Remove conduit references from proxy-init codebase (#1325)

* Remove conduit references from proxy-init codebase * Removing linkerd.io link from long description Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>
2018-07-17 10:29:30 -07:00 · 2018-07-17 10:29:30 -07:00 · 3357a06f09
parent 1b38310019
commit 3357a06f09
5 changed files with 46 additions and 55 deletions
--- a/proxy-init/cmd/root.go
+++ b/proxy-init/cmd/root.go
@ -34,10 +34,8 @@ func NewRootCmd() *cobra.Command {

 	cmd := &cobra.Command{
 		Use:   "proxy-init",
-		Short: "Adds a Kubernetes pod to the Conduit Service Mesh",
-		Long: `proxy-init Adds a Kubernetes pod to the Conduit Service Mesh.
-
-Find more information at https://conduit.io/.`,
+		Short: "proxy-init adds a Kubernetes pod to the Linkerd service mesh",
+		Long:  "proxy-init adds a Kubernetes pod to the Linkerd service mesh.",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			config, err := buildFirewallConfiguration(options)
 			if err != nil {
--- a/proxy-init/integration_test/iptables/Dockerfile-tester
+++ b/proxy-init/integration_test/iptables/Dockerfile-tester
@ -4,4 +4,4 @@ ADD iptables/ /go
 # Kubernetes Jobs will be retried until they return status 0,
 # so we need to output the status for processing but make sure
 # that the container exits with 0
-ENTRYPOINT cd /go && (go test -v ; echo "status:$?")
+ENTRYPOINT cd /go && (go test -v -integration-tests; echo "status:$?")
--- a/proxy-init/integration_test/iptables/http_test.go
+++ b/proxy-init/integration_test/iptables/http_test.go
@ -1,6 +1,7 @@
 package iptablestest

 import (
+	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@ -11,35 +12,44 @@ import (
 )

 const (
-	ignoredContainerPort                = "7070"
-	proxyContainerPort                  = "8080"
-	notTheProxyContainerPort            = "9090"
-	integrationTestsEnvironmentVariable = "CONDUIT_INTEGRATION_TESTS_ENABLED"
+	ignoredContainerPort     = "7070"
+	proxyContainerPort       = "8080"
+	notTheProxyContainerPort = "9090"
 )

+func TestMain(m *testing.M) {
+	runTests := flag.Bool("integration-tests", false, "must be provided to run the integration tests")
+	flag.Parse()
+
+	if !*runTests {
+		fmt.Fprintln(os.Stderr, "integration tests not enabled: enable with -integration-tests")
+		os.Exit(0)
+	}
+
+	os.Exit(m.Run())
+}
+
 func TestPodWithNoRules(t *testing.T) {
+	t.Parallel()
+
 	podWithNoRulesIp := os.Getenv("POD_WITH_NO_RULES_IP")
 	svcName := "svc-pod-with-no-rules"

 	t.Run("succeeds connecting to pod directly through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podWithNoRulesIp, proxyContainerPort)
 	})

 	t.Run("fails to connect to pod directly through any port that isn't the container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectCannotConnectGetRequestTo(t, podWithNoRulesIp, "8088")
 		expectCannotConnectGetRequestTo(t, podWithNoRulesIp, "8888")
 		expectCannotConnectGetRequestTo(t, podWithNoRulesIp, "8988")
 	})

 	t.Run("succeeds connecting to pod via a service through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, svcName, proxyContainerPort)
 	})

 	t.Run("fails to connect to pod via a service through any port that isn't the container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectCannotConnectGetRequestTo(t, svcName, "8088")
 		expectCannotConnectGetRequestTo(t, svcName, "8888")
 		expectCannotConnectGetRequestTo(t, svcName, "8988")
@ -47,16 +57,16 @@ func TestPodWithNoRules(t *testing.T) {
 }

 func TestPodRedirectsAllPorts(t *testing.T) {
+	t.Parallel()
+
 	podRedirectsAllPortsIp := os.Getenv("POD_REDIRECTS_ALL_PORTS_IP")
 	svcName := "svc-pod-redirects-all-ports"

 	t.Run("succeeds connecting to pod directly through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podRedirectsAllPortsIp, proxyContainerPort)
 	})

 	t.Run("succeeds connecting to pod directly through any port that isn't the container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podRedirectsAllPortsIp, "8088")
 		expectSuccessfulGetRequestTo(t, podRedirectsAllPortsIp, "8888")
 		expectSuccessfulGetRequestTo(t, podRedirectsAllPortsIp, "8988")
@ -64,12 +74,10 @@ func TestPodRedirectsAllPorts(t *testing.T) {
 	})

 	t.Run("succeeds connecting to pod via a service through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, svcName, proxyContainerPort)
 	})

 	t.Run("fails to connect to pod via a service through any port that isn't the container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectCannotConnectGetRequestTo(t, svcName, "8088")
 		expectCannotConnectGetRequestTo(t, svcName, "8888")
 		expectCannotConnectGetRequestTo(t, svcName, "8988")
@ -77,21 +85,20 @@ func TestPodRedirectsAllPorts(t *testing.T) {
 }

 func TestPodWithSomePortsRedirected(t *testing.T) {
+	t.Parallel()
+
 	podRedirectsSomePortsIp := os.Getenv("POD_REDIRECTS_WHITELISTED_IP")

 	t.Run("succeeds connecting to pod directly through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podRedirectsSomePortsIp, proxyContainerPort)
 	})

 	t.Run("succeeds connecting to pod directly through ports configured to redirect", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podRedirectsSomePortsIp, "9090")
 		expectSuccessfulGetRequestTo(t, podRedirectsSomePortsIp, "9099")
 	})

 	t.Run("fails to connect to pod via through any port that isn't configured to redirect", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectCannotConnectGetRequestTo(t, podRedirectsSomePortsIp, "8088")
 		expectCannotConnectGetRequestTo(t, podRedirectsSomePortsIp, "8888")
 		expectCannotConnectGetRequestTo(t, podRedirectsSomePortsIp, "8988")
@ -99,21 +106,20 @@ func TestPodWithSomePortsRedirected(t *testing.T) {
 }

 func TestPodWithSomePortsIgnored(t *testing.T) {
+	t.Parallel()
+
 	podIgnoredSomePortsIp := os.Getenv("POD_DOEST_REDIRECT_BLACKLISTED_IP")

 	t.Run("succeeds connecting to pod directly through container's exposed port", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podIgnoredSomePortsIp, proxyContainerPort)
 	})

 	t.Run("succeeds connecting to pod directly through ports configured to redirect", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		expectSuccessfulGetRequestTo(t, podIgnoredSomePortsIp, "9090")
 		expectSuccessfulGetRequestTo(t, podIgnoredSomePortsIp, "9099")
 	})

 	t.Run("doesnt redirect when through port that is ignored", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		response := expectSuccessfulGetRequestTo(t, podIgnoredSomePortsIp, ignoredContainerPort)

 		if response == "proxy" {
@ -127,6 +133,8 @@ func TestPodWithSomePortsIgnored(t *testing.T) {
 }

 func TestPodMakesOutboundConnection(t *testing.T) {
+	t.Parallel()
+
 	podIgnoredSomePortsIp := os.Getenv("POD_DOEST_REDIRECT_BLACKLISTED_IP")
 	podWithNoRulesIp := os.Getenv("POD_WITH_NO_RULES_IP")
 	podWithNoRulesName := "pod-with-no-rules"
@ -135,7 +143,6 @@ func TestPodMakesOutboundConnection(t *testing.T) {
 	proxyPodIp := podIgnoredSomePortsIp

 	t.Run("connecting to another pod from non-proxy container gets redirected to proxy", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		portOfContainerToMAkeTheRequest := ignoredContainerPort
 		targetPodIp := podWithNoRulesIp
 		targetPort := ignoredContainerPort
@ -149,7 +156,6 @@ func TestPodMakesOutboundConnection(t *testing.T) {
 	})

 	t.Run("connecting to another pod from proxy container does not get redirected to proxy", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
 		targetPodName := podWithNoRulesName
 		targetPodIp := podWithNoRulesIp

@ -162,8 +168,6 @@ func TestPodMakesOutboundConnection(t *testing.T) {
 	})

 	t.Run("connecting to loopback from non-proxy container does not get redirected to proxy", func(t *testing.T) {
-		checkIfIntegrationTestsAreEnabled(t)
-
 		response := makeCallFromContainerToAnother(t, proxyPodIp, ignoredContainerPort, "127.0.0.1", notTheProxyContainerPort)

 		expectedDownstreamResponse := fmt.Sprintf("me:[%s:%s]downstream:[%s:%s]", proxyPodName, ignoredContainerPort, proxyPodName, notTheProxyContainerPort)
@ -181,15 +185,6 @@ func makeCallFromContainerToAnother(t *testing.T, fromPodNamed string, fromConta
 	return expectSuccessfulGetRequestToUrl(t, targetUrl)
 }

-func checkIfIntegrationTestsAreEnabled(t *testing.T) {
-	if _, isSet := os.LookupEnv(integrationTestsEnvironmentVariable); !isSet {
-		fmt.Printf("=> Environment variable [%s] isn't set, skipping this test\n", integrationTestsEnvironmentVariable)
-		t.SkipNow()
-	} else {
-		t.Parallel()
-	}
-}
-
 func expectCannotConnectGetRequestTo(t *testing.T, host string, port string) {
 	targetUrl := fmt.Sprintf("http://%s:%s/", host, port)
 	fmt.Printf("Expecting failed GET to %s\n", targetUrl)
--- a/proxy-init/integration_test/run_tests.sh
+++ b/proxy-init/integration_test/run_tests.sh
@ -82,8 +82,6 @@ spec:
      - name: tester
        image: buoyantio/iptables-tester:v1
        env:
-          - name: CONDUIT_INTEGRATION_TESTS_ENABLED
-            value: "1"
          - name: POD_REDIRECTS_ALL_PORTS_IP
            value: ${POD_REDIRECTS_ALL_PORTS_IP}
          - name: POD_WITH_NO_RULES_IP
--- a/proxy-init/iptables/iptables.go
+++ b/proxy-init/iptables/iptables.go
@ -68,48 +68,48 @@ func ConfigureFirewall(firewallConfiguration FirewallConfiguration) error {
 //formatComment is used to format iptables comments in such way that it is possible to identify when the rules were added.
 // This helps debug when iptables has some stale rules from previous runs, something that can happen frequently on minikube.
 func formatComment(text string) string {
-	return fmt.Sprintf("conduit/%s/%s", text, ExecutionTraceId)
+	return fmt.Sprintf("proxy-init/%s/%s", text, ExecutionTraceId)
 }

 func addOutgoingTrafficRules(commands []*exec.Cmd, firewallConfiguration FirewallConfiguration) []*exec.Cmd {
-	ConduitOutputChainName := "CONDUIT_OUTPUT"
-	executeCommand(firewallConfiguration, makeFlushChain(ConduitOutputChainName))
-	executeCommand(firewallConfiguration, makeDeleteChain(ConduitOutputChainName))
+	outputChainName := "PROXY_INIT_OUTPUT"
+	executeCommand(firewallConfiguration, makeFlushChain(outputChainName))
+	executeCommand(firewallConfiguration, makeDeleteChain(outputChainName))

-	commands = append(commands, makeCreateNewChain(ConduitOutputChainName, "redirect-common-chain"))
+	commands = append(commands, makeCreateNewChain(outputChainName, "redirect-common-chain"))

 	// Ingore traffic from the proxy
 	if firewallConfiguration.ProxyUid > 0 {
 		log.Printf("Ignoring uid %d", firewallConfiguration.ProxyUid)
-		commands = append(commands, makeIgnoreUserId(ConduitOutputChainName, firewallConfiguration.ProxyUid, "ignore-proxy-user-id"))
+		commands = append(commands, makeIgnoreUserId(outputChainName, firewallConfiguration.ProxyUid, "ignore-proxy-user-id"))
 	} else {
 		log.Println("Not ignoring any uid")
 	}

 	// Ignore loopback
-	commands = append(commands, makeIgnoreLoopback(ConduitOutputChainName, "ignore-loopback"))
+	commands = append(commands, makeIgnoreLoopback(outputChainName, "ignore-loopback"))
 	// Ignore ports
-	commands = addRulesForIgnoredPorts(firewallConfiguration.OutboundPortsToIgnore, ConduitOutputChainName, commands)
+	commands = addRulesForIgnoredPorts(firewallConfiguration.OutboundPortsToIgnore, outputChainName, commands)

 	log.Printf("Redirecting all OUTPUT to %d", firewallConfiguration.ProxyOutgoingPort)
-	commands = append(commands, makeRedirectChainToPort(ConduitOutputChainName, firewallConfiguration.ProxyOutgoingPort, "redirect-all-outgoing-to-proxy-port"))
+	commands = append(commands, makeRedirectChainToPort(outputChainName, firewallConfiguration.ProxyOutgoingPort, "redirect-all-outgoing-to-proxy-port"))

 	//Redirect all remaining outbound traffic to the proxy.
-	commands = append(commands, makeJumpFromChainToAnotherForAllProtocols(IptablesOutputChainName, ConduitOutputChainName, "install-conduit-output"))
+	commands = append(commands, makeJumpFromChainToAnotherForAllProtocols(IptablesOutputChainName, outputChainName, "install-proxy-init-output"))
 	return commands
 }

 func addIncomingTrafficRules(commands []*exec.Cmd, firewallConfiguration FirewallConfiguration) []*exec.Cmd {
-	ConduitRedirectChainName := "CONDUIT_REDIRECT"
-	executeCommand(firewallConfiguration, makeFlushChain(ConduitRedirectChainName))
-	executeCommand(firewallConfiguration, makeDeleteChain(ConduitRedirectChainName))
+	redirectChainName := "PROXY_INIT_REDIRECT"
+	executeCommand(firewallConfiguration, makeFlushChain(redirectChainName))
+	executeCommand(firewallConfiguration, makeDeleteChain(redirectChainName))

-	commands = append(commands, makeCreateNewChain(ConduitRedirectChainName, "redirect-common-chain"))
-	commands = addRulesForIgnoredPorts(firewallConfiguration.InboundPortsToIgnore, ConduitRedirectChainName, commands)
-	commands = addRulesForInboundPortRedirect(firewallConfiguration, ConduitRedirectChainName, commands)
+	commands = append(commands, makeCreateNewChain(redirectChainName, "redirect-common-chain"))
+	commands = addRulesForIgnoredPorts(firewallConfiguration.InboundPortsToIgnore, redirectChainName, commands)
+	commands = addRulesForInboundPortRedirect(firewallConfiguration, redirectChainName, commands)

 	//Redirect all remaining inbound traffic to the proxy.
-	commands = append(commands, makeJumpFromChainToAnotherForAllProtocols(IptablesPreroutingChainName, ConduitRedirectChainName, "install-conduit-prerouting"))
+	commands = append(commands, makeJumpFromChainToAnotherForAllProtocols(IptablesPreroutingChainName, redirectChainName, "install-proxy-init-prerouting"))

 	return commands
 }