ITS#9598 Add tests for connection restrictions

tests/data/lloadd/test007-monitor.ldif

+# with first backend
+dn: cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancer
+olmIncomingConnections: 0
+olmOutgoingConnections: 4
+
+dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 1
+olmForwardedOps: 0
+olmRejectedOps: 1
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 1
+olmForwardedOps: 0
+olmRejectedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerServer
+olmServerURI: ldap://localhost:9012/
+olmActiveConnections: 4
+olmPendingConnections: 0
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+
+# second backend and a rejected search, paged search (19 times x 1 entry), pwmod
+dn: cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancer
+olmIncomingConnections: 0
+olmOutgoingConnections: 13
+
+dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 4
+olmForwardedOps: 3
+olmRejectedOps: 1
+olmCompletedOps: 3
+olmFailedOps: 0
+
+dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 25
+olmForwardedOps: 20
+olmRejectedOps: 1
+olmCompletedOps: 20
+olmFailedOps: 0
+
+dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerServer
+olmServerURI: ldap://localhost:9012/
+olmActiveConnections: 4
+olmPendingConnections: 0
+olmPendingOps: 0
+olmReceivedOps: 21
+olmCompletedOps: 21
+olmFailedOps: 0
+
+dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 19
+olmCompletedOps: 19
+olmFailedOps: 0
+
+dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerServer
+olmServerURI: ldap://localhost:9013/
+olmActiveConnections: 9
+olmPendingConnections: 0
+olmPendingOps: 0
+olmReceivedOps: 2
+olmCompletedOps: 2
+olmFailedOps: 0
+
+dn: cn=Connection 5,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 7,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 8,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 9,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 6,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 10,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 11,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 12,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 13,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+
+# two runs of modifies (with and without TXN)
+dn: cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancer
+olmIncomingConnections: 0
+olmOutgoingConnections: 13
+
+dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 6
+olmForwardedOps: 5
+olmRejectedOps: 1
+olmCompletedOps: 5
+olmFailedOps: 0
+
+dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerOperation
+olmReceivedOps: 35
+olmForwardedOps: 28
+olmRejectedOps: 1
+olmCompletedOps: 28
+olmFailedOps: 0
+
+dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: monitorContainer
+
+dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerServer
+olmServerURI: ldap://localhost:9012/
+olmActiveConnections: 4
+olmPendingConnections: 0
+olmPendingOps: 0
+olmReceivedOps: 24
+olmCompletedOps: 24
+olmFailedOps: 0
+
+dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 20
+olmCompletedOps: 20
+olmFailedOps: 0
+
+dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 2
+olmCompletedOps: 2
+olmFailedOps: 0
+
+dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
+ ,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
+objectClass: olmBalancerServer
+olmServerURI: ldap://localhost:9013/
+olmActiveConnections: 9
+olmPendingConnections: 0
+olmPendingOps: 0
+olmReceivedOps: 9
+olmCompletedOps: 9
+olmFailedOps: 0
+
+dn: cn=Connection 5,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 7,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 5
+olmCompletedOps: 5
+olmFailedOps: 0
+
+dn: cn=Connection 8,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 9,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: regular
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 6,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
+ s,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 10,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 11,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 1
+olmCompletedOps: 1
+olmFailedOps: 0
+
+dn: cn=Connection 12,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+
+dn: cn=Connection 13,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
+ ds,cn=Monitor
+objectClass: olmBalancerConnection
+olmConnectionType: bind
+olmPendingOps: 0
+olmReceivedOps: 0
+olmCompletedOps: 0
+olmFailedOps: 0
+

tests/scripts/lloadd/test007-coherence

+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2021 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+# Cannot assess where operations went without monitor yet
+if test $AC_lloadd = lloaddyes ; then
+	echo "Load balancer module not available, skipping..."
+	exit 0
+fi
+
+# Monitor counts are unstable in the face of concurrency, since different
+# clients may get different upstreams assigned for their operations. This might
+# also change later when tiered load balancing is available.
+# Another constraint is that some global counts are updated by the statistics
+# collection task scheduled to run every second.
+#
+# This test assumes current round-robin policy:
+# - default backend is rotated every time we successfully pick an upstream
+#   (except when already linked)
+# - upstream connections within the same backend are rotated in the same way
+# - the monitor entry order for upstream connections reflects the connection
+#   order within its CIRCLEQ_
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+	echo "warning: slapindex failed ($RC)"
+	echo "  assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+		'(objectclass=*)' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting $SLEEP1 seconds for slapd to start..."
+	sleep $SLEEP1
+done
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+	echo "warning: slapindex failed ($RC)"
+	echo "  assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+		'(objectclass=*)' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting $SLEEP1 seconds for slapd to start..."
+	sleep $SLEEP1
+done
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \
+		'(objectclass=*)' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting $SLEEP1 seconds for lloadd to start..."
+	sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Setting up restrictions..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadWriteCoherence
+olcBkLloadWriteCoherence: 3
+-
+add: olcBkLloadRestrictExop
+# Modify Password Exop
+olcBkLloadRestrictExop: 1.3.6.1.4.1.4203.1.11.1 write
+# LDAP Transaction Exop
+olcBkLloadRestrictExop: 1.3.6.1.1.21.1 connection
+# Cancel Exop
+olcBkLloadRestrictExop: 1.3.6.1.1.8 reject
+-
+add: olcBkLloadRestrictControl
+# assert control
+olcBkLloadRestrictControl: 1.3.6.1.1.12 backend
+# paged results control
+olcBkLloadRestrictControl: 1.2.840.113556.1.4.319 connection
+# dontUseCopy control
+olcBkLloadRestrictControl: 1.3.6.1.1.22 reject
+EOF
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed for backend ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Sending a search request to prime the counters..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+	echo "ldapsearch should have failed ($RC != 52)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Adding first backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=backend,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 2
+olcBkLloadBindconns: 2
+EOF
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed for backend ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS