DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2987 from ElvinEfendi/clear-e2e-test

Browse source 
cleanup dynamic cert e2e tests
This commit is contained in:
k8s-ci-robot 2018-08-25 04:38:03 -07:00 committed by GitHub
commit 3c507e98c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

191
test/e2e/lua/dynamic_certificates.go
View file

@ -17,15 +17,12 @@ limitations under the License.
package lua package lua
import ( import (
"crypto/tls"
"fmt" "fmt"
"net/http"
"strings" "strings"
"time" "time"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
appsv1beta1 "k8s.io/api/apps/v1beta1" appsv1beta1 "k8s.io/api/apps/v1beta1"
extensions "k8s.io/api/extensions/v1beta1" extensions "k8s.io/api/extensions/v1beta1"
@ -54,18 +51,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
}) })
It("picks up the certificate when we add TLS spec to existing ingress", func() { It("picks up the certificate when we add TLS spec to existing ingress", func() {
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)) ensureIngress(f, host)
Expect(err).NotTo(HaveOccurred())
Expect(ing).NotTo(BeNil())
time.Sleep(waitForLuaSync)
resp, _, errs := gorequest.New().
Get(f.IngressController.HTTPURL).
Set("Host", host).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
ing, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{}) ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
ing.Spec.TLS = []extensions.IngressTLS{ ing.Spec.TLS = []extensions.IngressTLS{
{ {
@ -80,30 +68,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing) _, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
By("configuring HTTPS endpoint")
err = f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "server_name "+host) &&
strings.Contains(server, "listen 443")
})
Expect(err).ToNot(HaveOccurred())
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
By("serving the configured certificate on HTTPS endpoint") ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
resp, _, errs = gorequest.New().
Get(f.IngressController.HTTPSURL).
Set("Host", ing.Spec.TLS[0].Hosts[0]).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
}) })
It("picks up the previously missing secret for a given ingress without reloading", func() { It("picks up the previously missing secret for a given ingress without reloading", func() {
@ -111,16 +78,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
Expect(ing).NotTo(BeNil()) Expect(ing).NotTo(BeNil())
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
resp, _, errs := gorequest.New(). ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, "ingress.local")
Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
Set("Host", host).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
_, err = framework.CreateIngressTLSSecret(f.KubeClientSet, _, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
ing.Spec.TLS[0].Hosts, ing.Spec.TLS[0].Hosts,
@ -141,18 +99,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
By("serving the configured certificate on HTTPS endpoint") By("serving the configured certificate on HTTPS endpoint")
resp, _, errs = gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
Get(f.IngressController.HTTPSURL).
Set("Host", ing.Spec.TLS[0].Hosts[0]).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
log, err := f.NginxLogs() log, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -173,24 +120,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
Expect(ing).NotTo(BeNil()) Expect(ing).NotTo(BeNil())
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
resp, _, errs := gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")
Get(f.IngressController.HTTPSURL).
Set("Host", host).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: host,
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
By("configuring HTTPS endpoint")
err = f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "server_name "+host) &&
strings.Contains(server, "listen 443")
})
Expect(err).ToNot(HaveOccurred())
_, err = framework.CreateIngressTLSSecret(f.KubeClientSet, _, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
ing.Spec.TLS[0].Hosts, ing.Spec.TLS[0].Hosts,
@ -212,33 +142,13 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
By("serving the configured certificate on HTTPS endpoint") By("serving the configured certificate on HTTPS endpoint")
resp, _, errs = gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
Get(f.IngressController.HTTPSURL).
Set("Host", ing.Spec.TLS[0].Hosts[0]).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
}) })
It("picks up the updated certificate without reloading", func() { It("picks up the updated certificate without reloading", func() {
ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{}) ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
resp, _, errs := gorequest.New(). ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)
Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
Set("Host", host).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
_, err = framework.CreateIngressTLSSecret(f.KubeClientSet, _, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
ing.Spec.TLS[0].Hosts, ing.Spec.TLS[0].Hosts,
@ -260,18 +170,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
By("serving the configured certificate on HTTPS endpoint") By("serving the configured certificate on HTTPS endpoint")
resp, _, errs = gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
Get(f.IngressController.HTTPSURL).
Set("Host", ing.Spec.TLS[0].Hosts[0]).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
log, err := f.NginxLogs() log, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -286,18 +185,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
}) })
It("falls back to using default certificate when secret gets deleted without reloading", func() { It("falls back to using default certificate when secret gets deleted without reloading", func() {
ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{}) ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
resp, _, errs := gorequest.New(). ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)
Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
Set("Host", host).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.KubeClientSet.CoreV1().Secrets(ing.Namespace).Delete(ing.Spec.TLS[0].SecretName, nil) f.KubeClientSet.CoreV1().Secrets(ing.Namespace).Delete(ing.Spec.TLS[0].SecretName, nil)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -316,18 +206,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
time.Sleep(waitForLuaSync) time.Sleep(waitForLuaSync)
By("serving the default certificate on HTTPS endpoint") By("serving the default certificate on HTTPS endpoint")
resp, _, errs = gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")
Get(f.IngressController.HTTPSURL).
Set("Host", ing.Spec.TLS[0].Hosts[0]).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: ing.Spec.TLS[0].Hosts[0],
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].Issuer.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
log, err := f.NginxLogs() log, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
@ -343,58 +222,26 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
It("picks up a non-certificate only change", func() { It("picks up a non-certificate only change", func() {
newHost := "foo2.com" newHost := "foo2.com"
ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{}) ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
ing.Spec.Rules[0].Host = newHost ing.Spec.Rules[0].Host = newHost
_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing) _, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
time.Sleep(waitForLuaSync)
By("configuring HTTPS endpoint")
err = f.WaitForNginxServer(newHost,
func(server string) bool {
return strings.Contains(server, "server_name "+newHost) &&
strings.Contains(server, "listen 443")
})
Expect(err).ToNot(HaveOccurred())
By("serving the configured certificate on HTTPS endpoint") By("serving the configured certificate on HTTPS endpoint")
resp, _, errs := gorequest.New(). ensureHTTPSRequest(f.IngressController.HTTPSURL, newHost, "ingress.local")
Get(f.IngressController.HTTPSURL).
Set("Host", newHost).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: newHost,
}).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].Issuer.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
}) })
It("removes HTTPS configuration when we delete TLS spec", func() { It("removes HTTPS configuration when we delete TLS spec", func() {
ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{}) ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
ing.Spec.TLS = []extensions.IngressTLS{} ing.Spec.TLS = []extensions.IngressTLS{}
_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing) _, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
By("configuring HTTP endpoint") time.Sleep(waitForLuaSync)
err = f.WaitForNginxServer(host,
func(server string) bool {
return !strings.Contains(server, "ssl_certificate_by_lua_block") &&
!strings.Contains(server, "listen 443")
})
Expect(err).ToNot(HaveOccurred())
resp, _, errs := gorequest.New(). ensureRequest(f, host)
Get(f.IngressController.HTTPURL).
Set("Host", host).
End()
Expect(len(errs)).Should(BeNumerically("==", 0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
}) })
}) })
}) })

16
test/e2e/lua/dynamic_configuration.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package lua package lua
import ( import (
"crypto/tls"
"fmt" "fmt"
"net/http" "net/http"
"regexp" "regexp"
@ -170,6 +171,21 @@ func ensureRequest(f *framework.Framework, host string) {
Expect(resp.StatusCode).Should(Equal(http.StatusOK)) Expect(resp.StatusCode).Should(Equal(http.StatusOK))
} }
func ensureHTTPSRequest(url string, host string, expectedDNSName string) {
resp, _, errs := gorequest.New().
Get(url).
Set("Host", host).
TLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: host,
}).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(expectedDNSName))
}
func getCookie(name string, cookies []*http.Cookie) (*http.Cookie, error) { func getCookie(name string, cookies []*http.Cookie) (*http.Cookie, error) {
for _, cookie := range cookies { for _, cookie := range cookies {
if cookie.Name == name { if cookie.Name == name {