REGTESTS: Add scripts to test support of TCP/HTTP rules in defaults sections

3 scripts are added: * startup/default_rules.vtc to check configuration parsing * http-rules/default_rules.vtc to check evaluation of HTTP rules * tcp-rules/default_rules.vtc to check evaluation of TCP rules
2025-02-16 10:36:55 +00:00 · 2021-10-13 18:06:55 +02:00 · 2021-10-13 18:06:55 +02:00 · e41b497978
commit e41b497978
parent 7a06ffb854
3 changed files with 360 additions and 0 deletions
--- a/reg-tests/http-rules/default_rules.vtc
+++ b/reg-tests/http-rules/default_rules.vtc
@ -0,0 +1,112 @@
+varnishtest "Test declaration of HTTP rules in default sections"
+
+#REQUIRE_VERSION=2.5
+
+feature ignore_unknown_macro
+
+server s1 {
+        rxreq
+        expect req.http.x-frontend == "fe"
+        expect req.http.x-backend == "be"
+        expect req.http.x-test1-frt == "def_front"
+        expect req.http.x-test1-bck == "def_back"
+        txresp
+}  -start
+
+server s2 {
+        rxreq
+        txresp
+}  -start
+
+haproxy h1 -conf {
+  defaults common
+      mode http
+      timeout connect 1s
+      timeout client  1s
+      timeout server  1s
+
+  defaults def_front from common
+      http-request set-header x-frontend "%[fe_name]"
+      http-request set-var(txn.test1) "str(def_front)"
+      http-response set-header x-frontend "%[fe_name]"
+      http-response set-var(txn.test2) "str(def_front)"
+      http-after-response set-var(txn.test3) "str(def_front)"
+
+  defaults def_back from common
+      http-request set-header x-backend "%[be_name]"
+      http-request set-var(txn.test1) "str(def_back)"
+      http-response set-header x-backend "%[be_name]"
+      http-response set-var(txn.test2) "str(def_back)"
+      http-after-response set-var(txn.test3) "str(def_back)"
+
+  frontend fe from def_front
+      bind "fd@${feh1}"
+
+      http-request set-header x-test1-frt "%[var(txn.test1)]"
+      http-response set-header x-test2-frt "%[var(txn.test2)]"
+      http-after-response set-header x-test3-frt "%[var(txn.test3)]"
+
+      default_backend be
+
+  backend be from def_back
+      http-request set-header x-test1-bck "%[var(txn.test1)]"
+      http-response set-header x-test2-bck "%[var(txn.test2)]"
+      http-after-response set-header x-test3-bck "%[var(txn.test3)]"
+
+      server s1 ${s1_addr}:${s1_port}
+
+} -start
+
+
+haproxy h2 -conf {
+  defaults common
+      mode http
+      timeout connect 1s
+      timeout client  1s
+      timeout server  1s
+
+  defaults def_front from common
+      http-request allow
+      http-response allow
+      http-after-response allow
+
+  defaults def_back from common
+      http-request allow
+      http-response allow
+      http-after-response allow
+
+  frontend fe from def_front
+      bind "fd@${feh2}"
+
+      http-request deny status 403
+      http-response deny status 502
+      http-after-response set-status 502
+
+      default_backend be
+
+  backend be from def_back
+      http-request deny status 403
+      http-response deny status 502
+      http-after-response set-status 502
+
+      server s2 ${s2_addr}:${s2_port}
+
+} -start
+
+client c1 -connect ${h1_feh1_sock} {
+        txreq -req GET -url /
+        rxresp
+        expect resp.status == 200
+        expect resp.http.x-frontend == "fe"
+        expect resp.http.x-backend == "be"
+        expect resp.http.x-test2-bck == "def_back"
+        expect resp.http.x-test2-frt == "def_front"
+        expect resp.http.x-test3-bck == "def_back"
+        expect resp.http.x-test3-frt == "def_front"
+} -run
+
+client c2 -connect ${h2_feh2_sock} {
+        txreq -req GET -url /
+        rxresp
+        expect resp.status == 200
+} -run
--- a/reg-tests/startup/default_rules.vtc
+++ b/reg-tests/startup/default_rules.vtc
@ -0,0 +1,186 @@
+varnishtest "Misuses of defaults section defining TCP/HTTP rules"
+
+#REQUIRE_VERSION=2.5
+
+feature ignore_unknown_macro
+
+#
+# anonymous defaults section cannot define TCP/HTTP rules
+#
+haproxy h1 -conf-BAD {} {
+    defaults
+        http-request set-header X-Hdr 1
+}
+
+haproxy h2 -conf-BAD {} {
+    defaults
+        http-response set-header X-Hdr 1
+}
+
+haproxy h3 -conf-BAD {} {
+    defaults
+        http-after-request set-header X-Hdr 1
+}
+
+haproxy h4 -conf-BAD {} {
+    defaults
+        tcp-request connection accept
+}
+
+haproxy h5 -conf-BAD {} {
+    defaults
+        tcp-request session accept
+}
+
+haproxy h6 -conf-BAD {} {
+    defaults
+        tcp-request inspect-delay 5s
+        tcp-request content accept
+}
+
+haproxy h7 -conf-BAD {} {
+    defaults
+        tcp-response inspect-delay 5s
+        tcp-response content accept
+}
+
+#
+# defaults section defining TCP/HTTP rules cannot be used to init another
+# defaults section
+#
+haproxy h8 -conf-BAD {} {
+    defaults invalid
+        tcp-response inspect-delay 5s
+        tcp-response content accept
+
+    defaults from invalid
+        mode tcp
+}
+
+#
+# defaults section defining TCP/HTTP rules cannot be used to init a listen
+# section
+#
+haproxy h9 -conf-BAD {} {
+    defaults invalid
+        tcp-request inspect-delay 5s
+        tcp-request content accept
+
+    listen li from invalid
+        mode tcp
+        bind "fd@${lih9}"
+        server www 127.0.0.1:80
+}
+
+#
+# defaults section defining TCP/HTTP rules cannot be used to init frontend and
+# backend sections at the same time
+#
+#
+haproxy h10 -conf-BAD {} {
+    defaults invalid
+        tcp-request inspect-delay 5s
+        tcp-request content accept
+
+    frontend fe from invalid
+        mode tcp
+        bind "fd@${feh10}"
+        default_backend be1
+
+    backend be from invalid
+        mode tcp
+        server www 127.0.0.1:80
+}
+
+#
+# defaults section defining 'tcp-request connection' or 'tcp-request session'
+# rules cannot be used to init backend sections
+#
+haproxy h11 -conf-BAD {} {
+    defaults invalid
+        tcp-request connection accept
+
+    backend be from invalid
+        mode tcp
+        server www 127.0.0.1:80
+}
+
+haproxy h12 -conf-BAD {} {
+    defaults invalid
+        tcp-request session accept
+
+    backend be from invalid
+        mode tcp
+        server www 127.0.0.1:80
+}
+
+#
+# defaults section defining 'tcp-response content' rules cannot be used to init
+# a frontend section
+#
+haproxy h13 -conf-BAD {} {
+    defaults invalid
+        tcp-response inspect-delay 5s
+        tcp-response content accept
+
+    frontend fe from invalid
+        mode tcp
+        bind "fd@${feh10}"
+}
+
+haproxy h14 -conf-OK {
+    defaults tcp
+        tcp-response inspect-delay 5s
+        tcp-response content accept
+
+    backend be from tcp
+        mode tcp
+        server www 127.0.0.1:80
+}
+
+#
+# Check arguments resolutions in rules. FE/BE arguments must be resolved, but
+# SRV/TAB arguments without an explicit proxy name are not allowed.
+#
+
+haproxy h15 -conf-BAD {} {
+    defaults invalid
+        mode http
+        http-request set-header x-test "%[srv_conn(www)]"
+
+    backend be from invalid
+        server www 127.0.0.1:80
+}
+
+haproxy h16 -conf-BAD {} {
+    defaults invalid
+        mode http
+        http-request track-sc0 src
+        http-request deny deny_status 429 if { sc_http_req_rate(0) gt 20 }
+
+    backend be
+        stick-table type ip size 100k expire 30s store http_req_rate(10s)
+        server www 127.0.0.1:80
+}
+
+haproxy h17 -conf-OK {
+    defaults common
+        mode http
+
+    defaults def_front from common
+        http-request set-header x-test1 "%[fe_conn]"
+
+    defaults def_back from common
+        http-request track-sc0 src table be
+        http-request deny deny_status 429 if { sc_http_req_rate(0,be) gt 20 }
+        http-request set-header x-test2 "%[be_conn]"
+        http-request set-header x-test3 "%[srv_conn(be/www)]"
+
+    frontend fe from def_front
+        bind "fd@${feh15}"
+        default_backend be
+
+    backend be from def_back
+        stick-table type ip size 100k expire 30s store http_req_rate(10s)
+        server www 127.0.0.1:80
+}
--- a/reg-tests/tcp-rules/default_rules.vtc
+++ b/reg-tests/tcp-rules/default_rules.vtc
@ -0,0 +1,62 @@
+varnishtest "Test declaration of TCP rules in default sections"
+
+#REQUIRE_VERSION=2.5
+
+feature ignore_unknown_macro
+
+server s1 {
+        rxreq
+        txresp
+        expect req.http.x-test1-frt == "def_front"
+        expect req.http.x-test1-bck == "def_back"
+}  -start
+
+haproxy h1 -conf {
+  defaults common
+      mode http
+      timeout connect 1s
+      timeout client  1s
+      timeout server  1s
+
+  defaults def_front from common
+      tcp-request connection accept
+      tcp-request session accept
+      tcp-request inspect-delay 5s
+      tcp-request content set-var(txn.test1) "str(def_front)"
+      tcp-request content accept
+
+  defaults def_back from common
+      tcp-request inspect-delay 5s
+      tcp-request content set-var(txn.test1) "str(def_back)"
+      tcp-request content accept
+
+      tcp-response inspect-delay 5s
+      tcp-response content set-var(txn.test2) "str(def_back)"
+      tcp-response content accept
+
+  frontend fe from def_front
+      bind "fd@${feh1}"
+      tcp-request connection reject
+      tcp-request session reject
+      tcp-request content reject
+
+      http-request set-header x-test1-frt "%[var(txn.test1)]"
+
+      default_backend be
+
+  backend be from def_back
+      tcp-response content reject
+
+      http-request set-header x-test1-bck "%[var(txn.test1)]"
+      http-response set-header x-test2 "%[var(txn.test2)]"
+
+      server s1 ${s1_addr}:${s1_port}
+
+} -start
+
+client c1 -connect ${h1_feh1_sock} {
+        txreq -req GET -url /
+        rxresp
+        expect resp.status == 200
+        expect resp.http.x-test2 == "def_back"
+} -run