113641-f67709f69651 h1:Fyzq7cbnP/BCOiXvMJSKU6z6y+e56OSVnfisR5EhZj0=
|
||||
k8s.io/api v0.0.0-20240822113641-f67709f69651/go.mod h1:D+mc/RogNsJPV6ktCtgP7gZhbRsOGp/7lCeMXY1t8kE=
|
||||
k8s.io/apimachinery v0.0.0-20240729091232-07dc100ca27c h1:PMvIiEyO6vNoHQCaeMmLduktIYCbou73s3P2+bHi0WE=
|
||||
k8s.io/apimachinery v0.0.0-20240729091232-07dc100ca27c/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
|
||||
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
|
||||
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
|
||||
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
|
||||
|
||||
@@ -299,7 +299,7 @@ func TestHTTPProxy(t *testing.T) {
|
||||
}))
|
||||
defer testProxyServer.Close()
|
||||
|
||||
t.Logf(testProxyServer.URL)
|
||||
t.Log(testProxyServer.URL)
|
||||
|
||||
u, err := url.Parse(testProxyServer.URL)
|
||||
if err != nil {
|
||||
|
||||
@@ -17,10 +17,12 @@ limitations under the License.
|
||||
package portforward
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/apimachinery/pkg/util/httpstream"
|
||||
)
|
||||
|
||||
@@ -36,7 +38,7 @@ func TestFallbackDialer(t *testing.T) {
|
||||
assert.True(t, primary.dialed, "no fallback; primary should have dialed")
|
||||
assert.False(t, secondary.dialed, "no fallback; secondary should *not* have dialed")
|
||||
assert.Equal(t, primaryProtocol, negotiated, "primary negotiated protocol returned")
|
||||
assert.Nil(t, err, "error from primary dialer should be nil")
|
||||
require.NoError(t, err, "error from primary dialer should be nil")
|
||||
// If primary dialer error is upgrade error, then fallback returning secondary dial response.
|
||||
primary = &fakeDialer{dialed: false, negotiatedProtocol: primaryProtocol, err: &httpstream.UpgradeFailureError{}}
|
||||
secondary = &fakeDialer{dialed: false, negotiatedProtocol: secondaryProtocol}
|
||||
@@ -45,7 +47,18 @@ func TestFallbackDialer(t *testing.T) {
|
||||
assert.True(t, primary.dialed, "fallback; primary should have dialed")
|
||||
assert.True(t, secondary.dialed, "fallback; secondary should have dialed")
|
||||
assert.Equal(t, secondaryProtocol, negotiated, "negotiated protocol is from secondary dialer")
|
||||
assert.Nil(t, err, "error from secondary dialer should be nil")
|
||||
require.NoError(t, err, "error from secondary dialer should be nil")
|
||||
// If primary dialer error is https proxy dialing error, then fallback returning secondary dial response.
|
||||
primary = &fakeDialer{negotiatedProtocol: primaryProtocol, err: errors.New("proxy: unknown scheme: https")}
|
||||
secondary = &fakeDialer{negotiatedProtocol: secondaryProtocol}
|
||||
fallbackDialer = NewFallbackDialer(primary, secondary, func(err error) bool {
|
||||
return httpstream.IsUpgradeFailure(err) || httpstream.IsHTTPSProxyError(err)
|
||||
})
|
||||
_, negotiated, err = fallbackDialer.Dial(protocols...)
|
||||
assert.True(t, primary.dialed, "fallback; primary should have dialed")
|
||||
assert.True(t, secondary.dialed, "fallback; secondary should have dialed")
|
||||
assert.Equal(t, secondaryProtocol, negotiated, "negotiated protocol is from secondary dialer")
|
||||
require.NoError(t, err, "error from secondary dialer should be nil")
|
||||
// If primary dialer returns non-upgrade error, then primary error is returned.
|
||||
nonUpgradeErr := fmt.Errorf("This is a non-upgrade error")
|
||||
primary = &fakeDialer{dialed: false, err: nonUpgradeErr}
|
||||
|
||||
@@ -20,15 +20,19 @@ import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/tls"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"sync/atomic"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/apimachinery/pkg/util/httpstream"
|
||||
utilnettesting "k8s.io/apimachinery/pkg/util/net/testing"
|
||||
"k8s.io/apimachinery/pkg/util/remotecommand"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/client-go/rest"
|
||||
@@ -225,3 +229,175 @@ func TestFallbackClient_PrimaryAndSecondaryFail(t *testing.T) {
|
||||
require.Error(t, err)
|
||||
}
|
||||
}
|
||||
|
||||
// localhostCert was generated from crypto/tls/generate_cert.go with the following command:
|
||||
//
|
||||
// go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
|
||||
var localhostCert = []byte(`-----BEGIN CERTIFICATE-----
|
||||
MIIDGTCCAgGgAwIBAgIRALL5AZcefF4kkYV1SEG6YrMwDQYJKoZIhvcNAQELBQAw
|
||||
EjEQMA4GA1UEChMHQWNtZSBDbzAgFw03MDAxMDEwMDAwMDBaGA8yMDg0MDEyOTE2
|
||||
MDAwMFowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBALQ/FHcyVwdFHxARbbD2KBtDUT7Eni+8ioNdjtGcmtXqBv45EC1C
|
||||
JOqqGJTroFGJ6Q9kQIZ9FqH5IJR2fOOJD9kOTueG4Vt1JY1rj1Kbpjefu8XleZ5L
|
||||
SBwIWVnN/lEsEbuKmj7N2gLt5AH3zMZiBI1mg1u9Z5ZZHYbCiTpBrwsq6cTlvR9g
|
||||
dyo1YkM5hRESCzsrL0aUByoo0qRMD8ZsgANJwgsiO0/M6idbxDwv1BnGwGmRYvOE
|
||||
Hxpy3v0Jg7GJYrvnpnifJTs4nw91N5X9pXxR7FFzi/6HTYDWRljvTb0w6XciKYAz
|
||||
bWZ0+cJr5F7wB7ovlbm7HrQIR7z7EIIu2d8CAwEAAaNoMGYwDgYDVR0PAQH/BAQD
|
||||
AgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLgYDVR0R
|
||||
BCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZI
|
||||
hvcNAQELBQADggEBAFPPWopNEJtIA2VFAQcqN6uJK+JVFOnjGRoCrM6Xgzdm0wxY
|
||||
XCGjsxY5dl+V7KzdGqu858rCaq5osEBqypBpYAnS9C38VyCDA1vPS1PsN8SYv48z
|
||||
DyBwj+7R2qar0ADBhnhWxvYO9M72lN/wuCqFKYMeFSnJdQLv3AsrrHe9lYqOa36s
|
||||
8wxSwVTFTYXBzljPEnSaaJMPqFD8JXaZK1ryJPkO5OsCNQNGtatNiWAf3DcmwHAT
|
||||
MGYMzP0u4nw47aRz9shB8w+taPKHx2BVwE1m/yp3nHVioOjXqA1fwRQVGclCJSH1
|
||||
D2iq3hWVHRENgjTjANBPICLo9AZ4JfN6PH19mnU=
|
||||
-----END CERTIFICATE-----`)
|
||||
|
||||
// localhostKey is the private key for localhostCert.
|
||||
var localhostKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAtD8UdzJXB0UfEBFtsPYoG0NRPsSeL7yKg12O0Zya1eoG/jkQ
|
||||
LUIk6qoYlOugUYnpD2RAhn0WofkglHZ844kP2Q5O54bhW3UljWuPUpumN5+7xeV5
|
||||
nktIHAhZWc3+USwRu4qaPs3aAu3kAffMxmIEjWaDW71nllkdhsKJOkGvCyrpxOW9
|
||||
H2B3KjViQzmFERILOysvRpQHKijSpEwPxmyAA0nCCyI7T8zqJ1vEPC/UGcbAaZFi
|
||||
84QfGnLe/QmDsYliu+emeJ8lOzifD3U3lf2lfFHsUXOL/odNgNZGWO9NvTDpdyIp
|
||||
gDNtZnT5wmvkXvAHui+VubsetAhHvPsQgi7Z3wIDAQABAoIBAGmw93IxjYCQ0ncc
|
||||
kSKMJNZfsdtJdaxuNRZ0nNNirhQzR2h403iGaZlEpmdkhzxozsWcto1l+gh+SdFk
|
||||
bTUK4MUZM8FlgO2dEqkLYh5BcMT7ICMZvSfJ4v21E5eqR68XVUqQKoQbNvQyxFk3
|
||||
EddeEGdNrkb0GDK8DKlBlzAW5ep4gjG85wSTjR+J+muUv3R0BgLBFSuQnIDM/IMB
|
||||
LWqsja/QbtB7yppe7jL5u8UCFdZG8BBKT9fcvFIu5PRLO3MO0uOI7LTc8+W1Xm23
|
||||
uv+j3SY0+v+6POjK0UlJFFi/wkSPTFIfrQO1qFBkTDQHhQ6q/7GnILYYOiGbIRg2
|
||||
NNuP52ECgYEAzXEoy50wSYh8xfFaBuxbm3ruuG2W49jgop7ZfoFrPWwOQKAZS441
|
||||
VIwV4+e5IcA6KkuYbtGSdTYqK1SMkgnUyD/VevwAqH5TJoEIGu0pDuKGwVuwqioZ
|
||||
frCIAV5GllKyUJ55VZNbRr2vY2fCsWbaCSCHETn6C16DNuTCe5C0JBECgYEA4JqY
|
||||
5GpNbMG8fOt4H7hU0Fbm2yd6SHJcQ3/9iimef7xG6ajxsYrIhg1ft+3IPHMjVI0+
|
||||
9brwHDnWg4bOOx/VO4VJBt6Dm/F33bndnZRkuIjfSNpLM51P+EnRdaFVHOJHwKqx
|
||||
uF69kihifCAG7YATgCveeXImzBUSyZUz9UrETu8CgYARNBimdFNG1RcdvEg9rC0/
|
||||
p9u1tfecvNySwZqU7WF9kz7eSonTueTdX521qAHowaAdSpdJMGODTTXaywm6cPhQ
|
||||
jIfj9JZZhbqQzt1O4+08Qdvm9TamCUB5S28YLjza+bHU7nBaqixKkDfPqzCyilpX
|
||||
yVGGL8SwjwmN3zop/sQXAQKBgC0JMsESQ6YcDsRpnrOVjYQc+LtW5iEitTdfsaID
|
||||
iGGKihmOI7B66IxgoCHMTws39wycKdSyADVYr5e97xpR3rrJlgQHmBIrz+Iow7Q2
|
||||
LiAGaec8xjl6QK/DdXmFuQBKqyKJ14rljFODP4QuE9WJid94bGqjpf3j99ltznZP
|
||||
4J8HAoGAJb4eb4lu4UGwifDzqfAPzLGCoi0fE1/hSx34lfuLcc1G+LEu9YDKoOVJ
|
||||
9suOh0b5K/bfEy9KrVMBBriduvdaERSD8S3pkIQaitIz0B029AbE4FLFf9lKQpP2
|
||||
KR8NJEkK99Vh/tew6jAMll70xFrE7aF8VLXJVE7w4sQzuvHxl9Q=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
`)
|
||||
|
||||
// See (https://github.com/kubernetes/kubernetes/issues/126134).
|
||||
func TestFallbackClient_WebSocketHTTPSProxyCausesSPDYFallback(t *testing.T) {
|
||||
cert, err := tls.X509KeyPair(localhostCert, localhostKey)
|
||||
if err != nil {
|
||||
t.Errorf("https (valid hostname): proxy_test: %v", err)
|
||||
}
|
||||
|
||||
var proxyCalled atomic.Int64
|
||||
proxyHandler := utilnettesting.NewHTTPProxyHandler(t, func(req *http.Request) bool {
|
||||
proxyCalled.Add(1)
|
||||
return true
|
||||
})
|
||||
defer proxyHandler.Wait()
|
||||
|
||||
proxyServer := httptest.NewUnstartedServer(proxyHandler)
|
||||
proxyServer.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||
proxyServer.StartTLS()
|
||||
defer proxyServer.Close() //nolint:errcheck
|
||||
|
||||
proxyLocation, err := url.Parse(proxyServer.URL)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Create fake SPDY server. Copy received STDIN data back onto STDOUT stream.
|
||||
spdyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
var stdin, stdout bytes.Buffer
|
||||
ctx, err := createHTTPStreams(w, req, &StreamOptions{
|
||||
Stdin: &stdin,
|
||||
Stdout: &stdout,
|
||||
})
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
defer ctx.conn.Close() //nolint:errcheck
|
||||
_, err = io.Copy(ctx.stdoutStream, ctx.stdinStream)
|
||||
if err != nil {
|
||||
t.Fatalf("error copying STDIN to STDOUT: %v", err)
|
||||
}
|
||||
}))
|
||||
defer spdyServer.Close() //nolint:errcheck
|
||||
|
||||
backendLocation, err := url.Parse(spdyServer.URL)
|
||||
require.NoError(t, err)
|
||||
|
||||
clientConfig := &rest.Config{
|
||||
Host: spdyServer.URL,
|
||||
TLSClientConfig: rest.TLSClientConfig{CAData: localhostCert},
|
||||
Proxy: func(req *http.Request) (*url.URL, error) {
|
||||
return proxyLocation, nil
|
||||
},
|
||||
}
|
||||
|
||||
// Websocket with https proxy will fail in dialing (falling back to SPDY).
|
||||
websocketExecutor, err := NewWebSocketExecutor(clientConfig, "GET", backendLocation.String())
|
||||
require.NoError(t, err)
|
||||
spdyExecutor, err := NewSPDYExecutor(clientConfig, "POST", backendLocation)
|
||||
require.NoError(t, err)
|
||||
// Fallback to spdyExecutor with websocket https proxy error; spdyExecutor succeeds against fake spdy server.
|
||||
sawHTTPSProxyError := false
|
||||
exec, err := NewFallbackExecutor(websocketExecutor, spdyExecutor, func(err error) bool {
|
||||
if httpstream.IsUpgradeFailure(err) {
|
||||
t.Errorf("saw upgrade failure: %v", err)
|
||||
return true
|
||||
}
|
||||
if httpstream.IsHTTPSProxyError(err) {
|
||||
sawHTTPSProxyError = true
|
||||
t.Logf("saw https proxy error: %v", err)
|
||||
return true
|
||||
}
|
||||
return false
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
// Generate random data, and set it up to stream on STDIN. The data will be
|
||||
// returned on the STDOUT buffer.
|
||||
randomSize := 1024 * 1024
|
||||
randomData := make([]byte, randomSize)
|
||||
if _, err := rand.Read(randomData); err != nil {
|
||||
t.Errorf("unexpected error reading random data: %v", err)
|
||||
}
|
||||
var stdout bytes.Buffer
|
||||
options := &StreamOptions{
|
||||
Stdin: bytes.NewReader(randomData),
|
||||
Stdout: &stdout,
|
||||
}
|
||||
errorChan := make(chan error)
|
||||
go func() {
|
||||
errorChan <- exec.StreamWithContext(context.Background(), *options)
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-time.After(wait.ForeverTestTimeout):
|
||||
t.Fatalf("expect stream to be closed after connection is closed.")
|
||||
case err := <-errorChan:
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error")
|
||||
}
|
||||
}
|
||||
|
||||
data, err := io.ReadAll(bytes.NewReader(stdout.Bytes()))
|
||||
if err != nil {
|
||||
t.Errorf("error reading the stream: %v", err)
|
||||
return
|
||||
}
|
||||
// Check the random data sent on STDIN was the same returned on STDOUT.
|
||||
if !bytes.Equal(randomData, data) {
|
||||
t.Errorf("unexpected data received: %d sent: %d", len(data), len(randomData))
|
||||
}
|
||||
|
||||
// Ensure the https proxy error was observed
|
||||
if !sawHTTPSProxyError {
|
||||
t.Errorf("expected to see https proxy error")
|
||||
}
|
||||
// Ensure the proxy was called once
|
||||
if e, a := int64(1), proxyCalled.Load(); e != a {
|
||||
t.Errorf("expected %d proxy call, got %d", e, a)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -115,5 +115,5 @@ func (d *errorDecoderV4) decode(message []byte) error {
|
||||
return errors.New("error stream protocol error: unknown error")
|
||||
}
|
||||
|
||||
return fmt.Errorf(status.Message)
|
||||
return errors.New(status.Message)
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@ import (
|
||||
v1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/httpstream"
|
||||
"k8s.io/apimachinery/pkg/util/httpstream/wsstream"
|
||||
"k8s.io/apimachinery/pkg/util/remotecommand"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
@@ -1340,3 +1341,39 @@ func createWebSocketStreams(req *http.Request, w http.ResponseWriter, opts *opti
|
||||
|
||||
return wsStreams, nil
|
||||
}
|
||||
|
||||
// See (https://github.com/kubernetes/kubernetes/issues/126134).
|
||||
func TestWebSocketClient_HTTPSProxyErrorExpected(t *testing.T) {
|
||||
urlStr := "http://127.0.0.1/never-used" + "?" + "stdin=true" + "&" + "stdout=true"
|
||||
websocketLocation, err := url.Parse(urlStr)
|
||||
if err != nil {
|
||||
t.Fatalf("Unable to parse WebSocket server URL: %s", urlStr)
|
||||
}
|
||||
// proxy url with https scheme will trigger websocket dialing error.
|
||||
httpsProxyFunc := func(req *http.Request) (*url.URL, error) { return url.Parse("https://127.0.0.1") }
|
||||
exec, err := NewWebSocketExecutor(&rest.Config{Host: websocketLocation.Host, Proxy: httpsProxyFunc}, "GET", urlStr)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error creating websocket executor: %v", err)
|
||||
}
|
||||
var stdout bytes.Buffer
|
||||
options := &StreamOptions{
|
||||
Stdout: &stdout,
|
||||
}
|
||||
errorChan := make(chan error)
|
||||
go func() {
|
||||
// Start the streaming on the WebSocket "exec" client.
|
||||
errorChan <- exec.StreamWithContext(context.Background(), *options)
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-time.After(wait.ForeverTestTimeout):
|
||||
t.Fatalf("expect stream to be closed after connection is closed.")
|
||||
case err := <-errorChan:
|
||||
if err == nil {
|
||||
t.Errorf("expected error but received none")
|
||||
}
|
||||
if !httpstream.IsHTTPSProxyError(err) {
|
||||
t.Errorf("expected https proxy error, got (%s)", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -159,7 +159,7 @@ func TestTLSConfigKey(t *testing.T) {
|
||||
|
||||
shouldCacheA := valueA.Proxy == nil
|
||||
if shouldCacheA != canCacheA {
|
||||
t.Errorf("Unexpected canCache=false for " + nameA)
|
||||
t.Error("Unexpected canCache=false for " + nameA)
|
||||
}
|
||||
|
||||
configIsNotEmpty := !reflect.DeepEqual(*valueA, Config{})
|
||||
|
||||
Reference in New Issue
Block a user