DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for multiple alias and remove duplication of SSL certificates (#4472)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-08-26 10:58:44 -04:00 committed by GitHub
parent 4847bb02f0
commit 8def5ef7ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 190 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

26
rootfs/etc/nginx/lua/test/certificate_test.lua
View file

@ -11,6 +11,8 @@ end
local EXAMPLE_CERT = read_file("rootfs/etc/nginx/lua/test/fixtures/example-com-cert.pem")
local DEFAULT_CERT = read_file("rootfs/etc/nginx/lua/test/fixtures/default-cert.pem")
local DEFAULT_CERT_HOSTNAME = "_"
local UUID = "2ea8adb5-8ebb-4b14-a79b-0cdcd892e884"
local DEFAULT_UUID = "00000000-0000-0000-0000-000000000000"
local function assert_certificate_is_set(cert)
spy.on(ngx, "log")
@ -45,50 +47,57 @@ describe("Certificate", function()
ngx.exit = function(status) end
ngx.shared.certificate_data:set(DEFAULT_CERT_HOSTNAME, DEFAULT_CERT)
ngx.shared.certificate_servers:set(DEFAULT_CERT_HOSTNAME, DEFAULT_UUID)
ngx.shared.certificate_data:set(DEFAULT_UUID, DEFAULT_CERT)
end)
after_each(function()
ngx = unmocked_ngx
ngx.shared.certificate_data:flush_all()
ngx.shared.certificate_servers:flush_all()
end)
it("sets certificate and key when hostname is found in dictionary", function()
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
ngx.shared.certificate_servers:set("hostname", UUID)
ngx.shared.certificate_data:set(UUID, EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("sets certificate and key for wildcard cert", function()
ssl.server_name = function() return "sub.hostname", nil end
ngx.shared.certificate_data:set("*.hostname", EXAMPLE_CERT)
ngx.shared.certificate_servers:set("*.hostname", UUID)
ngx.shared.certificate_data:set(UUID, EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("sets certificate and key for domain with trailing dot", function()
ssl.server_name = function() return "hostname.", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
ngx.shared.certificate_servers:set("hostname", UUID)
ngx.shared.certificate_data:set(UUID, EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("fallbacks to default certificate and key for domain with many trailing dots", function()
ssl.server_name = function() return "hostname..", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
ngx.shared.certificate_servers:set("hostname", UUID)
ngx.shared.certificate_data:set(UUID, EXAMPLE_CERT)
assert_certificate_is_set(DEFAULT_CERT)
end)
it("sets certificate and key for nested wildcard cert", function()
ssl.server_name = function() return "sub.nested.hostname", nil end
ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT)
ngx.shared.certificate_servers:set("*.nested.hostname", UUID)
ngx.shared.certificate_data:set(UUID, EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("logs error message when certificate in dictionary is invalid", function()
ngx.shared.certificate_data:set("hostname", "something invalid")
ngx.shared.certificate_servers:set("hostname", "something invalid")
spy.on(ngx, "log")
@ -108,7 +117,8 @@ describe("Certificate", function()
end)
it("fails when hostname does not have certificate and default cert is invalid", function()
ngx.shared.certificate_data:set(DEFAULT_CERT_HOSTNAME, "invalid")
ngx.shared.certificate_servers:set(DEFAULT_CERT_HOSTNAME, UID)
ngx.shared.certificate_data:set(UID, "invalid")
spy.on(ngx, "log")