Added proxy-ssl-location-only test.
This commit is contained in:
Balazs Szekeres
parent
f4b17d345f
commit
d362475334
2 changed files with 96 additions and 0 deletions
|
|
@ -145,6 +145,55 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
|
|||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
|
||||
ginkgo.It("proxy-ssl-location-only flag should change the nginx config server part", func() {
|
||||
host := "proxyssl.com"
|
||||
|
||||
f.NewEchoDeploymentWithNameAndReplicas("echodeployment", 1)
|
||||
|
||||
secretName := "secretone"
|
||||
annotations := make(map[string]string)
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + secretName
|
||||
annotations["nginx.ingress.kubernetes.io/backend-protocol"] = "HTTPS"
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
|
||||
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, secretName, f.Namespace)
|
||||
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
ing := framework.NewSingleIngressWithTLS(host, "/bar", host, []string{tlsConfig.ServerName}, f.Namespace, "echodeployment", 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
wlKey := "proxy-ssl-location-only"
|
||||
wlValue := "true"
|
||||
f.UpdateNginxConfigMapData(wlKey, wlValue)
|
||||
|
||||
assertProxySSLName(f, host, secretName, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 1)
|
||||
|
||||
f.WaitForNginxCustomConfiguration("## start server proxyssl.com", "location ", func(server string) bool {
|
||||
return (!strings.Contains(server, "proxy_ssl_trusted_certificate") &&
|
||||
!strings.Contains(server, "proxy_ssl_ciphers") &&
|
||||
!strings.Contains(server, "proxy_ssl_protocols") &&
|
||||
!strings.Contains(server, "proxy_ssl_verify") &&
|
||||
!strings.Contains(server, "proxy_ssl_verify_depth") &&
|
||||
!strings.Contains(server, "proxy_ssl_certificate") &&
|
||||
!strings.Contains(server, "proxy_ssl_certificate_key"))
|
||||
})
|
||||
|
||||
wlKey = "proxy-ssl-location-only"
|
||||
wlValue = "false"
|
||||
f.UpdateNginxConfigMapData(wlKey, wlValue)
|
||||
|
||||
f.WaitForNginxCustomConfiguration("## start server proxyssl.com", "location ", func(server string) bool {
|
||||
return (strings.Contains(server, "proxy_ssl_trusted_certificate") &&
|
||||
strings.Contains(server, "proxy_ssl_ciphers") &&
|
||||
strings.Contains(server, "proxy_ssl_protocols") &&
|
||||
strings.Contains(server, "proxy_ssl_verify") &&
|
||||
strings.Contains(server, "proxy_ssl_verify_depth") &&
|
||||
strings.Contains(server, "proxy_ssl_certificate") &&
|
||||
strings.Contains(server, "proxy_ssl_certificate_key"))
|
||||
})
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
func assertProxySSL(f *framework.Framework, host, ciphers, protocols, verify string, depth int) {
|
||||
|
|
@ -160,3 +209,17 @@ func assertProxySSL(f *framework.Framework, host, ciphers, protocols, verify str
|
|||
strings.Contains(server, fmt.Sprintf("proxy_ssl_verify_depth %d;", depth))
|
||||
})
|
||||
}
|
||||
|
||||
func assertProxySSLName(f *framework.Framework, host, sslName, ciphers, protocols, verify string, depth int) {
|
||||
certFile := fmt.Sprintf("/etc/ingress-controller/ssl/%s-%s.pem", f.Namespace, sslName)
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate %s;", certFile)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate_key %s;", certFile)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_trusted_certificate %s;", certFile)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_ciphers %s;", ciphers)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_protocols %s;", protocols)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_verify %s;", verify)) &&
|
||||
strings.Contains(server, fmt.Sprintf("proxy_ssl_verify_depth %d;", depth))
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -213,6 +213,12 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
|
|||
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s")
|
||||
}
|
||||
|
||||
// WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
|
||||
func (f *Framework) WaitForNginxCustomConfiguration(from string, to string, matcher func(cfg string) bool) {
|
||||
err := wait.Poll(Poll, DefaultTimeout, f.matchNginxCustomConditions(from, to, matcher))
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s")
|
||||
}
|
||||
|
||||
func nginxLogs(client kubernetes.Interface, namespace string) (string, error) {
|
||||
pod, err := getIngressNGINXPod(namespace, client)
|
||||
if err != nil {
|
||||
|
|
@ -263,6 +269,33 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
|
|||
}
|
||||
}
|
||||
|
||||
func (f *Framework) matchNginxCustomConditions(from string, to string, matcher func(cfg string) bool) wait.ConditionFunc {
|
||||
return func() (bool, error) {
|
||||
pod, err := getIngressNGINXPod(f.Namespace, f.KubeClientSet)
|
||||
if err != nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
|
||||
|
||||
o, err := f.ExecCommand(pod, cmd)
|
||||
if err != nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if klog.V(10) && len(o) > 0 {
|
||||
klog.Infof("nginx.conf:\n%v", o)
|
||||
}
|
||||
|
||||
// passes the nginx config to the passed function
|
||||
if matcher(strings.Join(strings.Fields(o), " ")) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return false, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (f *Framework) getNginxConfigMap() (*v1.ConfigMap, error) {
|
||||
return f.getConfigMap("nginx-ingress-controller")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue