test(e2e): Add test to validate session connection limits (#4395)

* test(e2e): Move default client port test to its own file * test(e2e): Add test to validate session connection limits
2 years ago · c72c614200
parent 3af259ff69
commit c72c614200
4 changed files with 185 additions and 43 deletions
--- a/testing/internal/e2e/boundary/target.go
+++ b/testing/internal/e2e/boundary/target.go
@ -87,6 +87,9 @@ func CreateNewTargetCli(t testing.TB, ctx context.Context, projectId string, def
 	if opts.WithEgressWorkerFilter != "" {
 		args = append(args, "-egress-worker-filter", opts.WithEgressWorkerFilter)
 	}
+	if opts.WithSessionConnectionLimit != 0 {
+		args = append(args, "-session-connection-limit", fmt.Sprintf("%d", opts.WithSessionConnectionLimit))
+	}

 	output := e2e.RunCommand(ctx, "boundary",
 		e2e.WithArgs("targets", "create"),
--- a/testing/internal/e2e/tests/base/target_tcp_connect_connection_limits_test.go
+++ b/testing/internal/e2e/tests/base/target_tcp_connect_connection_limits_test.go
@ -0,0 +1,122 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package base_test
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/boundary/internal/target"
+	"github.com/hashicorp/boundary/testing/internal/e2e"
+	"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
+	"github.com/stretchr/testify/require"
+)
+
+// TestCliTcpTargetConnectTargetWithConnectionLimits connects to a target that
+// has connection limits defined. An error should return when the connection
+// limit is exhausted
+func TestCliTcpTargetConnectTargetWithConnectionLimits(t *testing.T) {
+	e2e.MaybeSkipTest(t)
+	c, err := loadTestConfig()
+	require.NoError(t, err)
+
+	ctx := context.Background()
+	boundary.AuthenticateAdminCli(t, ctx)
+	newOrgId := boundary.CreateNewOrgCli(t, ctx)
+	t.Cleanup(func() {
+		ctx := context.Background()
+		boundary.AuthenticateAdminCli(t, ctx)
+		output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId))
+		require.NoError(t, output.Err, string(output.Stderr))
+	})
+	newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
+	sessionConnectionLimit := 2
+	newTargetId := boundary.CreateNewTargetCli(
+		t,
+		ctx,
+		newProjectId,
+		c.TargetPort,
+		target.WithAddress(c.TargetAddress),
+		target.WithSessionConnectionLimit(int32(sessionConnectionLimit)),
+	)
+
+	// Start a session
+	ctxCancel, cancel := context.WithCancel(context.Background())
+	port := "12345"
+	sessionChannel := make(chan *e2e.CommandResult)
+	go func() {
+		t.Log("Starting session...")
+		sessionChannel <- e2e.RunCommand(ctxCancel, "boundary",
+			e2e.WithArgs(
+				"connect",
+				"-target-id", newTargetId,
+				"-listen-port", port,
+				"-format", "json",
+			),
+		)
+	}()
+	t.Cleanup(cancel)
+
+	boundary.WaitForSessionCli(t, ctx, newProjectId)
+
+	// Start connections. Expect an error once the limit is reached
+	for i := 0; i <= sessionConnectionLimit; i++ {
+		output := e2e.RunCommand(ctx, "ssh",
+			e2e.WithArgs(
+				"localhost",
+				"-p", port,
+				"-l", c.TargetSshUser,
+				"-i", c.TargetSshKeyPath,
+				"-o", "UserKnownHostsFile=/dev/null",
+				"-o", "StrictHostKeyChecking=no",
+				"-o", "IdentitiesOnly=yes", // forces the use of the provided key
+				"hostname -i;",
+			),
+		)
+
+		if i == sessionConnectionLimit {
+			require.Error(t, output.Err, string(output.Stderr))
+			require.Equal(t, 255, output.ExitCode)
+		} else {
+			require.NoError(t, output.Err, string(output.Stderr))
+			require.Equal(t, c.TargetAddress, strings.TrimSpace(string(output.Stdout)))
+			require.Equal(t, 0, output.ExitCode)
+		}
+	}
+
+	// Check output from session. Session should be automatically terminated due
+	// to connection limit being reached
+	select {
+	case output := <-sessionChannel:
+		t.Log(string(output.Stdout))
+
+		// output includes multiple json objects, separated by newlines
+		parts := strings.Split(strings.TrimSpace(string(output.Stdout)), "\n")
+		require.Greater(t, len(parts), 1, "Expected multiple json objects in output")
+
+		// validate the first json object
+		type connectOutput struct {
+			Port int
+		}
+		var cOut connectOutput
+		err = json.Unmarshal([]byte(parts[0]), &cOut)
+		require.NoError(t, err)
+		require.Equal(t, port, fmt.Sprint(cOut.Port))
+
+		// validate the last json object
+		type sessionOutput struct {
+			TerminationReason string `json:"termination_reason"`
+		}
+		var sOut sessionOutput
+		err = json.Unmarshal([]byte(parts[len(parts)-1]), &sOut)
+		require.NoError(t, err)
+		require.Contains(t, sOut.TerminationReason, "No connections left in session")
+	case <-time.After(time.Second * 5):
+		t.Fatal("Timed out waiting for session command to exit")
+	}
+}
--- a/testing/internal/e2e/tests/base/target_tcp_connect_default_client_port_test.go
+++ b/testing/internal/e2e/tests/base/target_tcp_connect_default_client_port_test.go
@ -0,0 +1,60 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package base_test
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/boundary/internal/target"
+	"github.com/hashicorp/boundary/testing/internal/e2e"
+	"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
+	"github.com/stretchr/testify/require"
+)
+
+// TestCliTcpTargetConnectTargetWithTargetClientPort connects to a target with a
+// specified default client port and verifies the port is used
+func TestCliTcpTargetConnectTargetWithTargetClientPort(t *testing.T) {
+	e2e.MaybeSkipTest(t)
+	c, err := loadTestConfig()
+	require.NoError(t, err)
+
+	ctx := context.Background()
+	boundary.AuthenticateAdminCli(t, ctx)
+	newOrgId := boundary.CreateNewOrgCli(t, ctx)
+	t.Cleanup(func() {
+		ctx := context.Background()
+		boundary.AuthenticateAdminCli(t, ctx)
+		output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId))
+		require.NoError(t, output.Err, string(output.Stderr))
+	})
+
+	var expPort uint32 = 8356
+
+	newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
+	newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId)
+	newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId)
+	newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress)
+	boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId)
+	newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort, target.WithDefaultClientPort(expPort))
+	boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId)
+
+	// Connect to target and print host's IP address
+	output := e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"connect",
+			"-target-id", newTargetId,
+			"-exec", "/bin/echo", "--",
+			"{{boundary.port}}",
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+
+	parts := strings.Fields(string(output.Stdout))
+	port := parts[len(parts)-1]
+
+	require.Equal(t, fmt.Sprintf("%d", expPort), port, "specified port was not found")
+}
--- a/testing/internal/e2e/tests/base/target_tcp_connect_test.go
+++ b/testing/internal/e2e/tests/base/target_tcp_connect_test.go
@ -5,7 +5,6 @@ package base_test

 import (
 	"context"
-	"fmt"
 	"strings"
 	"testing"

@ -141,45 +140,3 @@ func TestCliTcpTargetConnectTargetViaTargetAndScopeNames(t *testing.T) {
 	require.Equal(t, c.TargetAddress, hostIp, "SSH session did not return expected output")
 	t.Log("Successfully connected to target by its name and scope ID")
 }
-
-func TestCliTcpTargetConnectTargetWithTargetClientPort(t *testing.T) {
-	e2e.MaybeSkipTest(t)
-	c, err := loadTestConfig()
-	require.NoError(t, err)
-
-	ctx := context.Background()
-	boundary.AuthenticateAdminCli(t, ctx)
-	newOrgId := boundary.CreateNewOrgCli(t, ctx)
-	t.Cleanup(func() {
-		ctx := context.Background()
-		boundary.AuthenticateAdminCli(t, ctx)
-		output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId))
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-
-	var expPort uint32 = 8356
-
-	newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
-	newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId)
-	newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId)
-	newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress)
-	boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId)
-	newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort, target.WithDefaultClientPort(expPort))
-	boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId)
-
-	// Connect to target and print host's IP address
-	output := e2e.RunCommand(ctx, "boundary",
-		e2e.WithArgs(
-			"connect",
-			"-target-id", newTargetId,
-			"-exec", "/bin/echo", "--",
-			"{{boundary.port}}",
-		),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-
-	parts := strings.Fields(string(output.Stdout))
-	port := parts[len(parts)-1]
-
-	require.Equal(t, fmt.Sprintf("%d", expPort), port, "specified port was not found")
-}