cmd/k8s-operator,k8s-operator/sessionrecording: support recording kubectl exec sessions over WebSockets (#12947)
cmd/k8s-operator,k8s-operator/sessionrecording: support recording WebSocket sessions Kubernetes currently supports two streaming protocols, SPDY and WebSockets. WebSockets are replacing SPDY, see https://github.com/kubernetes/enhancements/issues/4006. We were currently only supporting SPDY, erroring out if session was not SPDY and relying on the kube's built-in SPDY fallback. This PR: - adds support for parsing contents of 'kubectl exec' sessions streamed over WebSockets - adds logic to distinguish 'kubectl exec' requests for a SPDY/WebSockets sessions and call the relevant handler Updates tailscale/corp#19821 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
This commit is contained in:
@@ -7,6 +7,7 @@ package spdy
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
@@ -234,6 +235,57 @@ func Test_Reads(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// Test_conn_ReadRand tests reading arbitrarily generated byte slices from conn to
|
||||
// test that we don't panic when parsing input from a broken or malicious
|
||||
// client.
|
||||
func Test_conn_ReadRand(t *testing.T) {
|
||||
zl, err := zap.NewDevelopment()
|
||||
if err != nil {
|
||||
t.Fatalf("error creating a test logger: %v", err)
|
||||
}
|
||||
for i := range 1000 {
|
||||
tc := &fakes.TestConn{}
|
||||
tc.ResetReadBuf()
|
||||
c := &conn{
|
||||
Conn: tc,
|
||||
log: zl.Sugar(),
|
||||
}
|
||||
bb := fakes.RandomBytes(t)
|
||||
for j, input := range bb {
|
||||
if err := tc.WriteReadBufBytes(input); err != nil {
|
||||
t.Fatalf("[%d] writing bytes to test conn: %v", i, err)
|
||||
}
|
||||
f := func() {
|
||||
c.Read(make([]byte, len(input)))
|
||||
}
|
||||
testPanic(t, f, fmt.Sprintf("[%d %d] Read panic parsing input of length %d", i, j, len(input)))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Test_conn_WriteRand calls conn.Write with an arbitrary input to validate that
|
||||
// it does not panic.
|
||||
func Test_conn_WriteRand(t *testing.T) {
|
||||
zl, err := zap.NewDevelopment()
|
||||
if err != nil {
|
||||
t.Fatalf("error creating a test logger: %v", err)
|
||||
}
|
||||
for i := range 100 {
|
||||
tc := &fakes.TestConn{}
|
||||
c := &conn{
|
||||
Conn: tc,
|
||||
log: zl.Sugar(),
|
||||
}
|
||||
bb := fakes.RandomBytes(t)
|
||||
for j, input := range bb {
|
||||
f := func() {
|
||||
c.Write(input)
|
||||
}
|
||||
testPanic(t, f, fmt.Sprintf("[%d %d] Write: panic parsing input of length %d", i, j, len(input)))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func resizeMsgBytes(t *testing.T, width, height int) []byte {
|
||||
t.Helper()
|
||||
bs, err := json.Marshal(spdyResizeMsg{Width: width, Height: height})
|
||||
|
||||
Reference in New Issue
Block a user