diff --git a/config/envoyconfig/listeners_test.go b/config/envoyconfig/listeners_test.go index 53a8ec464..b26925e28 100644 --- a/config/envoyconfig/listeners_test.go +++ b/config/envoyconfig/listeners_test.go @@ -12,6 +12,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/tidwall/gjson" + "google.golang.org/protobuf/encoding/protojson" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/config/envoyconfig/filemgr" @@ -71,6 +73,49 @@ func TestBuildListeners(t *testing.T) { } assert.False(t, hasGRPC, "expected grpc-ingress to be disabled when grpc address is set to the empty string") }) + t.Run("quic", func(t *testing.T) { + t.Parallel() + + cfg := cfg.Clone() + cfg.Options.CodecType = config.CodecTypeHTTP3 + lis, err := b.BuildListeners(ctx, cfg, false) + assert.NoError(t, err) + + var hasHTTPS, hasQUIC bool + for _, li := range lis { + switch li.GetName() { + case "https-ingress": + hasHTTPS = true + httpConfig := gjson.Get(protojson.Format(li), "filterChains.1.filters.0.typedConfig") + assert.Equal(t, "", httpConfig.Get("codecType").String()) + assert.JSONEq(t, `{ + "name": "envoy.filters.http.header_mutation", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.header_mutation.v3.HeaderMutation", + "mutations": { + "responseMutations": [{ + "append": { + "header": { + "key": "alt-svc", + "value": "h3=\":443\"; ma=86400" + } + } + }] + } + } + }`, httpConfig.Get("httpFilters.6").String(), + "should add alt-svc header") + case "quic-ingress": + hasQUIC = true + httpConfig := gjson.Get(protojson.Format(li), "filterChains.0.filters.0.typedConfig") + assert.Equal(t, "HTTP3", httpConfig.Get("codecType").String()) + assert.Equal(t, `{}`, httpConfig.Get("http3ProtocolOptions").String()) + } + } + + assert.True(t, hasHTTPS, "should have https-ingress listener") + assert.True(t, hasQUIC, "should have quic-ingress listener") + }) } func Test_buildMetricsHTTPConnectionManagerFilter(t *testing.T) { diff --git a/go.mod b/go.mod index c9a7375b8..9254b9557 100644 --- a/go.mod +++ b/go.mod @@ -64,6 +64,7 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 github.com/testcontainers/testcontainers-go v0.34.0 + github.com/tidwall/gjson v1.18.0 github.com/tniswong/go.rfcx v0.0.0-20181019234604-07783c52761f github.com/volatiletech/null/v9 v9.0.0 github.com/yuin/gopher-lua v1.1.1 @@ -214,6 +215,8 @@ require ( github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.0 // indirect github.com/tinylib/msgp v1.1.8 // indirect github.com/tklauser/go-sysconf v0.3.14 // indirect github.com/tklauser/numcpus v0.8.0 // indirect diff --git a/go.sum b/go.sum index 50c39c298..31044cd99 100644 --- a/go.sum +++ b/go.sum @@ -665,6 +665,12 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/testcontainers/testcontainers-go v0.34.0 h1:5fbgF0vIN5u+nD3IWabQwRybuB4GY8G2HHgCkbMzMHo= github.com/testcontainers/testcontainers-go v0.34.0/go.mod h1:6P/kMkQe8yqPHfPWNulFGdFHTD8HB2vLq/231xY2iPQ= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=