Skip to content

Commit

Permalink
acceptance-tests: disable DNS by default in tests to avoid false posi…
Browse files Browse the repository at this point in the history
…tives (hashicorp#1058)
  • Loading branch information
ishustava authored Jul 30, 2021
1 parent e03d201 commit 1eaabb7
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 21 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ commands:
type: string
consul-k8s-image:
type: string
default: "docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
default: "hashicorpdev/consul-k8s:2dfffed"
steps:
- when:
condition: << parameters.failfast >>
Expand Down
4 changes: 4 additions & 0 deletions test/acceptance/framework/consul/consul_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ func NewHelmCluster(
"server.bootstrapExpect": "1",
"connectInject.envoyExtraArgs": "--log-level debug",
"connectInject.logLevel": "debug",
// Disable DNS since enabling it changes the policy for the anonymous token,
// which could result in tests passing due to that token having privileges to read services
// (false positive).
"dns.enabled": "false",
}
valuesFromConfig, err := cfg.HelmValuesFromConfig()
require.NoError(t, err)
Expand Down
3 changes: 3 additions & 0 deletions test/acceptance/framework/consul/consul_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ func TestNewHelmCluster(t *testing.T) {
"connectInject.envoyExtraArgs": "--log-level debug",
"connectInject.logLevel": "debug",
"connectInject.transparentProxy.defaultEnabled": "false",
"dns.enabled": "false",
},
},
{
Expand All @@ -40,6 +41,7 @@ func TestNewHelmCluster(t *testing.T) {
"connectInject.envoyExtraArgs": "--foo",
"connectInject.logLevel": "debug",
"connectInject.transparentProxy.defaultEnabled": "true",
"dns.enabled": "true",
"feature.enabled": "true",
},
want: map[string]string{
Expand All @@ -49,6 +51,7 @@ func TestNewHelmCluster(t *testing.T) {
"connectInject.envoyExtraArgs": "--foo",
"connectInject.logLevel": "debug",
"connectInject.transparentProxy.defaultEnabled": "true",
"dns.enabled": "true",
"feature.enabled": "true",
},
},
Expand Down
30 changes: 10 additions & 20 deletions test/acceptance/tests/consul-dns/consul_dns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package consuldns
import (
"context"
"fmt"
"strconv"
"testing"

"github.com/hashicorp/consul-helm/test/acceptance/framework/consul"
Expand All @@ -16,30 +17,19 @@ import (
const podName = "dns-pod"

func TestConsulDNS(t *testing.T) {
cases := []struct {
name string
helmValues map[string]string
}{
{
"Default installation",
nil,
},
{
"Secure installation (with TLS and ACLs enabled)",
map[string]string{
"global.tls.enabled": "true",
"global.acls.manageSystemACLs": "true",
},
},
}

for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
for _, secure := range []bool{false, true} {
name := fmt.Sprintf("secure: %t", secure)
t.Run(name, func(t *testing.T) {
env := suite.Environment()
ctx := env.DefaultContext(t)
releaseName := helpers.RandomName()

cluster := consul.NewHelmCluster(t, c.helmValues, ctx, suite.Config(), releaseName)
helmValues := map[string]string{
"dns.enabled": "true",
"global.tls.enabled": strconv.FormatBool(secure),
"global.acls.manageSystemACLs": strconv.FormatBool(secure),
}
cluster := consul.NewHelmCluster(t, helmValues, ctx, suite.Config(), releaseName)
cluster.Create(t)

k8sClient := ctx.KubernetesClient(t)
Expand Down

0 comments on commit 1eaabb7

Please sign in to comment.