ingress-nginx-helm/test/e2e/lua/dynamic_certificates.go

/*
Copyright 2018 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package lua

import (
	"fmt"
	"strings"
	"time"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"

	appsv1beta1 "k8s.io/api/apps/v1beta1"
	extensions "k8s.io/api/extensions/v1beta1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"k8s.io/ingress-nginx/test/e2e/framework"
)

var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
	f := framework.NewDefaultFramework("dynamic-certificate")
	host := "foo.com"

	BeforeEach(func() {
		err := framework.UpdateDeployment(f.KubeClientSet, f.IngressController.Namespace, "nginx-ingress-controller", 1,
			func(deployment *appsv1beta1.Deployment) error {
				args := deployment.Spec.Template.Spec.Containers[0].Args
				args = append(args, "--enable-dynamic-certificates")
				args = append(args, "--enable-ssl-chain-completion=false")
				deployment.Spec.Template.Spec.Containers[0].Args = args
				_, err := f.KubeClientSet.AppsV1beta1().Deployments(f.IngressController.Namespace).Update(deployment)

				return err
			})
		Expect(err).NotTo(HaveOccurred())

		f.WaitForNginxConfiguration(
			func(cfg string) bool {
				return strings.Contains(cfg, "ok, res = pcall(require, \"certificate\")")
			})

		f.NewEchoDeploymentWithReplicas(1)
	})

	It("picks up the certificate when we add TLS spec to existing ingress", func() {
		ensureIngress(f, host, "http-svc")

		ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
		Expect(err).ToNot(HaveOccurred())
		ing.Spec.TLS = []extensions.IngressTLS{
			{
				Hosts:      []string{host},
				SecretName: host,
			},
		}
		_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
			ing.Spec.TLS[0].Hosts,
			ing.Spec.TLS[0].SecretName,
			ing.Namespace)
		Expect(err).ToNot(HaveOccurred())
		_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
		Expect(err).ToNot(HaveOccurred())
		time.Sleep(waitForLuaSync)

		ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
	})

	It("picks up the previously missing secret for a given ingress without reloading", func() {
		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)
		f.EnsureIngress(ing)

		time.Sleep(waitForLuaSync)

		ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, "ingress.local")

		_, err := framework.CreateIngressTLSSecret(f.KubeClientSet,
			ing.Spec.TLS[0].Hosts,
			ing.Spec.TLS[0].SecretName,
			ing.Namespace)
		Expect(err).ToNot(HaveOccurred())

		By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")
		f.WaitForNginxServer(host,
			func(server string) bool {
				return strings.Contains(server, "ssl_certificate_by_lua_block") &&
					!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
					!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
					strings.Contains(server, "listen 443")
			})

		time.Sleep(waitForLuaSync)

		By("serving the configured certificate on HTTPS endpoint")
		ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)

		log, err := f.NginxLogs()
		Expect(err).ToNot(HaveOccurred())
		Expect(log).ToNot(BeEmpty())
		index := strings.Index(log, "id=dummy_log_splitter_foo_bar")
		restOfLogs := log[index:]

		By("skipping Nginx reload")
		Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
		Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
	})

	Context("given an ingress with TLS correctly configured", func() {
		BeforeEach(func() {
			ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil))

			time.Sleep(waitForLuaSync)

			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")

			_, err := framework.CreateIngressTLSSecret(f.KubeClientSet,
				ing.Spec.TLS[0].Hosts,
				ing.Spec.TLS[0].SecretName,
				ing.Namespace)
			Expect(err).ToNot(HaveOccurred())
			time.Sleep(waitForLuaSync)

			By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")
			f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],
				func(server string) bool {
					return strings.Contains(server, "ssl_certificate_by_lua_block") &&
						!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
						!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
						strings.Contains(server, "listen 443")
				})

			time.Sleep(waitForLuaSync)

			By("serving the configured certificate on HTTPS endpoint")
			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
		})

		It("picks up the updated certificate without reloading", func() {
			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
			Expect(err).ToNot(HaveOccurred())

			ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)

			_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
				ing.Spec.TLS[0].Hosts,
				ing.Spec.TLS[0].SecretName,
				ing.Namespace)
			Expect(err).ToNot(HaveOccurred())
			time.Sleep(waitForLuaSync)

			By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")
			f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],
				func(server string) bool {
					return strings.Contains(server, "ssl_certificate_by_lua_block") &&
						!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
						!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&
						strings.Contains(server, "listen 443")
				})

			time.Sleep(waitForLuaSync)

			By("serving the configured certificate on HTTPS endpoint")
			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)

			log, err := f.NginxLogs()
			Expect(err).ToNot(HaveOccurred())
			Expect(log).ToNot(BeEmpty())
			index := strings.Index(log, "id=dummy_log_splitter_foo_bar")
			restOfLogs := log[index:]

			By("skipping Nginx reload")
			Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
			Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
		})

		It("falls back to using default certificate when secret gets deleted without reloading", func() {
			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})

			ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)

			f.KubeClientSet.CoreV1().Secrets(ing.Namespace).Delete(ing.Spec.TLS[0].SecretName, nil)
			Expect(err).ToNot(HaveOccurred())
			time.Sleep(waitForLuaSync)

			By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")
			f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],
				func(server string) bool {
					return strings.Contains(server, "ssl_certificate_by_lua_block") &&
						strings.Contains(server, "ssl_certificate /etc/ingress-controller/ssl/default-fake-certificate.pem;") &&
						strings.Contains(server, "ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;") &&
						strings.Contains(server, "listen 443")
				})

			time.Sleep(waitForLuaSync)

			By("serving the default certificate on HTTPS endpoint")
			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")

			log, err := f.NginxLogs()
			Expect(err).ToNot(HaveOccurred())
			Expect(log).ToNot(BeEmpty())
			index := strings.Index(log, "id=dummy_log_splitter_foo_bar")
			restOfLogs := log[index:]

			By("skipping Nginx reload")
			Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
			Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
		})

		It("picks up a non-certificate only change", func() {
			newHost := "foo2.com"
			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
			Expect(err).NotTo(HaveOccurred())
			ing.Spec.Rules[0].Host = newHost
			_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
			Expect(err).ToNot(HaveOccurred())
			time.Sleep(waitForLuaSync)

			By("serving the configured certificate on HTTPS endpoint")
			ensureHTTPSRequest(f.IngressController.HTTPSURL, newHost, "ingress.local")
		})

		It("removes HTTPS configuration when we delete TLS spec", func() {
			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
			Expect(err).NotTo(HaveOccurred())
			ing.Spec.TLS = []extensions.IngressTLS{}
			_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
			Expect(err).ToNot(HaveOccurred())
			time.Sleep(waitForLuaSync)

			ensureRequest(f, host)
		})
	})
})
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`/*`
			`Copyright 2018 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package lua`

			`import (`
			`"fmt"`
			`"strings"`
			`"time"`

			`. "github.com/onsi/ginkgo"`
			`. "github.com/onsi/gomega"`

			`appsv1beta1 "k8s.io/api/apps/v1beta1"`
			`extensions "k8s.io/api/extensions/v1beta1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`

			`"k8s.io/ingress-nginx/test/e2e/framework"`
			`)`

			`var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {`
			`f := framework.NewDefaultFramework("dynamic-certificate")`
			`host := "foo.com"`

			`BeforeEach(func() {`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`err := framework.UpdateDeployment(f.KubeClientSet, f.IngressController.Namespace, "nginx-ingress-controller", 1,`
			`func(deployment *appsv1beta1.Deployment) error {`
			`args := deployment.Spec.Template.Spec.Containers[0].Args`
			`args = append(args, "--enable-dynamic-certificates")`
			`args = append(args, "--enable-ssl-chain-completion=false")`
			`deployment.Spec.Template.Spec.Containers[0].Args = args`
			`_, err := f.KubeClientSet.AppsV1beta1().Deployments(f.IngressController.Namespace).Update(deployment)`

			`return err`
			`})`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`Expect(err).NotTo(HaveOccurred())`

Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.WaitForNginxConfiguration(`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`func(cfg string) bool {`
			`return strings.Contains(cfg, "ok, res = pcall(require, \"certificate\")")`
			`})`

Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.NewEchoDeploymentWithReplicas(1)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`})`

			`It("picks up the certificate when we add TLS spec to existing ingress", func() {`
respond with 503 when there are no endpoints * related to: * https://github.com/kubernetes/ingress-nginx/issues/3070 * https://github.com/kubernetes/ingress-nginx/issues/3335 * add a 503 test * test a service that starts out empty (a.k.a. ingress-nginx controller (re-)start) * test scaling up (should route traffic accordingly) * test scaling down to empty service * use custom deployments for scaling test. * provide a fix by updating the lua table (cache) of the configured backends to unset the backend if there are no endpoints available. 2018-12-20 13:48:03 +00:00			`ensureIngress(f, host, "http-svc")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00
			`ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`Expect(err).ToNot(HaveOccurred())`
			`ing.Spec.TLS = []extensions.IngressTLS{`
			`{`
			`Hosts: []string{host},`
			`SecretName: host,`
			`},`
			`}`
			`_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,`
			`ing.Spec.TLS[0].Hosts,`
			`ing.Spec.TLS[0].SecretName,`
			`ing.Namespace)`
			`Expect(err).ToNot(HaveOccurred())`
			`_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)`
			`Expect(err).ToNot(HaveOccurred())`
			`time.Sleep(waitForLuaSync)`

cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`})`

			`It("picks up the previously missing secret for a given ingress without reloading", func() {`
Refactor e2e tls helper 2019-01-09 19:13:17 +00:00			`ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.EnsureIngress(ing)`

Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`time.Sleep(waitForLuaSync)`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, "ingress.local")`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`_, err := framework.CreateIngressTLSSecret(f.KubeClientSet,`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`ing.Spec.TLS[0].Hosts,`
			`ing.Spec.TLS[0].SecretName,`
			`ing.Namespace)`
			`Expect(err).ToNot(HaveOccurred())`

			`By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.WaitForNginxServer(host,`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`func(server string) bool {`
			`return strings.Contains(server, "ssl_certificate_by_lua_block") &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`strings.Contains(server, "listen 443")`
			`})`

			`time.Sleep(waitForLuaSync)`

			`By("serving the configured certificate on HTTPS endpoint")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`log, err := f.NginxLogs()`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(log).ToNot(BeEmpty())`
			`index := strings.Index(log, "id=dummy_log_splitter_foo_bar")`
			`restOfLogs := log[index:]`

			`By("skipping Nginx reload")`
			`Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))`
			`Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))`
			`})`

			`Context("given an ingress with TLS correctly configured", func() {`
			`BeforeEach(func() {`
Refactor e2e tls helper 2019-01-09 19:13:17 +00:00			`ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil))`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`time.Sleep(waitForLuaSync)`

cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`_, err := framework.CreateIngressTLSSecret(f.KubeClientSet,`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`ing.Spec.TLS[0].Hosts,`
			`ing.Spec.TLS[0].SecretName,`
			`ing.Namespace)`
			`Expect(err).ToNot(HaveOccurred())`
			`time.Sleep(waitForLuaSync)`

			`By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`func(server string) bool {`
			`return strings.Contains(server, "ssl_certificate_by_lua_block") &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`strings.Contains(server, "listen 443")`
			`})`

			`time.Sleep(waitForLuaSync)`

			`By("serving the configured certificate on HTTPS endpoint")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`})`

			`It("picks up the updated certificate without reloading", func() {`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})`
Fix e2e tests 2018-10-30 16:31:07 +00:00			`Expect(err).ToNot(HaveOccurred())`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00
			`ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,`
			`ing.Spec.TLS[0].Hosts,`
			`ing.Spec.TLS[0].SecretName,`
			`ing.Namespace)`
			`Expect(err).ToNot(HaveOccurred())`
			`time.Sleep(waitForLuaSync)`

			`By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`func(server string) bool {`
			`return strings.Contains(server, "ssl_certificate_by_lua_block") &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`!strings.Contains(server, fmt.Sprintf("ssl_certificate_key /etc/ingress-controller/ssl/%s-%s.pem;", ing.Namespace, host)) &&`
			`strings.Contains(server, "listen 443")`
			`})`

			`time.Sleep(waitForLuaSync)`

			`By("serving the configured certificate on HTTPS endpoint")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`log, err := f.NginxLogs()`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(log).ToNot(BeEmpty())`
			`index := strings.Index(log, "id=dummy_log_splitter_foo_bar")`
			`restOfLogs := log[index:]`

			`By("skipping Nginx reload")`
			`Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))`
			`Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))`
			`})`

			`It("falls back to using default certificate when secret gets deleted without reloading", func() {`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})`

			`ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`f.KubeClientSet.CoreV1().Secrets(ing.Namespace).Delete(ing.Spec.TLS[0].SecretName, nil)`
			`Expect(err).ToNot(HaveOccurred())`
			`time.Sleep(waitForLuaSync)`

			`By("configuring certificate_by_lua and skipping Nginx configuration of the new certificate")`
Remove e2e boilerplate 2018-10-29 21:39:04 +00:00			`f.WaitForNginxServer(ing.Spec.TLS[0].Hosts[0],`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`func(server string) bool {`
			`return strings.Contains(server, "ssl_certificate_by_lua_block") &&`
			`strings.Contains(server, "ssl_certificate /etc/ingress-controller/ssl/default-fake-certificate.pem;") &&`
			`strings.Contains(server, "ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;") &&`
			`strings.Contains(server, "listen 443")`
			`})`

			`time.Sleep(waitForLuaSync)`

			`By("serving the default certificate on HTTPS endpoint")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`log, err := f.NginxLogs()`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(log).ToNot(BeEmpty())`
			`index := strings.Index(log, "id=dummy_log_splitter_foo_bar")`
			`restOfLogs := log[index:]`

			`By("skipping Nginx reload")`
			`Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))`
			`Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))`
			`})`

			`It("picks up a non-certificate only change", func() {`
			`newHost := "foo2.com"`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`Expect(err).NotTo(HaveOccurred())`
			`ing.Spec.Rules[0].Host = newHost`
			`_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)`
			`Expect(err).ToNot(HaveOccurred())`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`time.Sleep(waitForLuaSync)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
			`By("serving the configured certificate on HTTPS endpoint")`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureHTTPSRequest(f.IngressController.HTTPSURL, newHost, "ingress.local")`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`})`

			`It("removes HTTPS configuration when we delete TLS spec", func() {`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`Expect(err).NotTo(HaveOccurred())`
			`ing.Spec.TLS = []extensions.IngressTLS{}`
			`_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)`
			`Expect(err).ToNot(HaveOccurred())`
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`time.Sleep(waitForLuaSync)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00
cleanup dynamic cert e2e tests 2018-08-24 22:52:09 +00:00			`ensureRequest(f, host)`
Add Lua module to serve SSL Certificates dynamically 2018-06-05 13:51:22 +00:00			`})`
			`})`
			`})`