Add dynamic certificate feature to controller
This commit is contained in:
Henry Tran
parent
b4942ccd03
commit
7faf089082
12 changed files with 342 additions and 29 deletions
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package controller
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
|
|
@ -52,6 +53,9 @@ func TestIsDynamicConfigurationEnough(t *testing.T) {
|
|||
Backend: "fakenamespace-myapp-80",
|
||||
},
|
||||
},
|
||||
SSLCert: ingress.SSLCert{
|
||||
PemCertKey: "fake-certificate",
|
||||
},
|
||||
}}
|
||||
|
||||
commonConfig := &ingress.Configuration{
|
||||
|
|
@ -64,6 +68,9 @@ func TestIsDynamicConfigurationEnough(t *testing.T) {
|
|||
Backends: backends,
|
||||
Servers: servers,
|
||||
},
|
||||
cfg: &Configuration{
|
||||
DynamicCertificatesEnabled: false,
|
||||
},
|
||||
}
|
||||
|
||||
newConfig := commonConfig
|
||||
|
|
@ -87,11 +94,53 @@ func TestIsDynamicConfigurationEnough(t *testing.T) {
|
|||
t.Errorf("Expected to be dynamically configurable when only backends change")
|
||||
}
|
||||
|
||||
n.cfg.DynamicCertificatesEnabled = true
|
||||
|
||||
newServers := []*ingress.Server{{
|
||||
Hostname: "myapp1.fake",
|
||||
Locations: []*ingress.Location{
|
||||
{
|
||||
Path: "/",
|
||||
Backend: "fakenamespace-myapp-80",
|
||||
},
|
||||
},
|
||||
SSLCert: ingress.SSLCert{
|
||||
PemCertKey: "fake-certificate",
|
||||
},
|
||||
}}
|
||||
|
||||
newConfig = &ingress.Configuration{
|
||||
Backends: backends,
|
||||
Servers: newServers,
|
||||
}
|
||||
if n.IsDynamicConfigurationEnough(newConfig) {
|
||||
t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated")
|
||||
}
|
||||
|
||||
newServers[0].Hostname = "myapp.fake"
|
||||
newServers[0].SSLCert.PemCertKey = "new-fake-certificate"
|
||||
|
||||
newConfig = &ingress.Configuration{
|
||||
Backends: backends,
|
||||
Servers: newServers,
|
||||
}
|
||||
if !n.IsDynamicConfigurationEnough(newConfig) {
|
||||
t.Errorf("Expected to be dynamically configurable when only SSLCert changes")
|
||||
}
|
||||
|
||||
newConfig = &ingress.Configuration{
|
||||
Backends: []*ingress.Backend{{Name: "a-backend-8080"}},
|
||||
Servers: newServers,
|
||||
}
|
||||
if !n.IsDynamicConfigurationEnough(newConfig) {
|
||||
t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes")
|
||||
}
|
||||
|
||||
if !n.runningConfig.Equal(commonConfig) {
|
||||
t.Errorf("Expected running config to not change")
|
||||
}
|
||||
|
||||
if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: servers}) {
|
||||
if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) {
|
||||
t.Errorf("Expected new config to not change")
|
||||
}
|
||||
}
|
||||
|
|
@ -157,7 +206,7 @@ func TestConfigureDynamically(t *testing.T) {
|
|||
port := ts.Listener.Addr().(*net.TCPAddr).Port
|
||||
defer ts.Close()
|
||||
|
||||
err := configureDynamically(commonConfig, port)
|
||||
err := configureDynamically(commonConfig, port, false)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error posting dynamic configuration: %v", err)
|
||||
}
|
||||
|
|
@ -167,6 +216,56 @@ func TestConfigureDynamically(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestConfigureCertificates(t *testing.T) {
|
||||
|
||||
servers := []*ingress.Server{{
|
||||
Hostname: "myapp.fake",
|
||||
SSLCert: ingress.SSLCert{
|
||||
PemCertKey: "fake-cert",
|
||||
},
|
||||
}}
|
||||
|
||||
commonConfig := &ingress.Configuration{
|
||||
Servers: servers,
|
||||
}
|
||||
|
||||
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
|
||||
if r.Method != "POST" {
|
||||
t.Errorf("expected a 'POST' request, got '%s'", r.Method)
|
||||
}
|
||||
|
||||
b, err := ioutil.ReadAll(r.Body)
|
||||
if err != nil && err != io.EOF {
|
||||
t.Fatal(err)
|
||||
}
|
||||
var postedServers []ingress.Server
|
||||
err = json.Unmarshal(b, &postedServers)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if len(servers) != len(postedServers) {
|
||||
t.Errorf("Expected servers to be the same length as the posted servers")
|
||||
}
|
||||
|
||||
for i, server := range servers {
|
||||
if !server.Equal(&postedServers[i]) {
|
||||
t.Errorf("Expected servers and posted servers to be equal")
|
||||
}
|
||||
}
|
||||
}))
|
||||
|
||||
port := ts.Listener.Addr().(*net.TCPAddr).Port
|
||||
defer ts.Close()
|
||||
|
||||
err := configureCertificates(commonConfig, port)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error posting dynamic certificate configuration: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNginxHashBucketSize(t *testing.T) {
|
||||
tests := []struct {
|
||||
n int
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue