Refacored proxy ssl TC-s
This commit is contained in:
Balazs Szekeres
parent
a9c706be12
commit
fd66e6337b
1 changed files with 69 additions and 20 deletions
|
|
@ -18,6 +18,7 @@ package annotations
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
|
@ -35,66 +36,114 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
|
|||
|
||||
ginkgo.It("should set valid proxy-ssl-secret", func() {
|
||||
host := "proxyssl.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
||||
}
|
||||
annotations := make(map[string]string)
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||
|
||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusPermanentRedirect)
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
|
||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, and proxy-ssl-verify-depth to 2", func() {
|
||||
host := "proxyssl.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-verify": "on",
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-verify-depth": "2",
|
||||
}
|
||||
annotations := make(map[string]string)
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify-depth"] = "2"
|
||||
|
||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2)
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusPermanentRedirect)
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
|
||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
|
||||
host := "proxyssl.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-ciphers": "HIGH:!AES",
|
||||
}
|
||||
annotations := make(map[string]string)
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-ciphers"] = "HIGH:!AES"
|
||||
|
||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
assertProxySSL(f, host, "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusPermanentRedirect)
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
|
||||
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
|
||||
host := "proxyssl.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
|
||||
"nginx.ingress.kubernetes.io/proxy-ssl-protocols": "TLSv1.2 TLSv1.3",
|
||||
}
|
||||
annotations := make(map[string]string)
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
|
||||
annotations["nginx.ingress.kubernetes.io/proxy-ssl-protocols"] = "TLSv1.2 TLSv1.3"
|
||||
|
||||
_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
assertProxySSL(f, host, "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1)
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusPermanentRedirect)
|
||||
|
||||
f.HTTPTestClientWithTLSConfig(tlsConfig).
|
||||
GET("/").
|
||||
WithURL(f.GetURL(framework.HTTPS)).
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
})
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue