Fix lua config assessment
This commit is contained in:
Ricardo Katz
parent
3b12461265
commit
d049b2e652
3 changed files with 56 additions and 1 deletions
|
|
@ -16,6 +16,7 @@ package framework
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
@ -283,6 +284,15 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
|
||||||
Sleep(1 * time.Second)
|
Sleep(1 * time.Second)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WaitForLuaConfiguration waits until the nginx configuration contains a particular configuration
|
||||||
|
// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
|
||||||
|
func (f *Framework) WaitForLuaConfiguration(matcher func(jsonCfg map[string]interface{}) bool) {
|
||||||
|
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||||
|
err := wait.Poll(Poll, DefaultTimeout, f.matchLuaConditions(matcher))
|
||||||
|
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx lua configuration condition/s")
|
||||||
|
Sleep(1 * time.Second)
|
||||||
|
}
|
||||||
|
|
||||||
// WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
|
// WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
|
||||||
func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
|
func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
|
||||||
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||||
|
|
@ -326,6 +336,29 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *Framework) matchLuaConditions(matcher func(jsonCfg map[string]interface{}) bool) wait.ConditionFunc {
|
||||||
|
return func() (bool, error) {
|
||||||
|
cmd := "cat /etc/nginx/lua/cfg.json"
|
||||||
|
|
||||||
|
o, err := f.ExecCommand(f.pod, cmd)
|
||||||
|
if err != nil {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if klog.V(10).Enabled() && o != "" {
|
||||||
|
klog.InfoS("Lua", "configuration", o)
|
||||||
|
}
|
||||||
|
|
||||||
|
luaConfig := make(map[string]interface{}) // Use unstructured so we can walk through JSON
|
||||||
|
if err := json.Unmarshal([]byte(o), &luaConfig); err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// passes the lua interface to the function
|
||||||
|
return matcher(luaConfig), nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
|
func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
|
||||||
return func() (bool, error) {
|
return func() (bool, error) {
|
||||||
cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
|
cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ import (
|
||||||
appsv1 "k8s.io/api/apps/v1"
|
appsv1 "k8s.io/api/apps/v1"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/apimachinery/pkg/util/intstr"
|
"k8s.io/apimachinery/pkg/util/intstr"
|
||||||
|
|
||||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||||
|
|
@ -107,6 +108,11 @@ var _ = framework.DescribeSetting("OCSP", func() {
|
||||||
err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
|
err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
|
||||||
assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
|
assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
|
||||||
|
|
||||||
|
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||||
|
val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp")
|
||||||
|
return err == nil && ok && val
|
||||||
|
})
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))
|
return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))
|
||||||
|
|
|
||||||
|
|
@ -25,10 +25,11 @@ import (
|
||||||
"github.com/onsi/ginkgo/v2"
|
"github.com/onsi/ginkgo/v2"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||||
)
|
)
|
||||||
|
|
||||||
var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
|
var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() {
|
||||||
f := framework.NewDefaultFramework("settings-tls")
|
f := framework.NewDefaultFramework("settings-tls")
|
||||||
host := "settings-tls"
|
host := "settings-tls"
|
||||||
|
|
||||||
|
|
@ -109,6 +110,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
||||||
ginkgo.It("setting max-age parameter", func() {
|
ginkgo.It("setting max-age parameter", func() {
|
||||||
f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
|
f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
|
||||||
|
|
||||||
|
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||||
|
val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age")
|
||||||
|
return err == nil && ok && val == "86400"
|
||||||
|
})
|
||||||
|
|
||||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
GET("/").
|
GET("/").
|
||||||
WithURL(f.GetURL(framework.HTTPS)).
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
|
@ -124,6 +130,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
||||||
hstsIncludeSubdomains: "false",
|
hstsIncludeSubdomains: "false",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||||
|
val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains")
|
||||||
|
return err == nil && ok && !val
|
||||||
|
})
|
||||||
|
|
||||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
GET("/").
|
GET("/").
|
||||||
WithURL(f.GetURL(framework.HTTPS)).
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
|
@ -140,6 +151,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
||||||
hstsIncludeSubdomains: "false",
|
hstsIncludeSubdomains: "false",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||||
|
val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload")
|
||||||
|
return err == nil && ok && val
|
||||||
|
})
|
||||||
|
|
||||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
GET("/").
|
GET("/").
|
||||||
WithURL(f.GetURL(framework.HTTPS)).
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue