ingress: add tests for unix+tcp:// service

- TestParseUnixSocketTCP: standalone parse test verifying the unixSocketTCPService type and path extraction - TestParseIngress/Unix+TCP_service: table-driven parse test alongside existing ssh://, tcp://, unix://, etc. entries - TestUnixSocketTCPServiceEstablishConnection: verifies successful dial to a real unix socket and error on closed listener; uses /tmp to stay within the macOS 104-char unix socket path limit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 10:53:53 +01:00 · 2026-03-15 10:53:53 +01:00 · 938e947be8
parent 07c2516b3c
commit 938e947be8
2 changed files with 56 additions and 0 deletions
--- a/ingress/ingress_test.go
+++ b/ingress/ingress_test.go
@ -43,6 +43,19 @@ ingress:
 	require.Equal(t, "https", s.scheme)
 }

+func TestParseUnixSocketTCP(t *testing.T) {
+	rawYAML := `
+ingress:
+- service: unix+tcp:/run/sshd.sock
+`
+	ing, err := ParseIngress(MustReadIngress(rawYAML))
+	require.NoError(t, err)
+	s, ok := ing.Rules[0].Service.(*unixSocketTCPService)
+	require.True(t, ok)
+	require.Equal(t, "/run/sshd.sock", s.path)
+	require.Equal(t, "unix+tcp:/run/sshd.sock", s.String())
+}
+
 func TestParseIngressNilConfig(t *testing.T) {
 	_, err := ParseIngress(nil)
 	require.Error(t, err)
@ -322,6 +335,19 @@ ingress:
 				},
 			},
 		},
+		{
+			name: "Unix+TCP service",
+			args: args{rawYAML: `
+ingress:
+- service: unix+tcp:/run/sshd.sock
+`},
+			want: []Rule{
+				{
+					Service: &unixSocketTCPService{path: "/run/sshd.sock"},
+					Config:  defaultConfig,
+				},
+			},
+		},
 		{
 			name: "RDP services",
 			args: args{rawYAML: `
--- a/ingress/origin_proxy_test.go
+++ b/ingress/origin_proxy_test.go
@ -8,6 +8,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"os"
 	"testing"

 	"github.com/stretchr/testify/assert"
@ -186,6 +187,35 @@ func TestHTTPServiceUsesIngressRuleScheme(t *testing.T) {
 	}
 }

+func TestUnixSocketTCPServiceEstablishConnection(t *testing.T) {
+	dir, err := os.MkdirTemp("/tmp", "cf-test-")
+	require.NoError(t, err)
+	defer os.RemoveAll(dir)
+
+	socketPath := dir + "/sshd.sock"
+	originListener, err := net.Listen("unix", socketPath)
+	require.NoError(t, err)
+
+	listenerClosed := make(chan struct{})
+	tcpListenRoutine(originListener, listenerClosed)
+
+	svc := &unixSocketTCPService{path: socketPath}
+	require.NoError(t, svc.start(TestLogger, make(chan struct{}), OriginRequestConfig{}))
+
+	// Successful connection to the unix socket
+	conn, err := svc.EstablishConnection(context.Background(), "", TestLogger)
+	require.NoError(t, err)
+	require.NotNil(t, conn)
+	conn.Close()
+
+	// Close the listener and verify that new connections fail
+	originListener.Close()
+	<-listenerClosed
+
+	_, err = svc.EstablishConnection(context.Background(), "", TestLogger)
+	require.Error(t, err)
+}
+
 func tcpListenRoutine(listener net.Listener, closeChan chan struct{}) {
 	go func() {
 		for {