test: Disable tap::rejects_incorrect_identity_when_identity_is_expected (#2231)

The `tap::rejects_incorrect_identity_when_identity_is_expected` test passes incorrectly. This change updates the test to assert the expected condition; and then the test is skipped (like the other tap integration tests). These tests all need discovery configuration to operate as intended. This change also updates the devcontainer.json spec with an increased memory limit. This is necessary to run tests.
2023-02-14 13:15:59 -08:00 · 2023-02-14 13:15:59 -08:00 · c07e638c9e
parent a765433422
commit c07e638c9e
2 changed files with 30 additions and 13 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,23 +1,27 @@
 {
 	"name": "linkerd2-proxy",
 	"image": "ghcr.io/linkerd/dev:v38",
-	"extensions": [
-		"DavidAnson.vscode-markdownlint",
-		"kokakiwi.vscode-just",
-		"NathanRidley.autotrim",
-		"rust-lang.rust-analyzer",
-		"samverschueren.final-newline",
-		"tamasfe.even-better-toml",
-		"zxh404.vscode-proto3"
-	],
-	"settings": {},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"DavidAnson.vscode-markdownlint",
+				"kokakiwi.vscode-just",
+				"NathanRidley.autotrim",
+				"rust-lang.rust-analyzer",
+				"samverschueren.final-newline",
+				"tamasfe.even-better-toml",
+				"zxh404.vscode-proto3"
+			],
+			"settings": {}
+		}
+	},
 	"onCreateCommand": ".devcontainer/on-create.sh",
 	// Support docker + debugger
 	"runArgs": [
 		"--init",
 		// Limit container memory usage.
-		"--memory=12g",
-		"--memory-swap=12g",
+		"--memory=24g",
+		"--memory-swap=24g",
 		// Use the host network so we can access k3d, etc.
 		"--net=host",
 		// For lldb
--- a/linkerd/app/integration/src/tests/tap.rs
+++ b/linkerd/app/integration/src/tests/tap.rs
@ -1,6 +1,7 @@
 use crate::tap::TapEventExt;
 use crate::*;
 use std::time::SystemTime;
+use tracing::debug;

 #[tokio::test]
 async fn tap_enabled_when_tap_svc_name_set() {
@ -40,6 +41,8 @@ async fn tap_disabled_when_tap_svc_name_not_set() {
    assert!(proxy.tap.is_none())
 }

+// FIXME(ver) this test requires discovery configuration.
+#[ignore]
 #[tokio::test]
 async fn rejects_incorrect_identity_when_identity_is_expected() {
    let _trace = trace_init();
@ -51,27 +54,37 @@ async fn rejects_incorrect_identity_when_identity_is_expected() {
    let mut expected_identity_env = identity_env.env.clone();
    expected_identity_env.put(app::env::ENV_TAP_SVC_NAME, expected_identity.to_owned());

+    debug!("Starting server");
    let srv = server::http1().route("/", "hello").run().await;

+    debug!("Starting inbound proxy");
    let in_proxy = proxy::new()
        .inbound(srv)
        .identity(identity_env.service().run().await)
        .run_with_test_env(expected_identity_env)
        .await;

+    debug!("Starting outbound tap proxy");
    let tap_proxy = proxy::new()
        .outbound_ip(in_proxy.tap.unwrap())
        .identity(identity_env.service().run().await)
        .run_with_test_env(identity_env.env.clone())
        .await;

+    debug!("Observing tap events");
    let mut tap = tap::client(tap_proxy.outbound);
    let mut events = tap.observe(tap::observe_request()).await.take(1);

+    debug!("Sending inbound request");
    let client = client::http1(in_proxy.inbound, "localhost");
    assert_eq!(client.get("/").await, "hello");

-    assert!(events.next().await.expect("next1").is_err());
+    debug!("Waiting for tap event");
+    let event = events.next().await.expect("next1");
+    assert_eq!(
+        event.expect_err("tap observation must fail").code(),
+        tonic::Code::PermissionDenied
+    );
 }

 // FIXME(ver) this test was marked flakey, but now it consistently fails.