Add e2e test for invalid secrets
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
8ca5c1cba9
commit
225f881ed0
1 changed files with 44 additions and 0 deletions
|
|
@ -17,12 +17,15 @@ limitations under the License.
|
||||||
package ssl
|
package ssl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
. "github.com/onsi/ginkgo"
|
. "github.com/onsi/ginkgo"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
|
"github.com/parnurzeal/gorequest"
|
||||||
|
|
||||||
v1 "k8s.io/api/core/v1"
|
v1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
@ -77,4 +80,45 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
|
||||||
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("starting syncing of secret %v/dummy", f.Namespace)))
|
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("starting syncing of secret %v/dummy", f.Namespace)))
|
||||||
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("error obtaining PEM from secret %v/dummy", f.Namespace)))
|
Expect(log).ToNot(ContainSubstring(fmt.Sprintf("error obtaining PEM from secret %v/dummy", f.Namespace)))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("should return the fake SSL certificate if the secret is invalid", func() {
|
||||||
|
host := "invalid-ssl"
|
||||||
|
|
||||||
|
// create a secret without cert or key
|
||||||
|
f.EnsureSecret(&v1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: host,
|
||||||
|
Namespace: f.Namespace,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, "http-svc", 80, nil))
|
||||||
|
|
||||||
|
f.WaitForNginxServer(host,
|
||||||
|
func(server string) bool {
|
||||||
|
return strings.Contains(server, "server_name invalid-ssl") &&
|
||||||
|
strings.Contains(server, "listen 443")
|
||||||
|
})
|
||||||
|
|
||||||
|
req := gorequest.New()
|
||||||
|
resp, _, errs := req.
|
||||||
|
Get(f.GetURL(framework.HTTPS)).
|
||||||
|
TLSClientConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
|
||||||
|
Set("Host", host).
|
||||||
|
End()
|
||||||
|
Expect(errs).Should(BeEmpty())
|
||||||
|
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
|
||||||
|
|
||||||
|
// check the returned secret is the fake one
|
||||||
|
cert := resp.TLS.PeerCertificates[0]
|
||||||
|
Expect(cert.DNSNames[0]).Should(Equal("ingress.local"))
|
||||||
|
Expect(cert.Subject.Organization[0]).Should(Equal("Acme Co"))
|
||||||
|
Expect(cert.Subject.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
|
||||||
|
|
||||||
|
// verify the log contains a warning about invalid certificate
|
||||||
|
log, err := f.NginxLogs()
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
Expect(log).ToNot(BeEmpty())
|
||||||
|
Expect(log).To(ContainSubstring(fmt.Sprintf("%v/invalid-ssl\" contains no keypair or CA certificate", f.Namespace)))
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue