From ec4fb05cad2c545045dd9c57a7115a8857827611 Mon Sep 17 00:00:00 2001
From: Manuel Alejandro de Brito Fontes <aledbf@gmail.com>
Date: Mon, 6 Jul 2020 16:39:47 -0400
Subject: [PATCH] Fix proxy ssl e2e test

---
 rootfs/etc/nginx/template/nginx.tmpl |  2 ++
 test/e2e/annotations/proxyssl.go     | 41 ++++++++++++----------------
 2 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 017feff81..834a331ae 100755
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -1309,6 +1309,8 @@ stream {
 
             {{ if not (empty $location.ProxySSL.ProxySSLName) }}
             proxy_ssl_name                          {{ $location.ProxySSL.ProxySSLName }};
+            {{ end }}
+            {{ if not (empty $location.ProxySSL.ProxySSLServerName) }}
             proxy_ssl_server_name                   {{ $location.ProxySSL.ProxySSLServerName }};
             {{ end }}
 
diff --git a/test/e2e/annotations/proxyssl.go b/test/e2e/annotations/proxyssl.go
index 1ab772d2c..0e928664e 100644
--- a/test/e2e/annotations/proxyssl.go
+++ b/test/e2e/annotations/proxyssl.go
@@ -45,7 +45,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
-		assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1, "on")
+		assertProxySSL(f, host, "", "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1, "")
 
 		f.HTTPTestClient().
 			GET("/").
@@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
-		assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2, "on")
+		assertProxySSL(f, host, "", "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2, "on")
 
 		f.HTTPTestClient().
 			GET("/").
@@ -103,7 +103,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
-		assertProxySSL(f, host, "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1, "off")
+		assertProxySSL(f, host, "", "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1, "")
 
 		f.HTTPTestClient().
 			GET("/").
@@ -131,7 +131,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
-		assertProxySSL(f, host, "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1, "off")
+		assertProxySSL(f, host, "", "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1, "")
 
 		f.HTTPTestClient().
 			GET("/").
@@ -169,7 +169,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 		wlValue := "true"
 		f.UpdateNginxConfigMapData(wlKey, wlValue)
 
-		assertProxySSLName(f, host, secretName, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 1, "on")
+		assertProxySSL(f, host, secretName, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 1, "on")
 
 		f.WaitForNginxCustomConfiguration("## start server proxyssl.com", "location ", func(server string) bool {
 			return (!strings.Contains(server, "proxy_ssl_trusted_certificate") &&
@@ -198,32 +198,27 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 
 })
 
-func assertProxySSL(f *framework.Framework, host, ciphers, protocols, verify string, depth int, proxySSLServerName string) {
+func assertProxySSL(f *framework.Framework, host, sslName, ciphers, protocols, verify string, depth int, proxySSLServerName string) {
 	certFile := fmt.Sprintf("/etc/ingress-controller/ssl/%s-%s.pem", f.Namespace, host)
-	f.WaitForNginxServer(host,
-		func(server string) bool {
-			return strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate %s;", certFile)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate_key %s;", certFile)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_trusted_certificate %s;", certFile)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_ciphers %s;", ciphers)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_protocols %s;", protocols)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_verify %s;", verify)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_verify_depth %d;", depth)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_server_name %s;", proxySSLServerName))
-		})
-}
 
-func assertProxySSLName(f *framework.Framework, host, sslName, ciphers, protocols, verify string, depth int, proxySSLServerName string) {
-	certFile := fmt.Sprintf("/etc/ingress-controller/ssl/%s-%s.pem", f.Namespace, sslName)
+	if sslName != "" {
+		certFile = fmt.Sprintf("/etc/ingress-controller/ssl/%s-%s.pem", f.Namespace, sslName)
+	}
+
 	f.WaitForNginxServer(host,
 		func(server string) bool {
-			return strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate %s;", certFile)) &&
+			c := strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate %s;", certFile)) &&
 				strings.Contains(server, fmt.Sprintf("proxy_ssl_certificate_key %s;", certFile)) &&
 				strings.Contains(server, fmt.Sprintf("proxy_ssl_trusted_certificate %s;", certFile)) &&
 				strings.Contains(server, fmt.Sprintf("proxy_ssl_ciphers %s;", ciphers)) &&
 				strings.Contains(server, fmt.Sprintf("proxy_ssl_protocols %s;", protocols)) &&
 				strings.Contains(server, fmt.Sprintf("proxy_ssl_verify %s;", verify)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_verify_depth %d;", depth)) &&
-				strings.Contains(server, fmt.Sprintf("proxy_ssl_server_name %s;", proxySSLServerName))
+				strings.Contains(server, fmt.Sprintf("proxy_ssl_verify_depth %d;", depth))
+
+			if proxySSLServerName == "" {
+				return c
+			}
+
+			return c && strings.Contains(server, fmt.Sprintf("proxy_ssl_server_name %s;", proxySSLServerName))
 		})
 }