Refacored proxy ssl TC-s
This commit is contained in:
Balazs Szekeres
parent
a9c706be12
commit
fd66e6337b
1 changed files with 69 additions and 20 deletions
|
|
@ -18,6 +18,7 @@ package annotations
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/onsi/ginkgo"
|
"github.com/onsi/ginkgo"
|
||||||
|
|
@ -35,66 +36,114 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
|
||||||
|
|
||||||
ginkgo.It("should set valid proxy-ssl-secret", func() {
|
ginkgo.It("should set valid proxy-ssl-secret", func() {
|
||||||
host := "proxyssl.foo.com"
|
host := "proxyssl.foo.com"
|
||||||
annotations := map[string]string{
|
annotations := make(map[string]string)
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||||
}
|
|
||||||
|
|
||||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||||
assert.Nil(ginkgo.GinkgoT(), err)
|
assert.Nil(ginkgo.GinkgoT(), err)
|
||||||
|
|
||||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
|
|
||||||
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
||||||
|
|
||||||
|
f.HTTPTestClient().
|
||||||
|
GET("/").
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusPermanentRedirect)
|
||||||
|
|
||||||
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
|
GET("/").
|
||||||
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusOK)
|
||||||
})
|
})
|
||||||
|
|
||||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, and proxy-ssl-verify-depth to 2", func() {
|
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, and proxy-ssl-verify-depth to 2", func() {
|
||||||
host := "proxyssl.foo.com"
|
host := "proxyssl.foo.com"
|
||||||
annotations := map[string]string{
|
annotations := make(map[string]string)
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-verify": "on",
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-verify-depth": "2",
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify-depth"] = "2"
|
||||||
}
|
|
||||||
|
|
||||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||||
assert.Nil(ginkgo.GinkgoT(), err)
|
assert.Nil(ginkgo.GinkgoT(), err)
|
||||||
|
|
||||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
|
|
||||||
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2)
|
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2)
|
||||||
|
|
||||||
|
f.HTTPTestClient().
|
||||||
|
GET("/").
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusPermanentRedirect)
|
||||||
|
|
||||||
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
|
GET("/").
|
||||||
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusOK)
|
||||||
})
|
})
|
||||||
|
|
||||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
|
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
|
||||||
host := "proxyssl.foo.com"
|
host := "proxyssl.foo.com"
|
||||||
annotations := map[string]string{
|
annotations := make(map[string]string)
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-ciphers": "HIGH:!AES",
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-ciphers"] = "HIGH:!AES"
|
||||||
}
|
|
||||||
|
|
||||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||||
assert.Nil(ginkgo.GinkgoT(), err)
|
assert.Nil(ginkgo.GinkgoT(), err)
|
||||||
|
|
||||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
|
|
||||||
assertProxySSL(f, host, "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
assertProxySSL(f, host, "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
||||||
|
|
||||||
|
f.HTTPTestClient().
|
||||||
|
GET("/").
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusPermanentRedirect)
|
||||||
|
|
||||||
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
|
GET("/").
|
||||||
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusOK)
|
||||||
})
|
})
|
||||||
|
|
||||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
|
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
|
||||||
host := "proxyssl.foo.com"
|
host := "proxyssl.foo.com"
|
||||||
annotations := map[string]string{
|
annotations := make(map[string]string)
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||||
"nginx.ingress.kubernetes.io/proxy-ssl-protocols": "TLSv1.2 TLSv1.3",
|
annotations["nginx.ingress.kubernetes.io/proxy-ssl-protocols"] = "TLSv1.2 TLSv1.3"
|
||||||
}
|
|
||||||
|
|
||||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||||
assert.Nil(ginkgo.GinkgoT(), err)
|
assert.Nil(ginkgo.GinkgoT(), err)
|
||||||
|
|
||||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
|
|
||||||
assertProxySSL(f, host, "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1)
|
assertProxySSL(f, host, "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1)
|
||||||
|
|
||||||
|
f.HTTPTestClient().
|
||||||
|
GET("/").
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusPermanentRedirect)
|
||||||
|
|
||||||
|
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||||
|
GET("/").
|
||||||
|
WithURL(f.GetURL(framework.HTTPS)).
|
||||||
|
WithHeader("Host", host).
|
||||||
|
Expect().
|
||||||
|
Status(http.StatusOK)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue