-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support proxy protocol v2 in MySQL #12424
Changes from 5 commits
29e4427
29e0a57
f820deb
5ea22d2
e2724ed
2df632b
df177a2
f57ccc6
b303937
10b5e8a
12a8a2e
3026d90
211bbd7
a3bdeee
c3398ed
27b64ed
ea9e50d
0051f35
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,17 +40,22 @@ func TestProxyProtocolPostgres(t *testing.T) { | |
|
||
testCtx.createUserAndRole(ctx, t, "alice", "admin", []string{"postgres"}, []string{"postgres"}) | ||
|
||
// Point our proxy to the Teleport's db listener on the multiplexer. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.mux.DB().Addr().String()) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Postgres listener and make | ||
// sure the connection succeeds. | ||
psql, err := testCtx.postgresClientWithAddr(ctx, proxy.Address(), "alice", "postgres", "postgres", "postgres") | ||
require.NoError(t, err) | ||
require.NoError(t, psql.Close(ctx)) | ||
for _, v2 := range []bool{false, true} { | ||
v2 := v2 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this necessary? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it is now (we pass it down to closure to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. But there's no parallel code here, so I think There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I've added it as a safeguard in case we add something like t.Parallel somewhere down the road. Currently it's true it's not needed. I removed it for now. |
||
t.Run(name(v2), func(t *testing.T) { | ||
probakowski marked this conversation as resolved.
Show resolved
Hide resolved
|
||
// Point our proxy to the Teleport's db listener on the multiplexer. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.mux.DB().Addr().String(), v2) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Postgres listener and make | ||
// sure the connection succeeds. | ||
psql, err := testCtx.postgresClientWithAddr(ctx, proxy.Address(), "alice", "postgres", "postgres", "postgres") | ||
require.NoError(t, err) | ||
require.NoError(t, psql.Close(ctx)) | ||
}) | ||
} | ||
} | ||
|
||
// TestProxyProtocolMySQL ensures that clients can successfully connect to a | ||
|
@@ -63,17 +68,22 @@ func TestProxyProtocolMySQL(t *testing.T) { | |
|
||
testCtx.createUserAndRole(ctx, t, "alice", "admin", []string{"root"}, []string{types.Wildcard}) | ||
|
||
// Point our proxy to the Teleport's MySQL listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.mysqlListener.Addr().String()) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to MySQL listener and make | ||
// sure the connection succeeds. | ||
mysql, err := testCtx.mysqlClientWithAddr(proxy.Address(), "alice", "mysql", "root") | ||
require.NoError(t, err) | ||
require.NoError(t, mysql.Close()) | ||
for _, v2 := range []bool{false, true} { | ||
v2 := v2 | ||
t.Run(name(v2), func(t *testing.T) { | ||
// Point our proxy to the Teleport's MySQL listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.mysqlListener.Addr().String(), v2) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to MySQL listener and make | ||
// sure the connection succeeds. | ||
mysql, err := testCtx.mysqlClientWithAddr(proxy.Address(), "alice", "mysql", "root") | ||
require.NoError(t, err) | ||
require.NoError(t, mysql.Close()) | ||
}) | ||
} | ||
} | ||
|
||
// TestProxyProtocolMongo ensures that clients can successfully connect to a | ||
|
@@ -86,17 +96,22 @@ func TestProxyProtocolMongo(t *testing.T) { | |
|
||
testCtx.createUserAndRole(ctx, t, "alice", "admin", []string{"admin"}, []string{types.Wildcard}) | ||
|
||
// Point our proxy to the Teleport's TLS listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.webListener.Addr().String()) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Teleport listener and make | ||
// sure the connection succeeds. | ||
mongo, err := testCtx.mongoClientWithAddr(ctx, proxy.Address(), "alice", "mongo", "admin") | ||
require.NoError(t, err) | ||
require.NoError(t, mongo.Disconnect(ctx)) | ||
for _, v2 := range []bool{false, true} { | ||
v2 := v2 | ||
t.Run(name(v2), func(t *testing.T) { | ||
// Point our proxy to the Teleport's TLS listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.webListener.Addr().String(), false) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Teleport listener and make | ||
// sure the connection succeeds. | ||
mongo, err := testCtx.mongoClientWithAddr(ctx, proxy.Address(), "alice", "mongo", "admin") | ||
require.NoError(t, err) | ||
require.NoError(t, mongo.Disconnect(ctx)) | ||
}) | ||
} | ||
} | ||
|
||
func TestProxyProtocolRedis(t *testing.T) { | ||
|
@@ -106,23 +121,28 @@ func TestProxyProtocolRedis(t *testing.T) { | |
|
||
testCtx.createUserAndRole(ctx, t, "alice", "admin", []string{"admin"}, []string{types.Wildcard}) | ||
|
||
// Point our proxy to the Teleport's TLS listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.webListener.Addr().String()) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Teleport listener and make | ||
// sure the connection succeeds. | ||
redisClient, err := testCtx.redisClientWithAddr(ctx, proxy.Address(), "alice", "redis", "admin") | ||
require.NoError(t, err) | ||
|
||
// Send ECHO to Redis server and check if we get it back. | ||
resp := redisClient.Echo(ctx, "hello") | ||
require.NoError(t, resp.Err()) | ||
require.Equal(t, "hello", resp.Val()) | ||
|
||
require.NoError(t, redisClient.Close()) | ||
for _, v2 := range []bool{false, true} { | ||
v2 := v2 | ||
t.Run(name(v2), func(t *testing.T) { | ||
// Point our proxy to the Teleport's TLS listener. | ||
proxy, err := multiplexer.NewTestProxy(testCtx.webListener.Addr().String(), false) | ||
require.NoError(t, err) | ||
t.Cleanup(func() { proxy.Close() }) | ||
go proxy.Serve() | ||
|
||
// Connect to the proxy instead of directly to Teleport listener and make | ||
// sure the connection succeeds. | ||
redisClient, err := testCtx.redisClientWithAddr(ctx, proxy.Address(), "alice", "redis", "admin") | ||
require.NoError(t, err) | ||
|
||
// Send ECHO to Redis server and check if we get it back. | ||
resp := redisClient.Echo(ctx, "hello") | ||
require.NoError(t, resp.Err()) | ||
require.Equal(t, "hello", resp.Val()) | ||
|
||
require.NoError(t, redisClient.Close()) | ||
}) | ||
} | ||
} | ||
|
||
// TestProxyClientDisconnectDueToIdleConnection ensures that idle clients will be disconnected. | ||
|
@@ -232,3 +252,10 @@ func TestExtractMySQLVersion(t *testing.T) { | |
require.NoError(t, err) | ||
require.Equal(t, "8.0.25", version) | ||
} | ||
|
||
func name(v2 bool) string { | ||
if v2 { | ||
return "v2" | ||
} | ||
return "v1" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: use a bytes.Buffer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea, I changed it