Remove e2e boilerplate
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
a06f724efa
commit
83dc4607c5
44 changed files with 432 additions and 871 deletions
|
|
@ -30,8 +30,7 @@ var _ = framework.IngressNginxDescribe("Configmap change", func() {
|
|||
f := framework.NewDefaultFramework("configmap-change")
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
|
|
@ -40,22 +39,20 @@ var _ = framework.IngressNginxDescribe("Configmap change", func() {
|
|||
It("should reload after an update in the configuration", func() {
|
||||
host := "configmap-change"
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
wlKey := "whitelist-source-range"
|
||||
wlValue := "1.1.1.1"
|
||||
|
||||
By("adding a whitelist-source-range")
|
||||
|
||||
err = f.UpdateNginxConfigMapData(wlKey, wlValue)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(wlKey, wlValue)
|
||||
|
||||
checksumRegex := regexp.MustCompile("Configuration checksum:\\s+(\\d+)")
|
||||
checksum := ""
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
// before returning, extract the current checksum
|
||||
match := checksumRegex.FindStringSubmatch(cfg)
|
||||
|
|
@ -66,16 +63,14 @@ var _ = framework.IngressNginxDescribe("Configmap change", func() {
|
|||
return strings.Contains(cfg, "geo $the_real_ip $deny_") &&
|
||||
strings.Contains(cfg, "1.1.1.1 0")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(checksum).NotTo(BeEmpty())
|
||||
|
||||
By("changing error-log-level")
|
||||
|
||||
err = f.UpdateNginxConfigMapData("error-log-level", "debug")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData("error-log-level", "debug")
|
||||
|
||||
newChecksum := ""
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
match := checksumRegex.FindStringSubmatch(cfg)
|
||||
if len(match) > 0 {
|
||||
|
|
@ -84,8 +79,6 @@ var _ = framework.IngressNginxDescribe("Configmap change", func() {
|
|||
|
||||
return strings.ContainsAny(cfg, "error_log /var/log/nginx/error.log debug;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
Expect(checksum).NotTo(BeEquivalentTo(newChecksum))
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -34,11 +34,8 @@ var _ = framework.IngressNginxDescribe("X-Forwarded headers", func() {
|
|||
setting := "use-forwarded-headers"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.UpdateNginxConfigMapData(setting, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
f.UpdateNginxConfigMapData(setting, "false")
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
|
|
@ -47,18 +44,15 @@ var _ = framework.IngressNginxDescribe("X-Forwarded headers", func() {
|
|||
It("should trust X-Forwarded headers when setting is true", func() {
|
||||
host := "forwarded-headers"
|
||||
|
||||
err := f.UpdateNginxConfigMapData(setting, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(setting, "true")
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "server_name forwarded-headers")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, body, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPURL).
|
||||
|
|
@ -80,18 +74,14 @@ var _ = framework.IngressNginxDescribe("X-Forwarded headers", func() {
|
|||
It("should not trust X-Forwarded headers when setting is false", func() {
|
||||
host := "forwarded-headers"
|
||||
|
||||
err := f.UpdateNginxConfigMapData(setting, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(setting, "false")
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "server_name forwarded-headers")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, body, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPURL).
|
||||
|
|
|
|||
|
|
@ -33,28 +33,22 @@ var _ = framework.IngressNginxDescribe("Global access block", func() {
|
|||
host := "global-access-block"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeploymentWithReplicas(1)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
f.NewEchoDeploymentWithReplicas(1)
|
||||
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
})
|
||||
|
||||
It("should block CIDRs defined in the ConfigMap", func() {
|
||||
err := f.UpdateNginxConfigMapData("block-cidrs", "172.16.0.0/12,192.168.0.0/16,10.0.0.0/8")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData("block-cidrs", "172.16.0.0/12,192.168.0.0/16,10.0.0.0/8")
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "deny 172.16.0.0/12;") &&
|
||||
strings.Contains(cfg, "deny 192.168.0.0/16;") &&
|
||||
strings.Contains(cfg, "deny 10.0.0.0/8;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// This test works for minikube, but may have problems with real kubernetes clusters,
|
||||
// especially if connection is done via Internet. In this case, the test should be disabled/removed.
|
||||
|
|
@ -67,15 +61,13 @@ var _ = framework.IngressNginxDescribe("Global access block", func() {
|
|||
})
|
||||
|
||||
It("should block User-Agents defined in the ConfigMap", func() {
|
||||
err := f.UpdateNginxConfigMapData("block-user-agents", "~*chrome\\/68\\.0\\.3440\\.106\\ safari\\/537\\.36,AlphaBot")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData("block-user-agents", "~*chrome\\/68\\.0\\.3440\\.106\\ safari\\/537\\.36,AlphaBot")
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "~*chrome\\/68\\.0\\.3440\\.106\\ safari\\/537\\.36 1;") &&
|
||||
strings.Contains(cfg, "AlphaBot 1;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Should be blocked
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -105,15 +97,13 @@ var _ = framework.IngressNginxDescribe("Global access block", func() {
|
|||
})
|
||||
|
||||
It("should block Referers defined in the ConfigMap", func() {
|
||||
err := f.UpdateNginxConfigMapData("block-referers", "~*example\\.com,qwerty")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData("block-referers", "~*example\\.com,qwerty")
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "~*example\\.com 1;") &&
|
||||
strings.Contains(cfg, "qwerty 1;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Should be blocked
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
"strings"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
|
@ -31,13 +30,11 @@ var _ = framework.IngressNginxDescribe("Main Snippet", func() {
|
|||
|
||||
It("should add value of main-snippet setting to nginx config", func() {
|
||||
expectedComment := "# main snippet"
|
||||
err := f.UpdateNginxConfigMapData(mainSnippet, expectedComment)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(mainSnippet, expectedComment)
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, expectedComment)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
"strings"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
|
@ -31,34 +30,29 @@ var _ = framework.IngressNginxDescribe("Multi Accept", func() {
|
|||
|
||||
It("should be enabled by default", func() {
|
||||
expectedDirective := "multi_accept on;"
|
||||
err := f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, expectedDirective)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should be enabled when set to true", func() {
|
||||
expectedDirective := "multi_accept on;"
|
||||
err := f.UpdateNginxConfigMapData(multiAccept, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(multiAccept, "true")
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, expectedDirective)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should be disabled when set to false", func() {
|
||||
expectedDirective := "multi_accept off;"
|
||||
err := f.UpdateNginxConfigMapData(multiAccept, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(multiAccept, "false")
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, expectedDirective)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -43,32 +43,24 @@ var _ = framework.IngressNginxDescribe("No Auth locations", func() {
|
|||
noAuthPath := "/noauth"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
|
||||
s, err := f.EnsureSecret(buildSecret(username, password, secretName, f.IngressController.Namespace))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
s := f.EnsureSecret(buildSecret(username, password, secretName, f.IngressController.Namespace))
|
||||
|
||||
err = f.UpdateNginxConfigMapData(setting, noAuthPath)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(setting, noAuthPath)
|
||||
|
||||
bi := buildBasicAuthIngressWithSecondPath(host, f.IngressController.Namespace, s.Name, noAuthPath)
|
||||
ing, err := f.EnsureIngress(bi)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
f.EnsureIngress(bi)
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
})
|
||||
|
||||
It("should return status code 401 when accessing '/' unauthentication", func() {
|
||||
err := f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("test auth"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, body, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPURL).
|
||||
|
|
@ -81,11 +73,10 @@ var _ = framework.IngressNginxDescribe("No Auth locations", func() {
|
|||
})
|
||||
|
||||
It("should return status code 200 when accessing '/' authentication", func() {
|
||||
err := f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("test auth"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPURL).
|
||||
|
|
@ -98,11 +89,10 @@ var _ = framework.IngressNginxDescribe("No Auth locations", func() {
|
|||
})
|
||||
|
||||
It("should return status code 200 when accessing '/noauth' unauthenticated", func() {
|
||||
err := f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("test auth"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs := gorequest.New().
|
||||
Get(fmt.Sprintf("%s/noauth", f.IngressController.HTTPURL)).
|
||||
|
|
@ -156,8 +146,9 @@ func buildBasicAuthIngressWithSecondPath(host, namespace, secretName, pathName s
|
|||
|
||||
func buildSecret(username, password, name, namespace string) *corev1.Secret {
|
||||
out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
|
||||
Expect(err).NotTo(HaveOccurred(), "creating password")
|
||||
|
||||
encpass := fmt.Sprintf("%v:%s\n", username, out)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
return &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
|
|
|
|||
|
|
@ -35,11 +35,8 @@ var _ = framework.IngressNginxDescribe("Proxy Protocol", func() {
|
|||
setting := "use-proxy-protocol"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.UpdateNginxConfigMapData(setting, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
f.UpdateNginxConfigMapData(setting, "false")
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
|
|
@ -48,27 +45,22 @@ var _ = framework.IngressNginxDescribe("Proxy Protocol", func() {
|
|||
It("should respect port passed by the PROXY Protocol", func() {
|
||||
host := "proxy-protocol"
|
||||
|
||||
err := f.UpdateNginxConfigMapData(setting, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(setting, "true")
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "server_name proxy-protocol") &&
|
||||
strings.Contains(server, "listen 80 proxy_protocol")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
ip, err := f.GetNginxIP()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
ip := f.GetNginxIP()
|
||||
port, err := f.GetNginxPort("http")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(err).NotTo(HaveOccurred(), "unexpected error obtaning NGINX Port")
|
||||
|
||||
conn, err := net.Dial("tcp", net.JoinHostPort(ip, strconv.Itoa(port)))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(err).NotTo(HaveOccurred(), "unexpected error creating connection to %s:%d", ip, port)
|
||||
defer conn.Close()
|
||||
|
||||
header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 1234\r\n"
|
||||
|
|
@ -76,7 +68,7 @@ var _ = framework.IngressNginxDescribe("Proxy Protocol", func() {
|
|||
conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
|
||||
|
||||
data, err := ioutil.ReadAll(conn)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(err).NotTo(HaveOccurred(), "unexpected error reading connection data")
|
||||
body := string(data)
|
||||
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", "proxy-protocol")))
|
||||
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=80")))
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
"strings"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"k8s.io/api/extensions/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
|
@ -33,34 +32,28 @@ var _ = framework.IngressNginxDescribe("Server Tokens", func() {
|
|||
serverTokens := "server-tokens"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
})
|
||||
|
||||
It("should not exists Server header in the response", func() {
|
||||
err := f.UpdateNginxConfigMapData(serverTokens, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(serverTokens, "false")
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(serverTokens, "/", serverTokens, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
f.EnsureIngress(framework.NewSingleIngress(serverTokens, "/", serverTokens, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "server_tokens off") &&
|
||||
strings.Contains(cfg, "more_clear_headers Server;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should exists Server header in the response when is enabled", func() {
|
||||
err := f.UpdateNginxConfigMapData(serverTokens, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.UpdateNginxConfigMapData(serverTokens, "true")
|
||||
|
||||
ing, err := f.EnsureIngress(&v1beta1.Ingress{
|
||||
f.EnsureIngress(&v1beta1.Ingress{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: serverTokens,
|
||||
Namespace: f.IngressController.Namespace,
|
||||
|
|
@ -88,13 +81,9 @@ var _ = framework.IngressNginxDescribe("Server Tokens", func() {
|
|||
},
|
||||
})
|
||||
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "server_tokens on")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -34,8 +34,7 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
host := "settings-tls"
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewEchoDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
|
|
@ -52,19 +51,15 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
tlsConfig, err := tlsEndpoint(f, host)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig)
|
||||
|
||||
By("setting cipher suite")
|
||||
f.UpdateNginxConfigMapData(sslCiphers, testCiphers)
|
||||
|
||||
err = f.UpdateNginxConfigMapData(sslCiphers, testCiphers)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, fmt.Sprintf("ssl_ciphers '%s';", testCiphers))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPSURL).
|
||||
|
|
@ -78,15 +73,12 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
Expect(resp.TLS.CipherSuite).Should(BeNumerically("==", tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
|
||||
|
||||
By("enforcing TLS v1.0")
|
||||
f.UpdateNginxConfigMapData(sslProtocols, "TLSv1")
|
||||
|
||||
err = f.UpdateNginxConfigMapData(sslProtocols, "TLSv1")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxConfiguration(
|
||||
f.WaitForNginxConfiguration(
|
||||
func(cfg string) bool {
|
||||
return strings.Contains(cfg, "ssl_protocols TLSv1;")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs = gorequest.New().
|
||||
Get(f.IngressController.HTTPSURL).
|
||||
|
|
@ -108,19 +100,15 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
tlsConfig, err := tlsEndpoint(f, host)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
framework.WaitForTLS(f.IngressController.HTTPSURL, tlsConfig)
|
||||
|
||||
By("setting max-age parameter")
|
||||
f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
|
||||
|
||||
err = f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "Strict-Transport-Security: max-age=86400; includeSubDomains\"")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs := gorequest.New().
|
||||
Get(f.IngressController.HTTPSURL).
|
||||
|
|
@ -133,15 +121,12 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
Expect(resp.Header.Get("Strict-Transport-Security")).Should(ContainSubstring("max-age=86400"))
|
||||
|
||||
By("setting includeSubDomains parameter")
|
||||
f.UpdateNginxConfigMapData(hstsIncludeSubdomains, "false")
|
||||
|
||||
err = f.UpdateNginxConfigMapData(hstsIncludeSubdomains, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "Strict-Transport-Security: max-age=86400\"")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs = gorequest.New().
|
||||
Get(f.IngressController.HTTPSURL).
|
||||
|
|
@ -154,15 +139,12 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
Expect(resp.Header.Get("Strict-Transport-Security")).ShouldNot(ContainSubstring("includeSubDomains"))
|
||||
|
||||
By("setting preload parameter")
|
||||
f.UpdateNginxConfigMapData(hstsPreload, "true")
|
||||
|
||||
err = f.UpdateNginxConfigMapData(hstsPreload, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "Strict-Transport-Security: max-age=86400; preload\"")
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
resp, _, errs = gorequest.New().
|
||||
Get(f.IngressController.HTTPSURL).
|
||||
|
|
@ -177,11 +159,7 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
})
|
||||
|
||||
func tlsEndpoint(f *framework.Framework, host string) (*tls.Config, error) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
return framework.CreateIngressTLSSecret(f.KubeClientSet,
|
||||
ing.Spec.TLS[0].Hosts,
|
||||
ing.Spec.TLS[0].SecretName,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue