TUN-7259: Add warning for missing ingress rules

Providing no ingress rules in the configuration file or via the CLI will now provide a warning and return 502 for all incoming HTTP requests.

component-tests/config.py

@@ -30,6 +30,7 @@ class NamedTunnelBaseConfig(BaseConfig):
     tunnel: str = None
     credentials_file: str = None
     ingress: list = None
+    hostname: str = None
 
     def __post_init__(self):
         if self.tunnel is None:
@@ -63,7 +64,7 @@ class NamedTunnelConfig(NamedTunnelBaseConfig):
                            self.merge_config(additional_config))
 
     def get_url(self):
-        return "https://" + self.ingress[0]['hostname']
+        return "https://" + self.hostname
 
     def base_config(self):
         config = self.full_config.copy()

component-tests/conftest.py

@@ -26,7 +26,7 @@ def component_tests_config():
         config = yaml.safe_load(stream)
         LOGGER.info(f"component tests base config {config}")
 
-        def _component_tests_config(additional_config={}, cfd_mode=CfdModes.NAMED, run_proxy_dns=True):
+        def _component_tests_config(additional_config={}, cfd_mode=CfdModes.NAMED, run_proxy_dns=True, provide_ingress=True):
             if run_proxy_dns:
                 # Regression test for TUN-4177, running with proxy-dns should not prevent tunnels from running.
                 # So we run all tests with it.
@@ -36,12 +36,21 @@ def component_tests_config():
                 additional_config.pop("proxy-dns", None)
                 additional_config.pop("proxy-dns-port", None)
 
+            # Allows the ingress rules to be omitted from the provided config
+            ingress = []
+            if provide_ingress:
+                ingress = config['ingress']
+
+            # Provide the hostname to allow routing to the tunnel even if the ingress rule isn't defined in the config
+            hostname = config['ingress'][0]['hostname']
+
             if cfd_mode is CfdModes.NAMED:
                 return NamedTunnelConfig(additional_config=additional_config,
                                          cloudflared_binary=config['cloudflared_binary'],
                                          tunnel=config['tunnel'],
                                          credentials_file=config['credentials_file'],
-                                         ingress=config['ingress'])
+                                         ingress=ingress,
+                                         hostname=hostname)
             elif cfd_mode is CfdModes.PROXY_DNS:
                 return ProxyDnsConfig(cloudflared_binary=config['cloudflared_binary'])
             elif cfd_mode is CfdModes.QUICK:

component-tests/test_quicktunnels.py

@@ -1,10 +1,9 @@
 #!/usr/bin/env python
-import requests
 from conftest import CfdModes
 from constants import METRICS_PORT
 from util import LOGGER, start_cloudflared, wait_tunnel_ready, get_quicktunnel_url, send_requests
 
-class TestCLI:
+class TestQuickTunnels:
     def test_quick_tunnel(self, tmp_path, component_tests_config):
         config = component_tests_config(cfd_mode=CfdModes.QUICK, run_proxy_dns=False)
         LOGGER.debug(config)

component-tests/test_tunnel.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+import requests
+from conftest import CfdModes
+from constants import METRICS_PORT, MAX_RETRIES, BACKOFF_SECS
+from retrying import retry
+from util import LOGGER, start_cloudflared, wait_tunnel_ready, send_requests
+
+class TestTunnel:
+    '''Test tunnels with no ingress rules from config.yaml but ingress rules from CLI only'''
+
+    def test_tunnel_hello_world(self, tmp_path, component_tests_config):
+        config = component_tests_config(cfd_mode=CfdModes.NAMED, run_proxy_dns=False, provide_ingress=False)
+        LOGGER.debug(config)
+        with start_cloudflared(tmp_path, config, cfd_args=["run", "--hello-world"], new_process=True):
+            wait_tunnel_ready(tunnel_url=config.get_url(),
+                              require_min_connections=4)
+    
+    def test_tunnel_url(self, tmp_path, component_tests_config):
+        config = component_tests_config(cfd_mode=CfdModes.NAMED, run_proxy_dns=False, provide_ingress=False)
+        LOGGER.debug(config)
+        with start_cloudflared(tmp_path, config, cfd_args=["run", "--url", f"http://localhost:{METRICS_PORT}/"], new_process=True):
+            wait_tunnel_ready(require_min_connections=4)
+            send_requests(config.get_url()+"/ready", 3, True)
+
+    def test_tunnel_no_ingress(self, tmp_path, component_tests_config):
+        '''
+        Running a tunnel with no ingress rules provided from either config.yaml or CLI will still work but return 502
+        for all incoming requests.
+        '''
+        config = component_tests_config(cfd_mode=CfdModes.NAMED, run_proxy_dns=False, provide_ingress=False)
+        LOGGER.debug(config)
+        with start_cloudflared(tmp_path, config, cfd_args=["run"], new_process=True):
+            wait_tunnel_ready(require_min_connections=4)
+            resp = send_request(config.get_url()+"/")
+            assert resp.status_code == 502, "Expected cloudflared to return 502 for all requests with no ingress defined"
+            resp = send_request(config.get_url()+"/test")
+            assert resp.status_code == 502, "Expected cloudflared to return 502 for all requests with no ingress defined"
+
+
+@retry(stop_max_attempt_number=MAX_RETRIES, wait_fixed=BACKOFF_SECS * 1000)
+def send_request(url):
+    with requests.Session() as s:
+        return s.get(url, timeout=BACKOFF_SECS)