NGINX: Remove inline Lua from template. (#11806)

test/e2e/settings/no_tls_redirect_locations.go

@@ -33,7 +33,7 @@ var _ = framework.DescribeSetting("Add no tls redirect locations", func() {
 		f.EnsureIngress(ing)
 
 		f.WaitForNginxConfiguration(func(server string) bool {
-			return !strings.Contains(server, "force_no_ssl_redirect = true,")
+			return strings.Contains(server, "set $force_no_ssl_redirect \"false\"")
 		})
 
 		wlKey := "no-tls-redirect-locations"
@@ -42,7 +42,7 @@ var _ = framework.DescribeSetting("Add no tls redirect locations", func() {
 		f.UpdateNginxConfigMapData(wlKey, wlValue)
 
 		f.WaitForNginxConfiguration(func(server string) bool {
-			return strings.Contains(server, "force_no_ssl_redirect = true,")
+			return strings.Contains(server, "set $force_no_ssl_redirect \"true\"")
 		})
 	})
 })

test/e2e/settings/ocsp/ocsp.go

@@ -34,6 +34,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
 	"k8s.io/ingress-nginx/test/e2e/framework"
@@ -107,8 +108,9 @@ var _ = framework.DescribeSetting("OCSP", func() {
 		err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
 		assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
 
-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return strings.Contains(cfg, "certificate.is_ocsp_stapling_enabled = true")
+		f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+			val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp")
+			return err == nil && ok && val
 		})
 
 		f.WaitForNginxServer(host,

test/e2e/settings/tls.go

@@ -25,10 +25,11 @@ import (
 	"github.com/onsi/ginkgo/v2"
 	"github.com/stretchr/testify/assert"
 
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
-var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
+var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() {
 	f := framework.NewDefaultFramework("settings-tls")
 	host := "settings-tls"
 
@@ -109,8 +110,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 		ginkgo.It("setting max-age parameter", func() {
 			f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
 
-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_max_age = 86400,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age")
+				return err == nil && ok && val == "86400"
 			})
 
 			f.HTTPTestClientWithTLSConfig(tlsConfig).
@@ -128,8 +130,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})
 
-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_include_subdomains = false,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains")
+				return err == nil && ok && !val
 			})
 
 			f.HTTPTestClientWithTLSConfig(tlsConfig).
@@ -148,8 +151,9 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})
 
-			f.WaitForNginxConfiguration(func(server string) bool {
-				return strings.Contains(server, `hsts_preload = true,`)
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload")
+				return err == nil && ok && val
 			})
 
 			f.HTTPTestClientWithTLSConfig(tlsConfig).