Copilot commented on code in PR #13290:
URL: https://github.com/apache/trafficserver/pull/13290#discussion_r3455822852
##########
tests/gold_tests/autest-site/ats_replay.test.ext:
##########
@@ -23,6 +23,15 @@ import re
import yaml
+def _contains_expression(contains_entry: dict, default_description: str):
+ '''Create a ContainsExpression tester from a log validation entry.'''
+ expression = contains_entry['expression']
+ description = contains_entry.get('description', default_description)
+ reflags = re.M if contains_entry.get('multiline', False) else 0
+
+ return Testers.ContainsExpression(expression, description, reflags=reflags)
Review Comment:
The `multiline` option is currently mapped to `re.M` (MULTILINE), which only
changes how `^`/`$` behave and does not allow `.` to match newlines. In this
test suite, multi-line log matching typically needs `re.DOTALL | re.MULTILINE`
(aka `re.S | re.M`) so expressions can span multiple lines without requiring
`([\s\S])` everywhere.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml:
##########
@@ -0,0 +1,129 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/1.1'
+
+ server:
+ name: 'server-log-debug-client-ip-http'
+
+ client:
+ name: 'client-log-debug-client-ip-http'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http'
+ process_config:
+ enable_cache: false
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'http://debug-client-ip-http.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the proxy response headers.'
+ multiline: true
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http-2'
+ description: 'HTTP transaction 2 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http-2'
+ description: 'HTTP transaction 2 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http-2'
+ description: 'HTTP transaction 2 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-2'
Review Comment:
This regex for the "Proxy's Response 2" section is not bounded to a single
transaction; if the uuid is missing from transaction 2's proxy response dump,
it could still match a later `uuid:` (e.g., from unrelated debug output) and
incorrectly pass. Constrain it so it cannot run past the next transaction
marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml:
##########
@@ -0,0 +1,129 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/1.1'
+
+ server:
+ name: 'server-log-debug-client-ip-http'
+
+ client:
+ name: 'client-log-debug-client-ip-http'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http'
+ process_config:
+ enable_cache: false
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'http://debug-client-ip-http.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http-1'
+ description: 'HTTP transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-1'
Review Comment:
This regex for the "Proxy's Response 2" section is not bounded to a single
transaction; if the uuid is missing from transaction 1's proxy response dump,
it could still match a later `uuid:` from a subsequent transaction and
incorrectly pass. Consider constraining the match so it cannot run past the
next transaction's `+ Incoming Request +` marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml:
##########
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTPS'
+
+ server:
+ name: 'server-log-debug-client-ip-https'
+
+ client:
+ name: 'client-log-debug-client-ip-https'
+
+ ats:
+ name: 'ts-log-debug-client-ip-https'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'https://debug-client-ip-https.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the proxy response headers.'
+ multiline: true
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-https-2'
+ description: 'HTTPS transaction 2 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-https-2'
+ description: 'HTTPS transaction 2 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-https-2'
+ description: 'HTTPS transaction 2 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-https-2'
Review Comment:
The "Proxy's Response 2" regex is currently unbounded; if the uuid is
missing from this proxy response dump, it could still match a later `uuid:` and
incorrectly pass. Consider constraining it to end before the next transaction's
`+ Incoming Request +` marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml:
##########
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/2'
+
+ server:
+ name: 'server-log-debug-client-ip-http2'
+
+ client:
+ name: 'client-log-debug-client-ip-http2'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http2'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'https://debug-client-ip-http2.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http2-1'
Review Comment:
This "Proxy's Response 2" matcher is not constrained to this transaction; if
the response dump for transaction 1 omits the uuid, the regex could still find
a later `uuid:` from a subsequent transaction and pass. Constrain it to stop
before the next `+ Incoming Request +` marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml:
##########
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTPS'
+
+ server:
+ name: 'server-log-debug-client-ip-https'
+
+ client:
+ name: 'client-log-debug-client-ip-https'
+
+ ats:
+ name: 'ts-log-debug-client-ip-https'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'https://debug-client-ip-https.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the incoming request headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-https-1'
+ description: 'HTTPS transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-https-1'
Review Comment:
The "Proxy's Response 2" regex is currently unbounded; if the uuid is absent
from this transaction's proxy response dump, the pattern could still match a
later `uuid:` from the next transaction and pass. Constrain the match so it
stops before the next `+ Incoming Request +` marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml:
##########
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/2'
+
+ server:
+ name: 'server-log-debug-client-ip-http2'
+
+ client:
+ name: 'client-log-debug-client-ip-http2'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http2'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+ remap_config:
+ - from: 'https://debug-client-ip-http2.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http2-1'
+ description: 'HTTP/2 transaction 1 logs the proxy response headers.'
+ multiline: true
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http2-2'
+ description: 'HTTP/2 transaction 2 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-2'
+ description: 'HTTP/2 transaction 2 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http2-2'
+ description: 'HTTP/2 transaction 2 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http2-2'
Review Comment:
This "Proxy's Response 2" matcher is not constrained to this transaction; if
the response dump for transaction 2 omits the uuid, the regex could still find
a later `uuid:` and pass. Constrain it to stop before the next `+ Incoming
Request +` marker (or end of log).
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml:
##########
@@ -0,0 +1,136 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/3'
+
+ server:
+ name: 'server-log-debug-client-ip-http3'
+
+ client:
+ name: 'client-log-debug-client-ip-http3'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http3'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+ enable_quic: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+ proxy.config.quic.no_activity_timeout_in: 0
+
+ remap_config:
+ - from: 'https://debug-client-ip-http3.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the proxy response headers.'
+ multiline: true
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http3-2'
+ description: 'HTTP/3 transaction 2 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-2'
+ description: 'HTTP/3 transaction 2 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http3-2'
+ description: 'HTTP/3 transaction 2 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http3-2'
Review Comment:
This "Proxy's Response 2" regex is unbounded and could match a `uuid:` that
appears later in the log, making the assertion less specific to transaction 2.
Constrain it so it cannot run past the next `+ Incoming Request +` marker.
##########
tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml:
##########
@@ -0,0 +1,136 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+meta:
+ version: "1.0"
+
+autest:
+ description: 'Verify client-IP-filtered debug logging for HTTP/3'
+
+ server:
+ name: 'server-log-debug-client-ip-http3'
+
+ client:
+ name: 'client-log-debug-client-ip-http3'
+
+ ats:
+ name: 'ts-log-debug-client-ip-http3'
+ process_config:
+ enable_cache: false
+ enable_tls: true
+ enable_quic: true
+
+ records_config:
+ proxy.config.diags.debug.enabled: 2
+ proxy.config.diags.debug.tags: 'http'
+ proxy.config.diags.debug.client_ip: '127.0.0.1'
+ proxy.config.quic.no_activity_timeout_in: 0
+
+ remap_config:
+ - from: 'https://debug-client-ip-http3.test/'
+ to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+ log_validation:
+ traffic_out:
+ contains:
+ - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after
hooks \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the incoming request
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the proxy request headers
after hooks.'
+ multiline: true
+ - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response
2 \+)[\s\S])*?uuid: log-debug-http3-1'
+ description: 'HTTP/3 transaction 1 logs the incoming origin response
headers.'
+ multiline: true
+ - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid:
log-debug-http3-1'
Review Comment:
This "Proxy's Response 2" regex can span multiple transactions; if
transaction 1's proxy response dump is missing the uuid, the match could still
succeed by consuming into later log output. Constrain it so it cannot cross the
next `+ Incoming Request +` marker.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]