NGINX: Remove inline Lua from template. (#11806)

2024-09-08 18:48:12 -03:00 · 2024-09-08 18:48:12 -03:00 · 6510535ae0
commit 6510535ae0
parent ee61440780
30 changed files with 361 additions and 233 deletions
--- a/test/e2e/annotations/fromtowwwredirect.go
+++ b/test/e2e/annotations/fromtowwwredirect.go
@ -58,7 +58,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 			WithHeader("Host", fmt.Sprintf("%s.%s", "www", host)).
 			Expect().
 			Status(http.StatusPermanentRedirect).
-			Header("Location").Equal("http://fromtowwwredirect.bar.com/foo")
+			Header("Location").Equal("http://fromtowwwredirect.bar.com:80/foo")
 	})

 	ginkgo.It("should redirect from www HTTPS to HTTPS", func() {
@ -101,7 +101,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 			WithHeader("Host", toHost).
 			Expect().
 			Status(http.StatusPermanentRedirect).
-			Header("Location").Equal(fmt.Sprintf("https://%v", fromHost))
+			Header("Location").Equal(fmt.Sprintf("https://%v:443", fromHost))

 		ginkgo.By("sending request to domain should not redirect to www")
 		f.HTTPTestClientWithTLSConfig(&tls.Config{
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -16,6 +16,7 @@ package framework
 import (
 	"context"
 	"crypto/tls"
+	"encoding/json"
 	"fmt"
 	"net"
 	"net/http"
@ -283,6 +284,15 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
 	Sleep(1 * time.Second)
 }

+// WaitForLuaConfiguration waits until the nginx configuration contains a particular configuration
+// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
+func (f *Framework) WaitForLuaConfiguration(matcher func(jsonCfg map[string]interface{}) bool) {
+	//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
+	err := wait.Poll(Poll, DefaultTimeout, f.matchLuaConditions(matcher))
+	assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx lua configuration condition/s")
+	Sleep(1 * time.Second)
+}
+
 // WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
 func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
 	//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
@ -326,6 +336,29 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
 	}
 }

+func (f *Framework) matchLuaConditions(matcher func(jsonCfg map[string]interface{}) bool) wait.ConditionFunc {
+	return func() (bool, error) {
+		cmd := "cat /etc/nginx/lua/cfg.json"
+
+		o, err := f.ExecCommand(f.pod, cmd)
+		if err != nil {
+			return false, nil
+		}
+
+		if klog.V(10).Enabled() && o != "" {
+			klog.InfoS("Lua", "configuration", o)
+		}
+
+		luaConfig := make(map[string]interface{}) // Use unstructured so we can walk through JSON
+		if err := json.Unmarshal([]byte(o), &luaConfig); err != nil {
+			return false, err
+		}
+
+		// passes the lua interface to the function
+		return matcher(luaConfig), nil
+	}
+}
+
 func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
 	return func() (bool, error) {
 		cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
--- a/test/e2e/lua/dynamic_configuration.go
+++ b/test/e2e/lua/dynamic_configuration.go
@ -48,12 +48,7 @@ var _ = framework.IngressNginxDescribe("[Lua] dynamic configuration", func() {

 	ginkgo.It("configures balancer Lua middleware correctly", func() {
 		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return strings.Contains(cfg, "balancer.init_worker()") && strings.Contains(cfg, "balancer.balance()")
-		})
-
-		host := "foo.com"
-		f.WaitForNginxServer(host, func(server string) bool {
-			return strings.Contains(server, "balancer.rewrite()") && strings.Contains(server, "balancer.log()")
+			return strings.Contains(cfg, "balancer_by_lua_file /etc/nginx/lua/nginx/ngx_conf_balancer.lua")
 		})
 	})

--- a/test/e2e/settings/no_tls_redirect_locations.go
+++ b/test/e2e/settings/no_tls_redirect_locations.go
@ -33,7 +33,7 @@ var _ = framework.DescribeSetting("Add no tls redirect locations", func() {
 		f.EnsureIngress(ing)

 		f.WaitForNginxConfiguration(func(server string) bool {
-			return !strings.Contains(server, "force_no_ssl_redirect = true,")
+			return strings.Contains(server, "set $force_no_ssl_redirect \"false\"")
 		})

 		wlKey := "no-tls-redirect-locations"
@ -42,7 +42,7 @@ var _ = framework.DescribeSetting("Add no tls redirect locations", func() {
 		f.UpdateNginxConfigMapData(wlKey, wlValue)

 		f.WaitForNginxConfiguration(func(server string) bool {
-			return strings.Contains(server, "force_no_ssl_redirect = true,")
+			return strings.Contains(server, "set $force_no_ssl_redirect \"true\"")
 		})
 	})
 })
--- a/test/e2e/settings/ocsp/ocsp.go
+++ b/test/e2e/settings/ocsp/ocsp.go
@ -34,6 +34,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/intstr"

 	"k8s.io/ingress-nginx/test/e2e/framework"
@ -107,8 +108,9 @@ var _ = framework.DescribeSetting("OCSP", func() {
 		err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
 		assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")

-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return strings.Contains(cfg, "certificate.is_ocsp_stapling_enabled = true")
+		f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+			val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp")
+			return err == nil && ok && val
 		})

 		f.WaitForNginxServer(host,
--- a/test/e2e/settings/tls.go
+++ b/test/e2e/settings/tls.go
@ -25,10 +25,11 @@ import (
 	"github.com/onsi/ginkgo/v2"
 	"github.com/stretchr/testify/assert"

+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )

-var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
+var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() {
 	f := framework.NewDefaultFramework("settings-tls")
 	host := "settings-tls"

@ -109,8 +110,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 		ginkgo.It("setting max-age parameter", func() {
 			f.UpdateNginxConfigMapData(hstsMaxAge, "86400")

-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_max_age = 86400,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age")
+				return err == nil && ok && val == "86400"
 			})

 			f.HTTPTestClientWithTLSConfig(tlsConfig).
@ -128,8 +130,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})

-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_include_subdomains = false,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains")
+				return err == nil && ok && !val
 			})

 			f.HTTPTestClientWithTLSConfig(tlsConfig).
@ -148,8 +151,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})

-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_preload = true,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload")
+				return err == nil && ok && val
 			})

 			f.HTTPTestClientWithTLSConfig(tlsConfig).