Fix lua config assessment
This commit is contained in:
Ricardo Katz
parent
3b12461265
commit
d049b2e652
3 changed files with 56 additions and 1 deletions
|
|
@ -16,6 +16,7 @@ package framework
|
|||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
|
|
@ -283,6 +284,15 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
|
|||
Sleep(1 * time.Second)
|
||||
}
|
||||
|
||||
// WaitForLuaConfiguration waits until the nginx configuration contains a particular configuration
|
||||
// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
|
||||
func (f *Framework) WaitForLuaConfiguration(matcher func(jsonCfg map[string]interface{}) bool) {
|
||||
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||
err := wait.Poll(Poll, DefaultTimeout, f.matchLuaConditions(matcher))
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx lua configuration condition/s")
|
||||
Sleep(1 * time.Second)
|
||||
}
|
||||
|
||||
// WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
|
||||
func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
|
||||
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||
|
|
@ -326,6 +336,29 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
|
|||
}
|
||||
}
|
||||
|
||||
func (f *Framework) matchLuaConditions(matcher func(jsonCfg map[string]interface{}) bool) wait.ConditionFunc {
|
||||
return func() (bool, error) {
|
||||
cmd := "cat /etc/nginx/lua/cfg.json"
|
||||
|
||||
o, err := f.ExecCommand(f.pod, cmd)
|
||||
if err != nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if klog.V(10).Enabled() && o != "" {
|
||||
klog.InfoS("Lua", "configuration", o)
|
||||
}
|
||||
|
||||
luaConfig := make(map[string]interface{}) // Use unstructured so we can walk through JSON
|
||||
if err := json.Unmarshal([]byte(o), &luaConfig); err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
// passes the lua interface to the function
|
||||
return matcher(luaConfig), nil
|
||||
}
|
||||
}
|
||||
|
||||
func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
|
||||
return func() (bool, error) {
|
||||
cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import (
|
|||
appsv1 "k8s.io/api/apps/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
|
|
@ -107,6 +108,11 @@ var _ = framework.DescribeSetting("OCSP", func() {
|
|||
err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
|
||||
|
||||
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||
val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp")
|
||||
return err == nil && ok && val
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))
|
||||
|
|
|
|||
|
|
@ -25,10 +25,11 @@ import (
|
|||
"github.com/onsi/ginkgo/v2"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
|
||||
var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() {
|
||||
f := framework.NewDefaultFramework("settings-tls")
|
||||
host := "settings-tls"
|
||||
|
||||
|
|
@ -109,6 +110,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
|||
ginkgo.It("setting max-age parameter", func() {
|
||||
f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
|
||||
|
||||
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||
val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age")
|
||||
return err == nil && ok && val == "86400"
|
||||
})
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
|
|
@ -124,6 +130,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
|||
hstsIncludeSubdomains: "false",
|
||||
})
|
||||
|
||||
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||
val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains")
|
||||
return err == nil && ok && !val
|
||||
})
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
|
|
@ -140,6 +151,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
|
|||
hstsIncludeSubdomains: "false",
|
||||
})
|
||||
|
||||
f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
|
||||
val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload")
|
||||
return err == nil && ok && val
|
||||
})
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
|
|
|
|||
Loading…
Reference in a new issue