[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)

2026-04-18 16:26:38 +00:00 · 2026-03-14 01:36:44 +08:00
parent fe9b844511
commit 3e6baea405
90 changed files with 9611 additions and 1397 deletions
--- a/management/internals/modules/reverseproxy/service/manager/expose_tracker_test.go
+++ b/management/internals/modules/reverseproxy/service/manager/expose_tracker_test.go
@@ -18,8 +18,8 @@ func TestReapExpiredExposes(t *testing.T) {
 	ctx := context.Background()

 	resp, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     8080,
-		Protocol: "http",
+		Port: 8080,
+		Mode: "http",
 	})
 	require.NoError(t, err)

@@ -28,8 +28,8 @@ func TestReapExpiredExposes(t *testing.T) {

 	// Create a non-expired service
 	resp2, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     8081,
-		Protocol: "http",
+		Port: 8081,
+		Mode: "http",
 	})
 	require.NoError(t, err)

@@ -49,15 +49,16 @@ func TestReapAlreadyDeletedService(t *testing.T) {
 	ctx := context.Background()

 	resp, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     8080,
-		Protocol: "http",
+		Port: 8080,
+		Mode: "http",
 	})
 	require.NoError(t, err)

 	expireEphemeralService(t, testStore, testAccountID, resp.Domain)

 	// Delete the service before reaping
-	err = mgr.StopServiceFromPeer(ctx, testAccountID, testPeerID, resp.Domain)
+	svcID := resolveServiceIDByDomain(t, testStore, resp.Domain)
+	err = mgr.StopServiceFromPeer(ctx, testAccountID, testPeerID, svcID)
 	require.NoError(t, err)

 	// Reaping should handle the already-deleted service gracefully
@@ -70,8 +71,8 @@ func TestConcurrentReapAndRenew(t *testing.T) {

 	for i := range 5 {
 		_, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-			Port:     8080 + i,
-			Protocol: "http",
+			Port: uint16(8080 + i),
+			Mode: "http",
 		})
 		require.NoError(t, err)
 	}
@@ -108,17 +109,19 @@ func TestRenewEphemeralService(t *testing.T) {

 	t.Run("renew succeeds for active service", func(t *testing.T) {
 		resp, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-			Port:     8082,
-			Protocol: "http",
+			Port: 8082,
+			Mode: "http",
 		})
 		require.NoError(t, err)

-		err = mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, resp.Domain)
+		svc, lookupErr := mgr.store.GetServiceByDomain(ctx, resp.Domain)
+		require.NoError(t, lookupErr)
+		err = mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, svc.ID)
 		require.NoError(t, err)
 	})

 	t.Run("renew fails for nonexistent domain", func(t *testing.T) {
-		err := mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, "nonexistent.com")
+		err := mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, "nonexistent-service-id")
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "no active expose session")
 	})
@@ -133,8 +136,8 @@ func TestCountAndExistsEphemeralServices(t *testing.T) {
 	assert.Equal(t, int64(0), count)

 	resp, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     8083,
-		Protocol: "http",
+		Port: 8083,
+		Mode: "http",
 	})
 	require.NoError(t, err)

@@ -157,15 +160,15 @@ func TestMaxExposesPerPeerEnforced(t *testing.T) {

 	for i := range maxExposesPerPeer {
 		_, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-			Port:     8090 + i,
-			Protocol: "http",
+			Port: uint16(8090 + i),
+			Mode: "http",
 		})
 		require.NoError(t, err, "expose %d should succeed", i)
 	}

 	_, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     9999,
-		Protocol: "http",
+		Port: 9999,
+		Mode: "http",
 	})
 	require.Error(t, err)
 	assert.Contains(t, err.Error(), "maximum number of active expose sessions")
@@ -176,8 +179,8 @@ func TestReapSkipsRenewedService(t *testing.T) {
 	ctx := context.Background()

 	resp, err := mgr.CreateServiceFromPeer(ctx, testAccountID, testPeerID, &rpservice.ExposeServiceRequest{
-		Port:     8086,
-		Protocol: "http",
+		Port: 8086,
+		Mode: "http",
 	})
 	require.NoError(t, err)

@@ -185,7 +188,9 @@ func TestReapSkipsRenewedService(t *testing.T) {
 	expireEphemeralService(t, testStore, testAccountID, resp.Domain)

 	// Renew it before the reaper runs
-	err = mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, resp.Domain)
+	svc, err := testStore.GetServiceByDomain(ctx, resp.Domain)
+	require.NoError(t, err)
+	err = mgr.RenewServiceFromPeer(ctx, testAccountID, testPeerID, svc.ID)
 	require.NoError(t, err)

 	// Reaper should skip it because the re-check sees a fresh timestamp
@@ -195,6 +200,14 @@ func TestReapSkipsRenewedService(t *testing.T) {
 	require.NoError(t, err, "renewed service should survive reaping")
 }

+// resolveServiceIDByDomain looks up a service ID by domain in tests.
+func resolveServiceIDByDomain(t *testing.T, s store.Store, domain string) string {
+	t.Helper()
+	svc, err := s.GetServiceByDomain(context.Background(), domain)
+	require.NoError(t, err)
+	return svc.ID
+}
+
 // expireEphemeralService backdates meta_last_renewed_at to force expiration.
 func expireEphemeralService(t *testing.T, s store.Store, accountID, domain string) {
 	t.Helper()