DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add e2e test for invalid secrets

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-06-25 09:28:52 -04:00
parent 8ca5c1cba9
commit 225f881ed0
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
1 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
test/e2e/ssl/secret_update.go
View file

@ -17,12 +17,15 @@ limitations under the License.
package ssl
import (
"crypto/tls"
"fmt"
"net/http"
"strings"
"time"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -77,4 +80,45 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("starting syncing of secret %v/dummy", f.Namespace)))
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("error obtaining PEM from secret %v/dummy", f.Namespace)))
})
It("should return the fake SSL certificate if the secret is invalid", func() {
host := "invalid-ssl"
// create a secret without cert or key
f.EnsureSecret(&v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: host,
Namespace: f.Namespace,
},
})
f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, "http-svc", 80, nil))
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "server_name invalid-ssl") &&
strings.Contains(server, "listen 443")
})
req := gorequest.New()
resp, _, errs := req.
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
// check the returned secret is the fake one
cert := resp.TLS.PeerCertificates[0]
Expect(cert.DNSNames[0]).Should(Equal("ingress.local"))
Expect(cert.Subject.Organization[0]).Should(Equal("Acme Co"))
Expect(cert.Subject.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
// verify the log contains a warning about invalid certificate
log, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(log).ToNot(BeEmpty())
Expect(log).To(ContainSubstring(fmt.Sprintf("%v/invalid-ssl\" contains no keypair or CA certificate", f.Namespace)))
})
})