Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make dynamic ASG test endpoint configurable #604

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Make dynamic ASG test endpoint configurable #604

wants to merge 1 commit into from

Conversation

peterellisjones
Copy link

@peterellisjones peterellisjones commented Sep 26, 2022
edited
Loading

Are you submitting this PR against the develop branch?

👍

What is this change about?

Currently the Dynamic ASG test works the following way:

  • Make a request from a test app to cloud-controller-ng.service.cf.internal:9024/v2/info
  • Verify the request was blocked
  • Add a security group rule allows the app to make TCP connections to port 9024 in IP range 10.0.0.0/8
  • Verify the request is now allowed
  • Remove the security group
  • Verify the request is blocked again

This test requires/assumes that:

  • cloud-controller-ng.service.cf.internal:9024 is currently blocked by the platform-wide running ASGs
  • The Cloud Controller is deployed to an IP in the range 10.0.0.0/8
  • cloud-controller-ng.service.cf.internal resolves to a Cloud Controller VM IP

This PR adds an optional configuration parameter dynamic_asg_test_config which can be used to change the test to work in environments where the above assumptions don't hold. By default the test will use the current logic, but dynamic_asg_test_config can be used to override the following parameters:

  • endpoint_host: Hostname or IP for test endpoint to allow/block
  • endpoint_port: Port for test endpoint to allow/block
  • endpoint_path: HTTP Path for test endpoint to allow/block
  • endpoint_allow_ip_range: IP range used for allowing and blocking access to the test endpoint. This can be a single IP address, a range like 192.0.2.0-192.0.2.50, or a CIDR block like 10.0.0.0/8.

What version of cf-deployment have you run this cf-acceptance-test change against?

21.9

Please check all that apply for this PR:

  • introduces a new test --- Are you sure everyone should be running this test?
  • changes an existing test
  • requires an update to a CATs integration-config

Did you update the README as appropriate for this change?

  • YES
  • N/A

How many more (or fewer) seconds of runtime will this change introduce to CATs?

0

What is the level of urgency for publishing this change?

  • Urgent - unblocks current or future work
  • Slightly Less than Urgent

Tag your pair, your PM, and/or team!

This work is done on behalf of Fidelity International

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Sep 26, 2022
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: peterellisjones / name: Peter Jones (c3f61ca)

@peterellisjones peterellisjones force-pushed the configurable-dynamic-asg-test-endpoint branch from f0283ba to c3f61ca Compare September 26, 2022 12:53
@peterellisjones peterellisjones marked this pull request as ready for review September 28, 2022 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
App Runtime Deployments Working Group
Status: Pending Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@peterellisjones