diff --git a/test/e2e/annotations/authtls.go b/test/e2e/annotations/authtls.go index d489f842e..2c44c3450 100644 --- a/test/e2e/annotations/authtls.go +++ b/test/e2e/annotations/authtls.go @@ -53,8 +53,7 @@ var _ = framework.IngressNginxDescribe("Annotations - AuthTLS", func() { "nginx.ingress.kubernetes.io/auth-tls-secret": nameSpace + "/" + host, } - ing := framework.NewSingleIngressWithTLS(host, "/", host, nameSpace, "http-svc", 80, &annotations) - f.EnsureIngress(ing) + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, "http-svc", 80, &annotations)) // Since we can use the same certificate-chain for tls as well as mutual-auth, we will check all values sslCertDirective := fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", nameSpace, host) @@ -111,8 +110,7 @@ var _ = framework.IngressNginxDescribe("Annotations - AuthTLS", func() { "nginx.ingress.kubernetes.io/auth-tls-verify-depth": "2", } - ing := framework.NewSingleIngressWithTLS(host, "/", host, nameSpace, "http-svc", 80, &annotations) - f.EnsureIngress(ing) + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, "http-svc", 80, &annotations)) // Since we can use the same certificate-chain for tls as well as mutual-auth, we will check all values sslCertDirective := fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", nameSpace, host) @@ -158,8 +156,7 @@ var _ = framework.IngressNginxDescribe("Annotations - AuthTLS", func() { "nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream": "true", } - ing := framework.NewSingleIngressWithTLS(host, "/", host, nameSpace, "http-svc", 80, &annotations) - f.EnsureIngress(ing) + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, "http-svc", 80, &annotations)) // Since we can use the same certificate-chain for tls as well as mutual-auth, we will check all values sslCertDirective := fmt.Sprintf("ssl_certificate /etc/ingress-controller/ssl/%s-%s.pem;", nameSpace, host) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index efd76f1c4..3d56ff493 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -20,7 +20,7 @@ import ( "time" appsv1beta1 "k8s.io/api/apps/v1beta1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" extensions "k8s.io/api/extensions/v1beta1" apiextcs "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -388,16 +388,16 @@ func UpdateIngress(kubeClientSet kubernetes.Interface, namespace string, name st } // NewSingleIngressWithTLS creates a simple ingress rule with TLS spec included -func NewSingleIngressWithTLS(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress { - return newSingleIngressWithRules(name, path, host, ns, service, port, annotations, true) +func NewSingleIngressWithTLS(name, path, host string, tlsHosts []string, ns, service string, port int, annotations *map[string]string) *extensions.Ingress { + return newSingleIngressWithRules(name, path, host, ns, service, port, annotations, tlsHosts) } // NewSingleIngress creates a simple ingress rule func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress { - return newSingleIngressWithRules(name, path, host, ns, service, port, annotations, false) + return newSingleIngressWithRules(name, path, host, ns, service, port, annotations, nil) } -func newSingleIngressWithRules(name, path, host, ns, service string, port int, annotations *map[string]string, withTLS bool) *extensions.Ingress { +func newSingleIngressWithRules(name, path, host, ns, service string, port int, annotations *map[string]string, tlsHosts []string) *extensions.Ingress { spec := extensions.IngressSpec{ Rules: []extensions.IngressRule{ @@ -420,10 +420,10 @@ func newSingleIngressWithRules(name, path, host, ns, service string, port int, a }, } - if withTLS { + if len(tlsHosts) > 0 { spec.TLS = []extensions.IngressTLS{ { - Hosts: []string{host}, + Hosts: tlsHosts, SecretName: host, }, } diff --git a/test/e2e/lua/dynamic_certificates.go b/test/e2e/lua/dynamic_certificates.go index 3541997df..26b9a3ac6 100644 --- a/test/e2e/lua/dynamic_certificates.go +++ b/test/e2e/lua/dynamic_certificates.go @@ -80,7 +80,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() { }) It("picks up the previously missing secret for a given ingress without reloading", func() { - ing := framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil) + ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil) f.EnsureIngress(ing) time.Sleep(waitForLuaSync) @@ -120,7 +120,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() { Context("given an ingress with TLS correctly configured", func() { BeforeEach(func() { - ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)) + ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)) time.Sleep(waitForLuaSync) diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go index 6139f6b7d..95101ce2b 100644 --- a/test/e2e/settings/tls.go +++ b/test/e2e/settings/tls.go @@ -48,7 +48,11 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() { // https://www.openssl.org/docs/man1.1.0/apps/ciphers.html - "CIPHER SUITE NAMES" testCiphers := "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA" - tlsConfig, err := tlsEndpoint(f, host) + ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)) + tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ing.Spec.TLS[0].Hosts, + ing.Spec.TLS[0].SecretName, + ing.Namespace) Expect(err).NotTo(HaveOccurred()) framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig) @@ -97,7 +101,11 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() { hstsIncludeSubdomains := "hsts-include-subdomains" hstsPreload := "hsts-preload" - tlsConfig, err := tlsEndpoint(f, host) + ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)) + tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ing.Spec.TLS[0].Hosts, + ing.Spec.TLS[0].SecretName, + ing.Namespace) Expect(err).NotTo(HaveOccurred()) framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig) @@ -157,11 +165,3 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() { Expect(resp.Header.Get("Strict-Transport-Security")).Should(ContainSubstring("preload")) }) }) - -func tlsEndpoint(f *framework.Framework, host string) (*tls.Config, error) { - ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)) - return framework.CreateIngressTLSSecret(f.KubeClientSet, - ing.Spec.TLS[0].Hosts, - ing.Spec.TLS[0].SecretName, - ing.Namespace) -} diff --git a/test/e2e/ssl/secret_update.go b/test/e2e/ssl/secret_update.go index 8dded8a45..36026955f 100644 --- a/test/e2e/ssl/secret_update.go +++ b/test/e2e/ssl/secret_update.go @@ -24,7 +24,7 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/test/e2e/framework" ) @@ -52,8 +52,7 @@ var _ = framework.IngressNginxDescribe("SSL", func() { }, }) - ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)) - + ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.IngressController.Namespace, "http-svc", 80, nil)) _, err := framework.CreateIngressTLSSecret(f.KubeClientSet, ing.Spec.TLS[0].Hosts, ing.Spec.TLS[0].SecretName,