From c3bb62fd0aa92a907f1bdf767736fa2e587bcb48 Mon Sep 17 00:00:00 2001 From: bneradt Date: Wed, 17 Jun 2026 15:24:13 -0500 Subject: [PATCH] Expand client IP debug logging test coverage Before this patch, the client ip debug logging test only covered one HTTP transaction, so regressions across protocols or persistent client sessions could pass unnoticed. This converts the test to replay-driven coverage for HTTP, HTTPS, and HTTP/2, with an HTTP/3 scenario enabled when QUICHE is available. Each replay sends multiple transactions on one client connection and checks that all four request and response header dumps include per-transaction markers. This test found no issues, thus this is a test-only patch. --- .../autest-site/ats_replay.test.ext | 33 +++-- .../logging/log-debug-client-ip.test.py | 39 ++--- .../log-debug-client-ip-http.replay.yaml | 129 +++++++++++++++++ .../log-debug-client-ip-http2.replay.yaml | 134 +++++++++++++++++ .../log-debug-client-ip-http3.replay.yaml | 136 ++++++++++++++++++ .../log-debug-client-ip-https.replay.yaml | 134 +++++++++++++++++ 6 files changed, 561 insertions(+), 44 deletions(-) create mode 100644 tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml create mode 100644 tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml create mode 100644 tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml create mode 100644 tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml diff --git a/tests/gold_tests/autest-site/ats_replay.test.ext b/tests/gold_tests/autest-site/ats_replay.test.ext index d6379025b20..82c59618272 100644 --- a/tests/gold_tests/autest-site/ats_replay.test.ext +++ b/tests/gold_tests/autest-site/ats_replay.test.ext @@ -23,6 +23,15 @@ import re import yaml +def _contains_expression(contains_entry: dict, default_description: str): + '''Create a ContainsExpression tester from a log validation entry.''' + expression = contains_entry['expression'] + description = contains_entry.get('description', default_description) + reflags = re.S | re.M if contains_entry.get('multiline', False) else 0 + + return Testers.ContainsExpression(expression, description, reflags=reflags) + + def configure_ats(obj: 'TestRun', server: 'Process', ats_config: dict, dns: Optional['Process'] = None): '''Configure ATS per the configuration in the replay file. @@ -134,8 +143,7 @@ def configure_ats(obj: 'TestRun', server: 'Process', ats_config: dict, dns: Opti traffic_out = log_validation.get('traffic_out', {}) for contains_entry in traffic_out.get('contains', []): expression = contains_entry['expression'] - description = contains_entry.get('description', f'Verify traffic_out contains: {expression}') - ts.Disk.traffic_out.Content += Testers.ContainsExpression(expression, description) + ts.Disk.traffic_out.Content += _contains_expression(contains_entry, f'Verify traffic_out contains: {expression}') for excludes_entry in traffic_out.get('excludes', []): expression = excludes_entry['expression'] description = excludes_entry.get('description', f'Verify traffic_out excludes: {expression}') @@ -149,8 +157,7 @@ def configure_ats(obj: 'TestRun', server: 'Process', ats_config: dict, dns: Opti diags_log = log_validation.get('diags_log', {}) for contains_entry in diags_log.get('contains', []): expression = contains_entry['expression'] - description = contains_entry.get('description', f'Verify diags_log contains: {expression}') - ts.Disk.diags_log.Content += Testers.ContainsExpression(expression, description) + ts.Disk.diags_log.Content += _contains_expression(contains_entry, f'Verify diags_log contains: {expression}') for excludes_entry in diags_log.get('excludes', []): expression = excludes_entry['expression'] description = excludes_entry.get('description', f'Verify diags_log excludes: {expression}') @@ -164,8 +171,7 @@ def configure_ats(obj: 'TestRun', server: 'Process', ats_config: dict, dns: Opti error_log = log_validation.get('error_log', {}) for contains_entry in error_log.get('contains', []): expression = contains_entry['expression'] - description = contains_entry.get('description', f'Verify error_log contains: {expression}') - ts.Disk.error_log.Content += Testers.ContainsExpression(expression, description) + ts.Disk.error_log.Content += _contains_expression(contains_entry, f'Verify error_log contains: {expression}') for excludes_entry in error_log.get('excludes', []): expression = excludes_entry['expression'] description = excludes_entry.get('description', f'Verify error_log excludes: {expression}') @@ -260,8 +266,7 @@ def ATSReplayTest(obj, replay_file: str): if server_log_validation: for contains_entry in server_log_validation.get('contains', []): expression = contains_entry['expression'] - description = contains_entry.get('description', f'Verify server output contains: {expression}') - server.Streams.All += Testers.ContainsExpression(expression, description) + server.Streams.All += _contains_expression(contains_entry, f'Verify server output contains: {expression}') for excludes_entry in server_log_validation.get('excludes', []): expression = excludes_entry['expression'] description = excludes_entry.get('description', f'Verify server output excludes: {expression}') @@ -273,6 +278,7 @@ def ATSReplayTest(obj, replay_file: str): ats_config = autest_config['ats'] process_config = ats_config.get('process_config', {}) enable_tls = process_config.get('enable_tls', False) + enable_quic = process_config.get('enable_quic', False) metric_checks = ats_config.get('metric_checks', []) log_validation = ats_config.get('log_validation', None) @@ -284,10 +290,12 @@ def ATSReplayTest(obj, replay_file: str): raise ValueError(f"Replay file {replay_file} does not contain 'autest.client' section") client_config = autest_config['client'] name = client_config.get('name', 'client') - process_config = client_config.get('process_config', {}) - https_ports = [ts.Variables.ssl_port] if enable_tls else None + process_config = client_config.get('process_config', {}).copy() + http_ports = process_config.pop('http_ports', [ts.Variables.port]) + https_ports = process_config.pop('https_ports', [ts.Variables.ssl_port] if enable_tls else None) + http3_ports = process_config.pop('http3_ports', [ts.Variables.ssl_port] if enable_quic else None) client = tr.AddVerifierClientProcess( - name, replay_file, http_ports=[ts.Variables.port], https_ports=https_ports, **process_config) + name, replay_file, http_ports=http_ports, https_ports=https_ports, http3_ports=http3_ports, **process_config) # Set expected return code if specified. A list of codes is wrapped in # Any() so that any of the listed values is accepted. @@ -300,8 +308,7 @@ def ATSReplayTest(obj, replay_file: str): if client_log_validation: for contains_entry in client_log_validation.get('contains', []): expression = contains_entry['expression'] - description = contains_entry.get('description', f'Verify client output contains: {expression}') - client.Streams.All += Testers.ContainsExpression(expression, description) + client.Streams.All += _contains_expression(contains_entry, f'Verify client output contains: {expression}') for excludes_entry in client_log_validation.get('excludes', []): expression = excludes_entry['expression'] description = excludes_entry.get('description', f'Verify client output excludes: {expression}') diff --git a/tests/gold_tests/logging/log-debug-client-ip.test.py b/tests/gold_tests/logging/log-debug-client-ip.test.py index 4516fb893c5..a6894d8a65d 100644 --- a/tests/gold_tests/logging/log-debug-client-ip.test.py +++ b/tests/gold_tests/logging/log-debug-client-ip.test.py @@ -1,4 +1,5 @@ ''' +Verify debug logging filtered by client IP. ''' # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file @@ -16,39 +17,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os - Test.Summary = ''' -Test log filter. +Verify per-client-IP debug logging emits request and response header dumps. ''' -ts = Test.MakeATSProcess("ts", enable_cache=False) -replay_file = "log-filter.replays.yaml" -server = Test.MakeVerifierServerProcess("server", replay_file) -nameserver = Test.MakeDNServer("dns", default='127.0.0.1') - -ts.Disk.records_config.update( - { - 'proxy.config.diags.debug.enabled': 2, - 'proxy.config.diags.debug.tags': 'http', - 'proxy.config.diags.debug.client_ip': '127.0.0.1', - 'proxy.config.dns.nameservers': f"127.0.0.1:{nameserver.Variables.Port}", - }) -ts.Disk.remap_config.AddLine('map / http://localhost:{}/'.format(server.Variables.http_port)) +Test.ContinueOnFail = True -# Verify that the various aspects of the expected debug output for the -# transaction are logged. -ts.Disk.traffic_out.Content = Testers.ContainsExpression( - r"\+ Incoming Request \+", "Make sure the client request information is present.") -ts.Disk.traffic_out.Content += Testers.ContainsExpression( - r"\+ Proxy's Request after hooks \+", "Make sure the proxy request information is present.") -ts.Disk.traffic_out.Content += Testers.ContainsExpression( - r"\+ Incoming O.S. Response \+", "Make sure the server's response information is present.") -ts.Disk.traffic_out.Content += Testers.ContainsExpression( - r"\+ Proxy's Response 2 \+", "Make sure the proxy response information is present.") +Test.ATSReplayTest(replay_file='replay/log-debug-client-ip-http.replay.yaml') +Test.ATSReplayTest(replay_file='replay/log-debug-client-ip-https.replay.yaml') +Test.ATSReplayTest(replay_file='replay/log-debug-client-ip-http2.replay.yaml') -tr = Test.AddTestRun() -tr.Processes.Default.StartBefore(server) -tr.Processes.Default.StartBefore(ts) -tr.Processes.Default.StartBefore(nameserver) -tr.AddVerifierClientProcess("client-1", replay_file, http_ports=[ts.Variables.port], other_args="--keys test-1") +if Condition.HasATSFeature('TS_HAS_QUICHE') and Condition.HasCurlFeature('http3'): + Test.ATSReplayTest(replay_file='replay/log-debug-client-ip-http3.replay.yaml') diff --git a/tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml b/tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml new file mode 100644 index 00000000000..f92d3336d62 --- /dev/null +++ b/tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml @@ -0,0 +1,129 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +meta: + version: "1.0" + +autest: + description: 'Verify client-IP-filtered debug logging for HTTP/1.1' + + server: + name: 'server-log-debug-client-ip-http' + + client: + name: 'client-log-debug-client-ip-http' + + ats: + name: 'ts-log-debug-client-ip-http' + process_config: + enable_cache: false + + records_config: + proxy.config.diags.debug.enabled: 2 + proxy.config.diags.debug.tags: 'http' + proxy.config.diags.debug.client_ip: '127.0.0.1' + + remap_config: + - from: 'http://debug-client-ip-http.test/' + to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/' + + log_validation: + traffic_out: + contains: + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http-1' + description: 'HTTP transaction 1 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http-1' + description: 'HTTP transaction 1 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http-1' + description: 'HTTP transaction 1 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http-1' + description: 'HTTP transaction 1 logs the proxy response headers.' + multiline: true + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http-2' + description: 'HTTP transaction 2 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http-2' + description: 'HTTP transaction 2 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http-2' + description: 'HTTP transaction 2 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http-2' + description: 'HTTP transaction 2 logs the proxy response headers.' + multiline: true + +sessions: +- transactions: + - client-request: + method: GET + url: /debug-http-1 + version: '1.1' + headers: + fields: + - [Host, debug-client-ip-http.test] + - [Content-Length, 0] + - [uuid, log-debug-http-1] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http-1, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http-1] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http-1, as: equal }] + + - client-request: + method: GET + url: /debug-http-2 + version: '1.1' + headers: + fields: + - [Host, debug-client-ip-http.test] + - [Content-Length, 0] + - [uuid, log-debug-http-2] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http-2, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http-2] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http-2, as: equal }] diff --git a/tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml b/tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml new file mode 100644 index 00000000000..5230a7ebeb9 --- /dev/null +++ b/tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml @@ -0,0 +1,134 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +meta: + version: "1.0" + +autest: + description: 'Verify client-IP-filtered debug logging for HTTP/2' + + server: + name: 'server-log-debug-client-ip-http2' + + client: + name: 'client-log-debug-client-ip-http2' + + ats: + name: 'ts-log-debug-client-ip-http2' + process_config: + enable_cache: false + enable_tls: true + + records_config: + proxy.config.diags.debug.enabled: 2 + proxy.config.diags.debug.tags: 'http' + proxy.config.diags.debug.client_ip: '127.0.0.1' + + remap_config: + - from: 'https://debug-client-ip-http2.test/' + to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/' + + log_validation: + traffic_out: + contains: + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http2-1' + description: 'HTTP/2 transaction 1 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http2-1' + description: 'HTTP/2 transaction 1 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http2-1' + description: 'HTTP/2 transaction 1 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http2-1' + description: 'HTTP/2 transaction 1 logs the proxy response headers.' + multiline: true + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http2-2' + description: 'HTTP/2 transaction 2 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http2-2' + description: 'HTTP/2 transaction 2 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http2-2' + description: 'HTTP/2 transaction 2 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http2-2' + description: 'HTTP/2 transaction 2 logs the proxy response headers.' + multiline: true + +sessions: +- protocol: + stack: http2 + tls: + sni: debug-client-ip-http2.test + transactions: + - client-request: + headers: + fields: + - [":method", GET] + - [":scheme", https] + - [":authority", debug-client-ip-http2.test] + - [":path", /debug-http2-1] + - [Content-Length, 0] + - [uuid, log-debug-http2-1] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http2-1, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http2-1] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http2-1, as: equal }] + + - client-request: + headers: + fields: + - [":method", GET] + - [":scheme", https] + - [":authority", debug-client-ip-http2.test] + - [":path", /debug-http2-2] + - [Content-Length, 0] + - [uuid, log-debug-http2-2] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http2-2, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http2-2] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http2-2, as: equal }] diff --git a/tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml b/tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml new file mode 100644 index 00000000000..d0599f91a07 --- /dev/null +++ b/tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml @@ -0,0 +1,136 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +meta: + version: "1.0" + +autest: + description: 'Verify client-IP-filtered debug logging for HTTP/3' + + server: + name: 'server-log-debug-client-ip-http3' + + client: + name: 'client-log-debug-client-ip-http3' + + ats: + name: 'ts-log-debug-client-ip-http3' + process_config: + enable_cache: false + enable_tls: true + enable_quic: true + + records_config: + proxy.config.diags.debug.enabled: 2 + proxy.config.diags.debug.tags: 'http' + proxy.config.diags.debug.client_ip: '127.0.0.1' + proxy.config.quic.no_activity_timeout_in: 0 + + remap_config: + - from: 'https://debug-client-ip-http3.test/' + to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/' + + log_validation: + traffic_out: + contains: + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http3-1' + description: 'HTTP/3 transaction 1 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http3-1' + description: 'HTTP/3 transaction 1 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http3-1' + description: 'HTTP/3 transaction 1 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http3-1' + description: 'HTTP/3 transaction 1 logs the proxy response headers.' + multiline: true + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-http3-2' + description: 'HTTP/3 transaction 2 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-http3-2' + description: 'HTTP/3 transaction 2 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-http3-2' + description: 'HTTP/3 transaction 2 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-http3-2' + description: 'HTTP/3 transaction 2 logs the proxy response headers.' + multiline: true + +sessions: +- protocol: + stack: http3 + tls: + sni: debug-client-ip-http3.test + transactions: + - client-request: + headers: + fields: + - [":method", GET] + - [":scheme", https] + - [":authority", debug-client-ip-http3.test] + - [":path", /debug-http3-1] + - [Content-Length, 0] + - [uuid, log-debug-http3-1] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http3-1, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http3-1] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http3-1, as: equal }] + + - client-request: + headers: + fields: + - [":method", GET] + - [":scheme", https] + - [":authority", debug-client-ip-http3.test] + - [":path", /debug-http3-2] + - [Content-Length, 0] + - [uuid, log-debug-http3-2] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-http3-2, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-http3-2] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-http3-2, as: equal }] diff --git a/tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml b/tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml new file mode 100644 index 00000000000..79e9b5aa4b7 --- /dev/null +++ b/tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml @@ -0,0 +1,134 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +meta: + version: "1.0" + +autest: + description: 'Verify client-IP-filtered debug logging for HTTPS' + + server: + name: 'server-log-debug-client-ip-https' + + client: + name: 'client-log-debug-client-ip-https' + + ats: + name: 'ts-log-debug-client-ip-https' + process_config: + enable_cache: false + enable_tls: true + + records_config: + proxy.config.diags.debug.enabled: 2 + proxy.config.diags.debug.tags: 'http' + proxy.config.diags.debug.client_ip: '127.0.0.1' + + remap_config: + - from: 'https://debug-client-ip-https.test/' + to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/' + + log_validation: + traffic_out: + contains: + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-https-1' + description: 'HTTPS transaction 1 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-https-1' + description: 'HTTPS transaction 1 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-https-1' + description: 'HTTPS transaction 1 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-https-1' + description: 'HTTPS transaction 1 logs the proxy response headers.' + multiline: true + - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after hooks \+)[\s\S])*?uuid: log-debug-https-2' + description: 'HTTPS transaction 2 logs the incoming request headers.' + multiline: true + - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming O.S. Response \+)[\s\S])*?uuid: log-debug-https-2' + description: 'HTTPS transaction 2 logs the proxy request headers after hooks.' + multiline: true + - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 2 \+)[\s\S])*?uuid: log-debug-https-2' + description: 'HTTPS transaction 2 logs the incoming origin response headers.' + multiline: true + - expression: '\+ Proxy''s Response 2 \+(?:(?!\+ Incoming Request \+)[\s\S])*?uuid: log-debug-https-2' + description: 'HTTPS transaction 2 logs the proxy response headers.' + multiline: true + +sessions: +- protocol: + stack: https + tls: + sni: debug-client-ip-https.test + transactions: + - client-request: + method: GET + url: /debug-https-1 + version: '1.1' + headers: + fields: + - [Host, debug-client-ip-https.test] + - [Content-Length, 0] + - [uuid, log-debug-https-1] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-https-1, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-https-1] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-https-1, as: equal }] + + - client-request: + method: GET + url: /debug-https-2 + version: '1.1' + headers: + fields: + - [Host, debug-client-ip-https.test] + - [Content-Length, 0] + - [uuid, log-debug-https-2] + + proxy-request: + headers: + fields: + - [uuid, { value: log-debug-https-2, as: equal }] + + server-response: + status: 200 + reason: OK + headers: + fields: + - [Content-Length, 0] + - [uuid, log-debug-https-2] + + proxy-response: + status: 200 + headers: + fields: + - [uuid, { value: log-debug-https-2, as: equal }]