Router check tool with two input json files

[hennna]

The router check tool compares whether routes returned by a router match what is expected. The tool takes two configuration json files: a router config file and a tool config file. This PR is in response to Issue #538.

The router tool is built using bazel. The tool is located in a new directory: test/tools/router_check/.

test/tools/router_check/json holds the tool config json schema files

route_test.sh exercises the tool to test 8 pairs of input router/tool config json files. The config files are located in test/tools/router_check/test/config/...

[htuch]

This will be a very useful tool, thanks for putting it together.

[htuch]

Can you order the parameter and the use of the parameter consistently relative to other params/args? I tend to use what buildifier says or https://bazel.build/versions/master/docs/be/c-cpp.html for guidance.

[htuch]

Should this be "Route table check tool" rather than "Router check tool"? Same in various places below.

[htuch]

As discussed, the expected/checked properties can be reorganized so that individual input entries can be more expressive.

[htuch]

Can you just reorder this so that the inputs come first and the "check" block comes last? This would be a bit clearer to the reader.

[htuch]

Prefer headers.ForwardedProto() != nullptr for better readability (it's clear we're dealing with a pointer).

[htuch]

prefer ::exit(1);

[htuch]

etc

[htuch]

I would simplify and get rid of the total Y/N. In the simple, automated case, just exit 0/1 depending on whether there is a match. If --details is specified, print the details. It would simplify the interface and the implementation as well. No need for the calls to increaseCounters in various places.

[htuch]

You don't need Doxygen for internal methods like this, in particular when the comment is basically the same as the name.

[htuch]

setShowDetails

[dnoe]

To match Envoy style you can use std::unique_ptr here. It will also automagically fix the (harmless) memory leak of Router::ConfigImpl.

[dnoe]

I think this is harmless because the Router::ConfigImpl has a lifetime that ends when this executable exits, but there's a memory leak here. std::unique_ptr will address this without having to write a custom dtor.

[mattklein123]

+1, please get into the habit of always writing leak free (and exception safe) code even in utilities like this. unique_ptr is the way to go.

[htuch]

This is coming together nicely, I like the thorough documentation and testing in the PR. I still have some design level feedback before getting into the implementation specifics.

[htuch]

I just added a shell test in #706, so based on this experience I'm thinking we can just skip the envoy_sh_test and use sh_test directly., we don't have too much Envoy specific that's going to be shared across tests today.

[htuch]

Envoy

[htuch]

Thanks for adding this simple example, I enjoy seeing concrete examples when reading docs :)

[htuch]

"to be added as input to route determination."

[htuch]

It's a little unclear to me how to use this. When would I specify a value of 4 vs. a value of 312? What does it do? Is it a seed? Is it a weight towards a particular cluster? etc.

[htuch]

[":router_check_main_lib"]

[htuch]

So, naively I would have thought that the way to probe for SSL handling would by by setting the :scheme pseudo-header. However, looking at Envoy, it seems to only consider require_ssl by using x-forwarded-proto rather than :scheme in https://github.com/lyft/envoy/blob/master/source/common/router/config_impl.cc#L497.

I think this is because ConnectionManagerUtility::mutateRequestHeaders(), invoked on the request decode path, converts the :scheme into x-forwarded-proto.

So, I think we should actually make the ssl option here set :scheme: https, as if it's the simple case of a non-proxied request, and then have x-forwarded-proto available for testing via the additional_headers mechanism, no need to make it an explicit option.

@mattklein123 for confirmation.

[htuch]

@hennna and I were just discussing this. I now understand why we need to use x-forwarded-proto vs. :scheme in the test - it's a result of the fact we're mocking out the rest of Envoy and don't have the :scheme conversion applied to the header prior to passing to the router.

[htuch]

I'm not sure (as a reader) I get why thy there is different behavior for the redirect path case, or even how to specify whether in a test case I want to exercise redirect behavior. I think avoiding special cases is best (principle of least surprise). Same applies to the ssl value below.

[htuch]

Yeah, so looking at how the tool works, I think we shouldn't change the actual input behavior based on whether the output is specified as path_redirect. We can talk about this in person a bit, but I think the cleaner design is to just specify redirect behavior as a combination of the input path/authority and route config table, then measure the behavior here via the above checked results, with no special case mutation of the headers.

[hennna]

@htuch I've updated the tool so path_redirect does not have special config cases. Instead, method is set to GET by default and x-forwarded-proto is set to http by default in all test cases.

[htuch]

I think this is now great at the design level, so onto the implementation review. It's looking mostly good there too modulo the review comments.

[htuch]

What's a valid runtime value?

[hennna]

I don't understand it fully which is why it isn't supported in the tool. My understanding is that routes can match on a runtime key in addition to matching header values. https://lyft.github.io/envoy/docs/configuration/http_conn_man/route_config/route.html#config-http-conn-man-route-table-route

In that case, this value is used to determine whether a runtime feature is enabled.
https://github.com/lyft/envoy/blob/master/source/common/router/config_impl.cc#L152

The confusion is that this value also seems to be used when choosing between weighted clusters.
https://github.com/lyft/envoy/blob/master/source/common/router/config_impl.cc#L288

[htuch]

As a second sentence: "By setting x-forwarded-proto to a given protocol, the tool is able to simulate the behavior of a client issuing a request via http or https." It's still a bit low-level in explanation, the user really just cares about whether it's an http or https request, not how it works internally.

[htuch]

--details

[htuch]

It's probably cleaner to use whitespace separation rather than -----, since this makes it easier to parse out in other tools that might consume this tool, e.g. running sed/cut/grep over the output of --details.

[htuch]

This is another place that valid runtime values comes up that the reader might not have context for.

[htuch]

Nit: if details_ flag is set.

[htuch]

Nit: actual

[htuch]

Nit: This one is not Doxygen but the others are. They should ideally be consistent.

[htuch]

I think the route determination should be done once in routerCheckTool::compareEntriesInJson, rather multiple times in each of the compare* methods. You can pass a reference to the returned route, so this is just a small refactoring.

[htuch]

I think there should be a fourth field indicating what is actually being compared, e.g. is it the virtual cluster, the redirect_path, etc.

[htuch]

This is looking great, ready for wider review. @mattklein123 would you like to take a pass?

[htuch]

s/but can be added/, this may be added in future work./

[htuch]

You could optionally combined roucher_check_main_lib and router_tool_lib.

[htuch]

Great, this is what I was talking about it.

[htuch]

Nit: the earlier line seems too shrot.

[htuch]

Based on https://github.com/lyft/envoy/blob/master/source/common/router/config_impl.cc#L288, I think a better description would be: An integer used to supply the random seed for weighted cluster selection.. No need to mention runtime choice I think.

[rshriram]

nit: @htuch I suggest keeping the name as is, as it serves two purposes (weighted_clusters and a previous incarnation of the same where the route blocks were repeated, with different target clusters and runtime values). @mattklein123 and @ccaraman - do you folks still use the old runtime style way of shifting traffic?

And btw, random_value is not even the seed. It "is" the random number that Envoy runtime uses (this number modulo 100 to obtain the weight for the route and then identify the target cluster)

[htuch]

I think it's fine for v1, but would be interested in hearing about what other reviewers think. The idea is we could avoid taking a gmock dependency (and requiring this to be treated as a test binary by Bazel) by using dummy objects that are explicitly written instead of mocks. It might be the case that we could reuse what @rlazarus is doing for the config validation work, so could punt until then.

[rshriram]

Can you clarify a bit more? as a test binary for what purpose? To test Envoy during compilation process ?

[htuch]

There's ways to make this a bit more concise, e.g. by using a map of check_type -> check function. E.g. you could consider:

const std::unorder_map<std::string, std::function<bool(ToolConfig&,const std::string&,Router::RouteConstSharedPtr)> checkers = {
  {"path_redirect", std::bind(&RouterCheckTool::compareRedirect, this)},
  {"cluster_name", std::bind(&RouterCheckTool::compareCluster, this)},
  etc..
}

and then iterating over this map and applying the functions.

This is kind of an advanced C++ thing, I think for a tool like this you could do what you have today, just offering an alternative.

[dnoe]

This is good advice :) @htuch beat me to it. Instead of the long sequence of ifs you can write something like:

for (auto kv : function_map) {
  if (check_type->hasObject(kv.first)) {
    auto test_result = kv.second(tool_config, check_type->getString(kv.first), route); // assuming you don't want to early exit
    no_failures = no_failures ? test_result : false;
  }
}

Or iterate over found objects in JSON and look up the function in the map in a similar fashion.

[mattklein123]

@ccaraman can you take a first pass over this today? I can look early next week. I would try to look for any missing edge cases that we might want to test that are not covered, or couldn't be easily extended with the design.

@rshriram I think you might want to review this as well.

[ccaraman]

Do you intend for Input for the route table check tool to be a header? Otherwise it doesn't make too much sense the way the sentence is structured.

[hennna]

No. I can expand to a full sentence.

[ccaraman]

nit for router: add a link to the configuration.

[ccaraman]

Please split this paragraph into a few sections:

• what the tool is meant to do, what is supported, etc
• how to configure the tool (example what are the required inputs, min fields, etc)
• sample input/ouput

[hennna]

I can add a link to the install rst page and rephrase.

[ccaraman]

Please use proper header names, ex authority ->:authority

[ccaraman]

Please be consistent with the tooling name. I prefer Route over Router.

[ccaraman]

About the second field, it isn't clear to me what the route parameter value means? One way to link to which test case fails is to have a name for each testing object.

[ccaraman]

Or if the fourth field were the second field.

[ccaraman]

suggestion: I would break the object into three parts

• name for the test case
• input value
• expected output value

The reason for a tests name is once there are many objects it will be difficult to identify which individual test case failed. Grouping all of the input into an object makes it cleaner to understand what is being passed in.

[hennna]

I can add this change. In that case would --details print out 4 fields or 5?
P/F test_name test_case expected actual OR
P/F test_name expected actual

[ccaraman]

I was doing a bit of thinking about this, and maybe the print output could be changed to something that looks like

Test Case: <test case name>
P/F <test_case> <expected> <actual>
...

The one thing that I'm still not sure about is if we should print the test cases that passed.

[hennna]

In the most recent commit I've decided not to output details for the pass cases. The resulting print out would be:

<test case name>
<expected> <actual> <test_case>
...

where <expected> <actual> <test_case> are only printed for failure cases.

[ccaraman]

nit: maybe change check to expected_output?

[rshriram]

or validate perhaps? I would also prefix the field with __ to indicate that its special.

[ccaraman]

typo for store ->stores

[ccaraman]

nit: full stop at the end of the sentence.

[ccaraman]

Can you add a min length check?

[ccaraman]

can you please expand what the content of the array are? Similar to adding a section for https://lyft.github.io/envoy/docs/configuration/http_conn_man/route_config/route.html#adding-custom-request-headers

Please do this for the expected output for headers

[ccaraman]

What does max Properties do?

[hennna]

I put this here because the json schema allows properties to be repeated. For example:

{
"field": ":authority",
"value": "http://google.com",
"field": ":path"
}``

is acceptable. By saying both fields are required and that only two properties are allowed, I am trying to deter json input files with erroneous schemas.

[ccaraman]

Can you create a static const var like https://github.com/lyft/envoy/blob/master/source/common/json/config_schemas.h#L8?

[hennna]

Originally I followed the definition pattern in config_shemas.h, but I changed to wrapping the variable in a function in this commit: 34d1dcb.

The reasoning was in response to comments pointing out that static const string types are dangerous due to random ordering of constructor and destructor calls.

[ccaraman]

nit: new line

[ccaraman]

nit: spacing. Can you aline successfully under bool? like https://github.com/lyft/envoy/blob/master/include/envoy/http/async_client.h#L133-L135

[ccaraman]

Does the "golden" prefix for a file mean the test case?

[hennna]

Yes, that's correct.

[ccaraman]

Please add a TODO to load a full config and extract the route configuration from it. I think that will be useful in the future so users can just pass in their existing config.

[ccaraman]

nit: keep new line spacing consistent across Compare Methods. either had a new line here or remove the new lines in the other compare methods

[ccaraman]

nit: spacing

[ccaraman]

nit: spacing

[ccaraman]

why is there a reference to a test case output for cluster1?

[hennna]

This shell script exercises the route table test tool -- a test for the test tool. In this test, I mixed and matched the TestRoutes router config with the Weighted test tool config. In that case there will be failure test cases. Rather than matching on all the failure test cases, I am checking that a specific cluster_name match test case failed. The failed test case has cluster1 as the expected cluster name and instant-server as the actual cluster name returned by the router.

[hennna]

@ccaraman Thanks for taking the time to review! Does this PR seem to be in a good state to merge?

I've added the TODO as a comment and also in #730.

[mattklein123]

@hennna I will take a look through in a few hours.

[mattklein123]

out of curiosity why does validate start with a _ ?

[hennna]

To show that it is a special parameter. This was in response to an earlier comment.

[hennna]

Now I realize that the comment recommended __ (two underscores). Is there a preference for two, one, or no prefix?

[mattklein123]

I don't know the original comment. To me it seems odd to have any underscore, but I don't care that much. I would poll some folks sitting by you.

[mattklein123]

I don't mind the changes in this file, but FYI the connection manager enforces that ForwardedProto is always set. Not sure if we should change this or your tool should mimic that behavior and always set ForwardedProto to something by default?

[mattklein123]

@hennna thanks a lot, this is awesome. Just some high level style comments. I know this is "just a test tool" but it's a good learning experience for writing good prod side code also. Just a few fixes and I think we are good to merge.

[mattklein123]

nit: del newline

[mattklein123]

general coding style preference: There are a lot of comments in this change that are obvious. For example if you have something like this:

// do something cool
doSomethingCool();

There is no point in having a comment. Can you go through and delete comments that fall into that category (there are many).

[mattklein123]

this should be included for you, delete

[mattklein123]

nit: del newline

[mattklein123]

Can this happen? Please delete error handling that can't happen.

[mattklein123]

You have quite a bit of extra error handling after you catch this exception. Embrace exceptions, they are awesome. In this case, I would have a top level try/catch in main(), and catch EnvoyException, print an error, and exit(1). If you do this, you can get rid of quite a bit of extraneous error handling in the code.

[mattklein123]

this is an example of error checking you can get rid of if you allow exceptions to bubble up. There is more.

[mattklein123]

Just make constructor take check_config and throw exception if there is an issue. No need for other function.

[hennna]

It seems folks around here aren't comfortable with exceptions being thrown in constructors. I've updated the code to follow the model in https://github.com/lyft/envoy/blob/master/source/common/network/cidr_range.h#L95 using static factory methods to create instances of ToolConfig and RouterCheckTool.

[mattklein123]

It's not worth arguing over this case, but throwing exceptions from constructors is how errors are raised from constructors. In an RAII world, cleanup, etc. happen properly. If you want to have a static creation function feel free but it's not required.

[mattklein123]

I would remove this TODO. Not sure why we would switch away from mocks? Or do you mean the work that @rlazarus is doing?

[mattklein123]

del (might be other instances)

[mattklein123]

very nice work, thanks