Experimental: istio-router-check tool (#403)

Signed-off-by: Fernando Cainelli <[email protected]>
Co-authored-by: Ben <[email protected]>

.github/workflows/docker.yml

@@ -11,15 +11,27 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v3
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
+
     - name: Login to Docker Hub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
     - name: Build and push docker image
       uses: docker/build-push-action@v4
       with:
         push: true
         tags: getyourguide/istio-config-validator:latest
+
+    - name: Build and push istio-router-check
+      uses: docker/build-push-action@v4
+      with:
+        pull: true
+        file: cmd/istio-router-check/Dockerfile
+        context: .
+        push: true
+        tags: getyourguide/istio-router-check:release-1.22

.github/workflows/go.yml

@@ -21,27 +21,9 @@ jobs:
         uname -a
         go version
         go env
-    - name: Vet
+    - name: golangci-lint
       if: matrix.platform == 'ubuntu-latest'
-      run: go vet -v ./...
-    - name: Lint
-      if: matrix.platform == 'ubuntu-latest'
-      run: |
-        export PATH=$PATH:$(go env GOPATH)/bin
-        go install golang.org/x/lint/golint@latest
-        golint -set_exit_status ./...
-    - name: staticcheck.io
-      if: matrix.platform == 'ubuntu-latest'
-      uses: dominikh/[email protected]
-      with:
-        install-go: false
-    - name: gofumpt formatting
-      if: matrix.platform == 'ubuntu-latest'
-      run: |
-        export PATH=$PATH:$(go env GOPATH)/bin
-        go install mvdan.cc/gofumpt@latest
-        gofumpt -d .
-        [ -z "$(gofumpt -l .)" ]
+      uses: golangci/golangci-lint-action@v6
     - name: Test
       run: go test -vet=off -count=1 ./...
     - name: Test with -race

.golangci.yml

@@ -0,0 +1,14 @@
+run:
+  timeout: 10m
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - gofumpt
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - stylecheck
+    - typecheck
+    - unused

cmd/istio-config-validator/main.go

@@ -3,12 +3,11 @@ package main
 import (
 	"flag"
 	"fmt"
+	"log"
 	"os"
 	"path/filepath"
 	"strings"
 
-	"istio.io/pkg/log"
-
 	"github.com/getyourguide/istio-config-validator/internal/pkg/unit"
 )
 
@@ -61,7 +60,7 @@ func main() {
 func getFiles(names []string) []string {
 	var files []string
 	for _, name := range names {
-		filepath.Walk(name, func(path string, info os.FileInfo, err error) error {
+		err := filepath.Walk(name, func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				log.Fatal(err.Error())
 			}
@@ -70,6 +69,9 @@ func getFiles(names []string) []string {
 			}
 			return nil
 		})
+		if err != nil {
+			log.Fatal(err.Error())
+		}
 	}
 	return files
 }

cmd/istio-router-check/Dockerfile

@@ -0,0 +1,17 @@
+FROM golang:1.22-bullseye as builder
+
+WORKDIR /work
+
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+COPY . .
+
+RUN go build -o bin/istio-router-check cmd/istio-router-check/main.go
+
+FROM getyourguide/router-check-tool:release-1.22
+
+COPY --from=builder /work/bin/istio-router-check /usr/local/bin/
+
+ENTRYPOINT ["/usr/local/bin/istio-router-check"]

cmd/istio-router-check/README.md

@@ -0,0 +1,79 @@
+# Istio Router Check
+
+An _experimental_ wrapper command for Envoy [Route Table Check Tool](https://www.envoyproxy.io/docs/envoy/latest/operations/tools/route_table_check_tool#install-tools-route-table-check-tool).
+
+1. It parses Istio configuration into the Envoy [HTTP Route](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#http-route-components-proto) format required by the tool.
+2. It expects `router_check_tool` binary in the PATH. The tool must be built using Istio's filters and still patches needed to work with Istio. It is currently maintained in a fork of istio proxy in [getyourguide/proxy](https://github.com/getyourguide/proxy).
+
+
+## Usage
+
+```text
+Usage:
+  istio-router-check [flags]
+
+Flags:
+  -v, -- int                        log verbosity level (default 1)
+  -c, --config-dir string           directory containing virtualservices
+      --covall                      measure coverage by checking all route fields
+      --detailed-coverage           print detailed coverage information
+  -d, --details                     print detailed information about the test results (default true)
+      --disable-deprecation-check   disable deprecation check (default true)
+  -f, --fail-under float            threshold for failure
+  -h, --help                        help for istio-router-check
+      --only-show-failures          only show failures
+  -o, --output-dir string           output directory for coverage information
+  -t, --test-dir string             directory containing tests
+```
+
+### -t \<string>, –test-path \<string>
+
+Path to a tool config JSON file. The tool config JSON file schema is found in config. The tool config input file specifies urls (composed of authorities and paths) and expected route parameter values. Additional parameters such as additional headers are optional.
+
+Schema: All internal schemas in the tool are based on proto3.
+
+### -c \<string>, –config-path \<string>
+
+Path to a VirtualServices config files. The tool will read and transform Istio configuration into Envoy configuration in order to use Envoy [Route Table Check Tool](https://www.envoyproxy.io/docs/envoy/latest/operations/tools/route_table_check_tool#install-tools-route-table-check-tool)
+
+### -o \<string>, –output-path \<string>
+
+Path to a file where to write test results as binary proto. If the file already exists, an attempt to overwrite it will be made. The validation result schema is found in proto3.
+
+### -d, –details
+
+Show detailed test execution results. The first line indicates the test name.
+
+### --only-show-failures
+
+Displays test results for failed tests. Omits test names for passing tests if the details flag is set.
+
+### -f, --fail-under
+
+Represents a percent value for route test coverage under which the run should fail.
+
+### --covall
+
+Enables comprehensive code coverage percent calculation taking into account all the possible asserts. Displays missing tests.
+
+### --disable-deprecation-check
+
+Disables the deprecation check for RouteConfiguration proto.
+
+### --detailed-coverage
+
+Enables displaying of not covered routes for non-comprehensive code coverage mode.
+
+### -h, –help
+
+Displays usage information and exits.
+
+## Running
+
+```bash
+$ docker run -v $(pwd)/examples:/examples --rm docker.io/getyourguide/istio-router-check:release-1.22 -c /examples/virtualservice.yml -t examples/test.yml
+
+test details.prod.svc.cluster.local/api/v2/products
+test details.prod.svc.cluster.local/api/v2/items
+Current route coverage: 50%
+```

cmd/istio-router-check/examples/test.yml

@@ -0,0 +1,17 @@
+tests:
+- test_name: test details.prod.svc.cluster.local/api/v2/products
+  input:
+    authority: details.prod.svc.cluster.local
+    path: /api/v2/products
+    method: GET
+  validate:
+    cluster_name: outbound|80|v2|details.prod.svc.cluster.local
+    path_rewrite: /api/newdetails
+- test_name: test details.prod.svc.cluster.local/api/v2/items
+  input:
+    authority: details.prod.svc.cluster.local
+    path: /api/v2/items
+    method: GET
+  validate:
+    cluster_name: outbound|80|v2|details.prod.svc.cluster.local
+    path_rewrite: /api/newdetails

cmd/istio-router-check/examples/virtualservice.yml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: details
+spec:
+  hosts:
+  - details.prod.svc.cluster.local
+  http:
+  - name: "details-v2-routes"
+    match:
+    - uri:
+        prefix: "/api/v2/products"
+    - uri:
+        prefix: "/api/v2/items"
+    rewrite:
+      uri: "/api/newdetails"
+    route:
+    - destination:
+        host: details.prod.svc.cluster.local
+        subset: v2

cmd/istio-router-check/main.go

@@ -0,0 +1,20 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/getyourguide/istio-config-validator/internal/pkg/istio-router-check/cmd"
+)
+
+func main() {
+	cmdRoot, err := cmd.NewCmdRoot()
+	if err != nil {
+		fmt.Printf("failed to create command: %v", err)
+		os.Exit(1)
+	}
+	if err := cmdRoot.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}