DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix golangci-lint errors (#10196)

Browse source 
* Fix golangci-lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix dupl errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix assert in e2e test

Signed-off-by: z1cheng <imchench@gmail.com>

* Not interrupt the waitForPodsReady

Signed-off-by: z1cheng <imchench@gmail.com>

* Replace string with constant

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Revert write file permision

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
This commit is contained in:
Chen Chen 2023-08-31 15:36:48 +08:00 committed by GitHub
parent 46d87d3462
commit b3060bfbd0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
253 changed files with 2434 additions and 2113 deletions
Download patch file Download diff file Expand all files Collapse all files

17
test/e2e/admission/admission.go
View file

@ -34,6 +34,8 @@ import (
networking "k8s.io/api/networking/v1"
)
const admissionTestHost = "admission-test"
var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", func() {
f := framework.NewDefaultFramework("admission")
@ -43,7 +45,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("reject ingress with global-rate-limit annotations when memcached is not configured", func() {
host := "admission-test"
host := admissionTestHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/global-rate-limit": "100",
@ -70,7 +72,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("should not allow overlaps of host and paths without canary annotations", func() {
host := "admission-test"
host := admissionTestHost
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, nil)
_, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
@ -87,7 +89,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("should allow overlaps of host and paths with canary annotation", func() {
host := "admission-test"
host := admissionTestHost
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, nil)
_, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
@ -125,7 +127,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("should return an error if there is an error validating the ingress definition", func() {
host := "admission-test"
host := admissionTestHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/configuration-snippet": "something invalid",
@ -136,7 +138,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("should return an error if there is an invalid value in some annotation", func() {
host := "admission-test"
host := admissionTestHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/connection-proxy-header": "a;}",
@ -150,7 +152,7 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
})
ginkgo.It("should return an error if there is a forbidden value in some annotation", func() {
host := "admission-test"
host := admissionTestHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/connection-proxy-header": "set_by_lua",
@ -195,7 +197,6 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
validPath := framework.NewSingleIngress("second-ingress", "/bloblo", host, f.Namespace, framework.EchoService, 80, nil)
_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), validPath, metav1.CreateOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with valid path should not return an error")
})
ginkgo.It("should not return an error if the Ingress V1 definition is valid with Ingress Class", func() {
@ -346,7 +347,7 @@ func createIngress(namespace, ingressDefinition string) (string, error) {
execOut bytes.Buffer
execErr bytes.Buffer
)
//nolint:gosec // Ignore G204 error
cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("%v --warnings-as-errors=false apply --namespace %s -f -", framework.KubectlPath, namespace))
cmd.Stdin = strings.NewReader(ingressDefinition)
cmd.Stdout = &execOut

86
test/e2e/annotations/affinity.go
View file

@ -32,6 +32,14 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
affinityAnnotation = "cookie"
cookieName = "SERVERID"
enableAnnotation = "true"
disableAnnotation = "false"
defaultHost = "foo.com"
)
var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
f := framework.NewDefaultFramework("affinity")
@ -42,8 +50,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should set sticky cookie SERVERID", func() {
host := "sticky.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -64,8 +72,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should change cookie name on ingress definition change", func() {
host := "change.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -80,7 +88,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Header("Set-Cookie").Contains("SERVERID")
Header("Set-Cookie").Contains(cookieName)
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "OTHERCOOKIENAME"
@ -99,8 +107,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should set the path to /something on the generated cookie", func() {
host := "path.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
ing := framework.NewSingleIngress(host, "/something", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -122,8 +130,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
pathtype := networking.PathTypePrefix
host := "morethanonerule.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
f.EnsureIngress(&networking.Ingress{
ObjectMeta: metav1.ObjectMeta{
@ -194,7 +202,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should set cookie with expires", func() {
host := "cookieexpires.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "ExpiresCookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "259200"
@ -211,7 +219,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
assert.Nil(ginkgo.GinkgoT(), err, "loading GMT location")
assert.NotNil(ginkgo.GinkgoT(), local, "expected a location but none returned")
duration, _ := time.ParseDuration("48h")
duration, err := time.ParseDuration("48h")
assert.Nil(ginkgo.GinkgoT(), err, "parsing duration")
expected := time.Now().In(local).Add(duration).Format("Mon, 02-Jan-06 15:04")
f.HTTPTestClient().
@ -225,7 +234,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should set cookie with domain", func() {
host := "cookiedomain.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "DomainCookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-domain"] = "foo.bar"
@ -248,7 +257,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should not set cookie without domain annotation", func() {
host := "cookienodomain.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "NoDomainCookie"
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
@ -270,9 +279,9 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should work with use-regex annotation and session-cookie-path", func() {
host := "useregex.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/use-regex"] = "true"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/use-regex"] = enableAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-path"] = "/foo/bar"
ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations)
@ -294,9 +303,9 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should warn user when use-regex is true and session-cookie-path is not set", func() {
host := "useregexwarn.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/use-regex"] = "true"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/use-regex"] = enableAnnotation
ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -321,7 +330,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
host := "separate.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
ing1 := framework.NewSingleIngress("ingress1", "/foo/bar", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing1)
@ -351,8 +360,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
ginkgo.It("should set sticky cookie without host", func() {
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
ing := framework.NewSingleIngress("default-no-host", "/", "", f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -370,12 +379,12 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
})
ginkgo.It("should work with server-alias annotation", func() {
host := "foo.com"
host := defaultHost
alias1 := "a1.foo.com"
alias2 := "a2.foo.com"
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/server-alias"] = fmt.Sprintf("%s,%s", alias1, alias2)
ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
@ -383,7 +392,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
f.WaitForNginxServer(host,
func(server string) bool {
//server alias sort by sort.Strings(), see: internal/ingress/annotations/alias/main.go:60
// server alias sort by sort.Strings(), see: internal/ingress/annotations/alias/main.go:60
return strings.Contains(server, fmt.Sprintf("server_name %s %s %s ;", host, alias1, alias2))
})
@ -410,11 +419,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
})
ginkgo.It("should set secure in cookie with provided true annotation on http", func() {
host := "foo.com"
host := defaultHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "true"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = enableAnnotation
ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -433,11 +442,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
})
ginkgo.It("should not set secure in cookie with provided false annotation on http", func() {
host := "foo.com"
host := defaultHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "false"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = disableAnnotation
ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -456,11 +465,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
})
ginkgo.It("should set secure in cookie with provided false annotation on https", func() {
host := "foo.com"
host := defaultHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "false"
annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = disableAnnotation
f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations))
@ -470,6 +479,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
strings.Contains(server, "listen 443")
})
//nolint:gosec // Ignore the gosec error in testing
f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).

8
test/e2e/annotations/affinitymode.go
View file

@ -28,6 +28,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const sslRedirectValue = "false"
var _ = framework.DescribeAnnotation("affinitymode", func() {
f := framework.NewDefaultFramework("affinity")
@ -45,7 +47,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800"
annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = sslRedirectValue
annotations["nginx.ingress.kubernetes.io/affinity-mode"] = "balanced"
annotations["nginx.ingress.kubernetes.io/session-cookie-hash"] = "sha1"
@ -78,7 +80,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie"
annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800"
annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = sslRedirectValue
annotations["nginx.ingress.kubernetes.io/affinity-mode"] = "persistent"
annotations["nginx.ingress.kubernetes.io/session-cookie-hash"] = "sha1"
@ -106,7 +108,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
// Send new requests and add new backends. Check which backend responded to the sent request
cookies := getCookiesFromHeader(response.Header("Set-Cookie").Raw())
for sendRequestNumber := 0; sendRequestNumber < 10; sendRequestNumber++ {
replicas = replicas + 1
replicas++
err := framework.UpdateDeployment(f.KubeClientSet, f.Namespace, deploymentName, replicas, nil)
assert.Nil(ginkgo.GinkgoT(), err)
framework.Sleep()

12
test/e2e/annotations/alias.go
View file

@ -26,6 +26,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const fooHost = "foo"
var _ = framework.DescribeAnnotation("server-alias", func() {
f := framework.NewDefaultFramework("alias")
@ -34,7 +36,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
})
ginkgo.It("should return status code 200 for host 'foo' and 404 for 'bar'", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -60,7 +62,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
})
ginkgo.It("should return status code 200 for host 'foo' and 'bar'", func() {
host := "foo"
host := fooHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/server-alias": "bar",
}
@ -73,7 +75,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
})
hosts := []string{"foo", "bar"}
hosts := []string{fooHost, "bar"}
for _, host := range hosts {
f.HTTPTestClient().
GET("/").
@ -85,7 +87,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
})
ginkgo.It("should return status code 200 for hosts defined in two ingresses, different path with one alias", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleIngress("app-a", "/app-a", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -101,7 +103,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
return strings.Contains(server, fmt.Sprintf("server_name %v bar", host))
})
hosts := []string{"foo", "bar"}
hosts := []string{fooHost, "bar"}
for _, host := range hosts {
f.HTTPTestClient().
GET("/app-a").

84
test/e2e/annotations/auth.go
View file

@ -36,6 +36,12 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
differentHost = "different"
authHost = "auth"
authURL = "http://foo.bar.baz:5000/path"
)
var _ = framework.DescribeAnnotation("auth-*", func() {
f := framework.NewDefaultFramework("auth", framework.WithHTTPBunEnabled())
@ -44,7 +50,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 200 when no authentication is configured", func() {
host := "auth"
host := authHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -63,7 +69,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 503 when authentication is configured with an invalid secret", func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": "something",
@ -87,9 +93,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 when authentication is configured but Authorization header is not configured", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -114,9 +120,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -142,9 +148,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -170,9 +176,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -191,15 +197,15 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusOK)
})
ginkgo.It("should return status code 200 when authentication is configured with a map and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildMapSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildMapSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -219,13 +225,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusOK)
})
ginkgo.It("should return status code 401 when authentication is configured with invalid content and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(
&corev1.Secret{
@ -258,13 +264,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusUnauthorized)
})
ginkgo.It(`should set snippet "proxy_set_header My-Custom-Header 42;" when external auth is configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
@ -282,7 +288,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should not set snippet "proxy_set_header My-Custom-Header 42;" when external auth is not configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-snippet": `
@ -299,7 +305,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should set "proxy_set_header 'My-Custom-Header' '42';" when auth-headers are set`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
@ -320,11 +326,11 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should set cache_key when external auth cache is configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
"nginx.ingress.kubernetes.io/auth-cache-key": "foo",
"nginx.ingress.kubernetes.io/auth-cache-key": fooHost,
"nginx.ingress.kubernetes.io/auth-cache-duration": "200 202 401 30m",
}
@ -337,7 +343,6 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
func(server string) bool {
return cacheRegex.MatchString(server) &&
strings.Contains(server, `proxy_cache_valid 200 202 401 30m;`)
})
})
@ -405,7 +410,6 @@ http {
f.WaitForNginxServer(host, func(server string) bool {
return strings.Contains(server, "server_name "+host)
})
})
ginkgo.It("user retains cookie by default", func() {
@ -431,7 +435,7 @@ http {
})
ginkgo.It("user with annotated ingress retains cookie if upstream returns error status code", func() {
annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = "true"
annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = enableAnnotation
f.UpdateIngress(ing1)
f.UpdateIngress(ing2)
@ -451,7 +455,7 @@ http {
})
ginkgo.Context("when external authentication is configured", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -495,7 +499,7 @@ http {
annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
f.UpdateIngress(ing)
anotherHost := "different"
anotherHost := differentHost
anotherAnnotations := map[string]string{}
anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@ -544,12 +548,12 @@ http {
// Sleep a while just to guarantee that the configmap is applied
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
f.UpdateIngress(ing)
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
@ -582,19 +586,19 @@ http {
// Sleep a while just to guarantee that the configmap is applied
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "-1"
f.UpdateIngress(ing)
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
ginkgo.It(`should not create additional upstream block when auth-keepalive is set with HTTP/2`, func() {
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-requests"] = "456"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-timeout"] = "789"
@ -602,7 +606,7 @@ http {
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
@ -657,7 +661,7 @@ http {
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "10"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = "true"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = enableAnnotation
f.UpdateIngress(ing)
f.WaitForNginxServer("",
@ -670,7 +674,7 @@ http {
})
ginkgo.Context("when external authentication is configured with a custom redirect param", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -715,7 +719,7 @@ http {
annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
f.UpdateIngress(ing)
anotherHost := "different"
anotherHost := differentHost
anotherAnnotations := map[string]string{}
anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@ -735,8 +739,8 @@ http {
})
ginkgo.Context("when external authentication with caching is configured", func() {
thisHost := "auth"
thatHost := "different"
thisHost := authHost
thatHost := differentHost
fooPath := "/foo"
barPath := "/bar"
@ -858,7 +862,7 @@ http {
})
ginkgo.Context("with invalid auth-url should deny whole location", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -898,7 +902,6 @@ http {
// Auth error
func buildSecret(username, password, name, namespace string) *corev1.Secret {
//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
encpass := fmt.Sprintf("%v:%s\n", username, out)
assert.Nil(ginkgo.GinkgoT(), err)
@ -917,7 +920,6 @@ func buildSecret(username, password, name, namespace string) *corev1.Secret {
}
func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
assert.Nil(ginkgo.GinkgoT(), err)
@ -928,7 +930,7 @@ func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
DeletionGracePeriodSeconds: framework.NewInt64(1),
},
Data: map[string][]byte{
username: []byte(out),
username: out,
},
Type: corev1.SecretTypeOpaque,
}

22
test/e2e/annotations/authtls.go
View file

@ -26,6 +26,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const authTLSFooHost = "authtls.foo.com"
var _ = framework.DescribeAnnotation("auth-tls-*", func() {
f := framework.NewDefaultFramework("authtls")
@ -34,7 +36,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -82,7 +84,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
_, err := framework.CreateIngressMASecret(
@ -112,7 +114,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should 302 redirect to error page instead of 400 when auth-tls-error-page is set", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
errorPath := "/error"
@ -159,7 +161,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should pass URL-encoded certificate to upstream", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -204,7 +206,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should validate auth-tls-verify-client", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -260,11 +262,10 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
ginkgo.It("should return 403 using auth-tls-match-cn with no matching CN from client", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -293,7 +294,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should return 200 using auth-tls-match-cn with matching CN from client", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -322,7 +323,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
ginkgo.It("should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client", func() {
host := "authtls.foo.com"
host := authTLSFooHost
nameSpace := f.Namespace
clientConfig, err := framework.CreateIngressMASecret(
@ -351,7 +352,8 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
})
})
func assertSslClientCertificateConfig(f *framework.Framework, host string, verifyClient string, verifyDepth string) {
//nolint:unparam // Ignore the invariant param: host
func assertSslClientCertificateConfig(f *framework.Framework, host, verifyClient, verifyDepth string) {
sslClientCertDirective := fmt.Sprintf("ssl_client_certificate /etc/ingress-controller/ssl/%s-%s.pem;", f.Namespace, host)
sslVerify := fmt.Sprintf("ssl_verify_client %s;", verifyClient)
sslVerifyDepth := fmt.Sprintf("ssl_verify_depth %s;", verifyDepth)

12
test/e2e/annotations/backendprotocol.go
View file

@ -24,6 +24,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const backendProtocolHost = "backendprotocol.foo.com"
var _ = framework.DescribeAnnotation("backend-protocol", func() {
f := framework.NewDefaultFramework("backendprotocol")
@ -32,7 +34,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
})
ginkgo.It("should set backend protocol to https:// and use proxy_pass", func() {
host := "backendprotocol.foo.com"
host := backendProtocolHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
}
@ -47,7 +49,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
})
ginkgo.It("should set backend protocol to $scheme:// and use proxy_pass", func() {
host := "backendprotocol.foo.com"
host := backendProtocolHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/backend-protocol": "AUTO_HTTP",
}
@ -62,7 +64,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
})
ginkgo.It("should set backend protocol to grpc:// and use grpc_pass", func() {
host := "backendprotocol.foo.com"
host := backendProtocolHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
}
@ -77,7 +79,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
})
ginkgo.It("should set backend protocol to grpcs:// and use grpc_pass", func() {
host := "backendprotocol.foo.com"
host := backendProtocolHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/backend-protocol": "GRPCS",
}
@ -92,7 +94,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
})
ginkgo.It("should set backend protocol to '' and use fastcgi_pass", func() {
host := "backendprotocol.foo.com"
host := backendProtocolHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/backend-protocol": "FCGI",
}

53
test/e2e/annotations/canary.go
View file

@ -43,7 +43,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canary is created", func() {
ginkgo.It("should response with a 200 status from the mainline upstream when requests are made to the mainline ingress", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -87,7 +87,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should return 404 status for requests to the canary if no matching ingress is found", func() {
host := "foo"
host := fooHost
canaryAnnotations := map[string]string{
"nginx.ingress.kubernetes.io/canary": "true",
@ -118,7 +118,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
TODO: This test needs improvements made to the e2e framework so that deployment updates work in order to successfully run
It("should return the correct status codes when endpoints are unavailable", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
ing := framework.NewSingleIngress(host, "/info", host, f.Namespace, framework.HTTPBunService, 80, annotations)
@ -172,7 +172,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
*/
ginkgo.It("should route requests to the correct upstream if mainline ingress is created before the canary ingress", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -230,7 +230,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests to the correct upstream if mainline ingress is created after the canary ingress", func() {
host := "foo"
host := fooHost
canaryAnnotations := map[string]string{
"nginx.ingress.kubernetes.io/canary": "true",
@ -287,7 +287,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests to the correct upstream if the mainline ingress is modified", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -321,7 +321,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
canaryAnnotations))
modAnnotations := map[string]string{
"foo": "bar",
fooHost: "bar",
}
f.UpdateIngress(framework.NewSingleIngress(
@ -361,7 +361,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests to the correct upstream if the canary ingress is modified", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -443,7 +443,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by header with no value", func() {
ginkgo.It("should route requests to the correct upstream", func() {
host := "foo"
host := fooHost
f.EnsureIngress(framework.NewSingleIngress(
host,
@ -511,7 +511,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by header with value", func() {
ginkgo.It("should route requests to the correct upstream", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -592,7 +592,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by header with value and pattern", func() {
ginkgo.It("should route requests to the correct upstream", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -645,7 +645,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
Body().Contains(framework.HTTPBunService).NotContains(canaryService)
})
ginkgo.It("should route requests to the correct upstream", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -690,7 +690,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
Body().Contains(framework.HTTPBunService).NotContains(canaryService)
})
ginkgo.It("should routes to mainline upstream when the given Regex causes error", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -739,7 +739,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by header with value and cookie", func() {
ginkgo.It("should route requests to the correct upstream", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -788,7 +788,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by cookie", func() {
ginkgo.It("respects always and never values", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -860,7 +860,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("when canaried by weight", func() {
ginkgo.It("should route requests only to mainline if canary weight is 0", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -908,7 +908,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests only to canary if canary weight is 100", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -950,7 +950,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests only to canary if canary weight is equal to canary weight total", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -993,7 +993,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests split between mainline and canary if canary weight is 50", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -1029,7 +1029,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should route requests split between mainline and canary if canary weight is 100 and weight total is 200", func() {
host := "foo"
host := fooHost
annotations := map[string]string{}
f.EnsureIngress(framework.NewSingleIngress(
@ -1068,7 +1068,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
ginkgo.Context("Single canary Ingress", func() {
ginkgo.It("should not use canary as a catch-all server", func() {
host := "foo"
host := fooHost
canaryIngName := fmt.Sprintf("%v-canary", host)
annotations := map[string]string{
"nginx.ingress.kubernetes.io/canary": "true",
@ -1102,7 +1102,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("should not use canary with domain as a server", func() {
host := "foo"
host := fooHost
canaryIngName := fmt.Sprintf("%v-canary", host)
annotations := map[string]string{
"nginx.ingress.kubernetes.io/canary": "true",
@ -1136,7 +1136,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.It("does not crash when canary ingress has multiple paths to the same non-matching backend", func() {
host := "foo"
host := fooHost
canaryIngName := fmt.Sprintf("%v-canary", host)
annotations := map[string]string{
"nginx.ingress.kubernetes.io/canary": "true",
@ -1168,7 +1168,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
})
ginkgo.Context("canary affinity behavior", func() {
host := "foo"
host := fooHost
affinityCookieName := "aff"
canaryIngName := fmt.Sprintf("%v-canary", host)
@ -1370,7 +1370,6 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
TestMainlineCanaryDistribution(f, host)
})
})
})
// This method assumes canary weight being configured at 50%.
@ -1407,12 +1406,12 @@ func TestMainlineCanaryDistribution(f *framework.Framework, host string) {
assert.GreaterOrEqual(
ginkgo.GinkgoT(),
int(replicaRequestCount[keys[0].String()]),
replicaRequestCount[keys[0].String()],
requestsNumberToTest,
)
assert.GreaterOrEqual(
ginkgo.GinkgoT(),
int(replicaRequestCount[keys[1].String()]),
replicaRequestCount[keys[1].String()],
requestsNumberToTest,
)
}

14
test/e2e/annotations/clientbodybuffersize.go
View file

@ -25,6 +25,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const clientBodyBufferSizeHost = "client-body-buffer-size.com"
var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
f := framework.NewDefaultFramework("clientbodybuffersize")
@ -33,7 +35,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should set client_body_buffer_size to 1000", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1000"
annotations := make(map[string]string)
@ -55,7 +57,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should set client_body_buffer_size to 1K", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1K"
annotations := make(map[string]string)
@ -77,7 +79,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should set client_body_buffer_size to 1k", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1k"
annotations := make(map[string]string)
@ -99,7 +101,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should set client_body_buffer_size to 1m", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1m"
annotations := make(map[string]string)
@ -121,7 +123,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should set client_body_buffer_size to 1M", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1M"
annotations := make(map[string]string)
@ -143,7 +145,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
})
ginkgo.It("should not set client_body_buffer_size to invalid 1b", func() {
host := "client-body-buffer-size.com"
host := clientBodyBufferSizeHost
clientBodyBufferSize := "1b"
annotations := make(map[string]string)

57
test/e2e/annotations/cors.go
View file

@ -25,6 +25,11 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
originHost = "http://origin.com:8080"
corsHost = "cors.foo.com"
)
var _ = framework.DescribeAnnotation("cors-*", func() {
f := framework.NewDefaultFramework("cors")
@ -33,7 +38,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should enable cors", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
}
@ -60,7 +65,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should set cors methods to only allow POST, GET", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-methods": "POST, GET",
@ -76,7 +81,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should set cors max-age", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-max-age": "200",
@ -92,7 +97,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should disable cors allow credentials", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-credentials": "false",
@ -108,7 +113,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow origin for cors", func() {
host := "cors.foo.com"
host := corsHost
origin := "https://origin.cors.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -135,7 +140,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow headers for cors", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-headers": "DNT, User-Agent",
@ -151,7 +156,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should expose headers for cors", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-expose-headers": "X-CustomResponseHeader, X-CustomSecondHeader",
@ -167,7 +172,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow - single origin for multiple cors values", func() {
host := "cors.foo.com"
host := corsHost
origin := "https://origin.cors.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -194,7 +199,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not allow - single origin for multiple cors values", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://no.origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -214,7 +219,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow correct origins - single origin for multiple cors values", func() {
host := "cors.foo.com"
host := corsHost
badOrigin := "origin.cors.com:8080"
origin1 := "https://origin2.cors.com"
origin2 := "https://origin.com"
@ -265,7 +270,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not break functionality", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "*",
@ -289,7 +294,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not break functionality - without `*`", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
}
@ -312,7 +317,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not break functionality with extra domain", func() {
host := "cors.foo.com"
host := corsHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "*, foo.bar.com",
@ -336,7 +341,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not match", func() {
host := "cors.foo.com"
host := corsHost
origin := "https://fooxbar.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -356,8 +361,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow - single origin with required port", func() {
host := "cors.foo.com"
origin := "http://origin.com:8080"
host := corsHost
origin := originHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://origin.com:8080",
@ -384,8 +389,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not allow - single origin with port and origin without port", func() {
host := "cors.foo.com"
origin := "http://origin.com:8080"
host := corsHost
origin := originHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin2.cors.com, http://origin.com",
@ -403,7 +408,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not allow - single origin without port and origin with required port", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -423,7 +428,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow - matching origin with wildcard origin (2 subdomains)", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://foo.origin.cors.com"
origin2 := "http://bar-foo.origin.cors.com"
annotations := map[string]string{
@ -466,7 +471,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not allow - unmatching origin with wildcard origin (2 subdomains)", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://bar.foo.origin.cors.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -486,7 +491,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow - matching origin+port with wildcard origin", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://abc.origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -513,7 +518,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should not allow - portless origin with wildcard origin", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://abc.origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -533,8 +538,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow correct origins - missing subdomain + origin with wildcard origin and correct origin", func() {
host := "cors.foo.com"
badOrigin := "http://origin.com:8080"
host := corsHost
badOrigin := originHost
origin := "http://bar.origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
@ -569,7 +574,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
})
ginkgo.It("should allow - missing origins (should allow all origins)", func() {
host := "cors.foo.com"
host := corsHost
origin := "http://origin.com"
origin2 := "http://book.origin.com"
origin3 := "test.origin.com"

2
test/e2e/annotations/customhttperrors.go
View file

@ -27,7 +27,7 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
func errorBlockName(upstreamName string, errorCode string) string {
func errorBlockName(upstreamName, errorCode string) string {
return fmt.Sprintf("@custom_%s_%s", upstreamName, errorCode)
}

6
test/e2e/annotations/default_backend.go
View file

@ -48,18 +48,18 @@ var _ = framework.DescribeAnnotation("default-backend", func() {
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
})
requestId := "something-unique"
requestID := "something-unique"
f.HTTPTestClient().
GET("/alma/armud").
WithHeader("Host", host).
WithHeader("x-request-id", requestId).
WithHeader("x-request-id", requestID).
Expect().
Status(http.StatusOK).
Body().Contains("x-code=503").
Contains(fmt.Sprintf("x-ingress-name=%s", host)).
Contains("x-service-name=invalid").
Contains(fmt.Sprintf("x-request-id=%s", requestId))
Contains(fmt.Sprintf("x-request-id=%s", requestID))
})
})
})

4
test/e2e/annotations/fromtowwwredirect.go
View file

@ -90,7 +90,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
ginkgo.By("sending request to www should redirect to domain")
f.HTTPTestClientWithTLSConfig(&tls.Config{
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
ServerName: toHost,
}).
GET("/").
@ -102,7 +102,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
ginkgo.By("sending request to domain should not redirect to www")
f.HTTPTestClientWithTLSConfig(&tls.Config{
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
ServerName: fromHost,
}).
GET("/").

2
test/e2e/annotations/globalratelimit.go
View file

@ -47,7 +47,7 @@ var _ = framework.DescribeAnnotation("annotation-global-rate-limit", func() {
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
ing = f.EnsureIngress(ing)
namespace := strings.Replace(string(ing.UID), "-", "", -1)
namespace := strings.ReplaceAll(string(ing.UID), "-", "")
serverConfig := ""
f.WaitForNginxServer(host, func(server string) bool {

34
test/e2e/annotations/grpc.go
View file

@ -17,12 +17,11 @@ limitations under the License.
package annotations
import (
"context"
"crypto/tls"
"fmt"
"strings"
"context"
pb "github.com/moul/pb/grpcbin/go-grpc"
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
@ -36,6 +35,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const echoHost = "echo"
var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
f := framework.NewDefaultFramework("grpc", framework.WithHTTPBunEnabled())
@ -67,7 +68,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
ginkgo.It("should return OK for service with backend protocol GRPC", func() {
f.NewGRPCBinDeployment()
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -102,14 +103,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
})
conn, _ := grpc.Dial(f.GetNginxIP()+":443",
conn, err := grpc.Dial(f.GetNginxIP()+":443",
grpc.WithTransportCredentials(
credentials.NewTLS(&tls.Config{
ServerName: "echo",
InsecureSkipVerify: true,
ServerName: echoHost,
InsecureSkipVerify: true, //nolint:gosec // Ignore certificate validation in testing
}),
),
)
assert.Nil(ginkgo.GinkgoT(), err, "error creating a connection")
defer conn.Close()
client := pb.NewGRPCBinClient(conn)
@ -125,7 +127,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() {
f.NewGRPCBinDeployment()
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -162,14 +164,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
})
conn, _ := grpc.Dial(f.GetNginxIP()+":443",
conn, err := grpc.Dial(f.GetNginxIP()+":443",
grpc.WithTransportCredentials(
credentials.NewTLS(&tls.Config{
ServerName: "echo",
InsecureSkipVerify: true,
ServerName: echoHost,
InsecureSkipVerify: true, //nolint:gosec // Ignore certificate validation in testing
}),
),
)
assert.Nil(ginkgo.GinkgoT(), err)
defer conn.Close()
client := pb.NewGRPCBinClient(conn)
@ -180,13 +183,13 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
assert.Nil(ginkgo.GinkgoT(), err)
metadata := res.GetMetadata()
assert.Equal(ginkgo.GinkgoT(), "foo", metadata["authorization"].Values[0])
assert.Equal(ginkgo.GinkgoT(), fooHost, metadata["authorization"].Values[0])
})
ginkgo.It("should return OK for service with backend protocol GRPCS", func() {
f.NewGRPCBinDeployment()
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -226,14 +229,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
return strings.Contains(server, "grpc_pass grpcs://upstream_balancer;")
})
conn, _ := grpc.Dial(f.GetNginxIP()+":443",
conn, err := grpc.Dial(f.GetNginxIP()+":443",
grpc.WithTransportCredentials(
credentials.NewTLS(&tls.Config{
ServerName: "echo",
InsecureSkipVerify: true,
ServerName: echoHost,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
}),
),
)
assert.Nil(ginkgo.GinkgoT(), err)
defer conn.Close()
client := pb.NewGRPCBinClient(conn)

65
test/e2e/annotations/modsecurity/modsecurity.go
View file

@ -25,6 +25,17 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
modSecurityFooHost = "modsecurity.foo.com"
defaultSnippet = `SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABIJDEFHZ
SecAuditLog /dev/stdout
SecAuditLogType Serial
SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
)
var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
f := framework.NewDefaultFramework("modsecuritylocation")
@ -33,7 +44,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -51,7 +62,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity with transaction ID and OWASP rules", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -72,7 +83,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should disable modsecurity", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -89,7 +100,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity with snippet", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -109,10 +120,11 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
ginkgo.It("should enable modsecurity without using 'modsecurity on;'", func() {
f.SetNginxConfigMapData(map[string]string{
"enable-modsecurity": "true"},
"enable-modsecurity": "true",
},
)
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -131,10 +143,11 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
ginkgo.It("should disable modsecurity using 'modsecurity off;'", func() {
f.SetNginxConfigMapData(map[string]string{
"enable-modsecurity": "true"},
"enable-modsecurity": "true",
},
)
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
annotations := map[string]string{
@ -151,16 +164,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity with snippet and block requests", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABIJDEFHZ
SecAuditLog /dev/stdout
SecAuditLogType Serial
SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
snippet := defaultSnippet
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-modsecurity": "true",
@ -187,16 +194,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity globally and with modsecurity-snippet block requests", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABIJDEFHZ
SecAuditLog /dev/stdout
SecAuditLogType Serial
SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
snippet := defaultSnippet
annotations := map[string]string{
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
@ -223,16 +224,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity when enable-owasp-modsecurity-crs is set to true", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABIJDEFHZ
SecAuditLog /dev/stdout
SecAuditLogType Serial
SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
snippet := defaultSnippet
annotations := map[string]string{
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
@ -262,7 +257,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity through the config map", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRequestBodyAccess On
@ -303,7 +298,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should enable modsecurity through the config map but ignore snippet as disabled by admin", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRequestBodyAccess On
@ -345,7 +340,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
})
ginkgo.It("should disable default modsecurity conf setting when modsecurity-snippet is specified", func() {
host := "modsecurity.foo.com"
host := modSecurityFooHost
nameSpace := f.Namespace
snippet := `SecRuleEngine On

9
test/e2e/annotations/proxy.go
View file

@ -25,6 +25,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const proxyRedirectToHost = "goodbye.com"
var _ = framework.DescribeAnnotation("proxy-*", func() {
f := framework.NewDefaultFramework("proxy")
host := "proxy.foo.com"
@ -38,7 +40,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = "goodbye.com"
annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = proxyRedirectToHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -54,7 +56,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = "goodbye.com"
annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = proxyRedirectToHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -67,7 +69,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
ginkgo.It("should set proxy_redirect to hello.com goodbye.com", func() {
proxyRedirectFrom := "hello.com"
proxyRedirectTo := "goodbye.com"
proxyRedirectTo := proxyRedirectToHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
@ -244,5 +246,4 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
return strings.Contains(server, fmt.Sprintf("proxy_http_version %s;", proxyHTTPVersion))
})
})
})

15
test/e2e/annotations/proxyssl.go
View file

@ -27,6 +27,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const proxySSLHost = "proxyssl.foo.com"
var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
f := framework.NewDefaultFramework("proxyssl")
@ -35,7 +37,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
})
ginkgo.It("should set valid proxy-ssl-secret", func() {
host := "proxyssl.foo.com"
host := proxySSLHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
@ -62,7 +64,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
})
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on", func() {
host := "proxyssl.foo.com"
host := proxySSLHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
@ -90,9 +92,9 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
Expect().
Status(http.StatusOK)
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
host := "proxyssl.foo.com"
host := proxySSLHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
annotations["nginx.ingress.kubernetes.io/proxy-ssl-ciphers"] = "HIGH:!AES"
@ -118,9 +120,9 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
Expect().
Status(http.StatusOK)
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
host := "proxyssl.foo.com"
host := proxySSLHost
annotations := make(map[string]string)
annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
annotations["nginx.ingress.kubernetes.io/proxy-ssl-protocols"] = "TLSv1.2 TLSv1.3"
@ -195,7 +197,6 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
strings.Contains(server, "proxy_ssl_certificate_key"))
})
})
})
func assertProxySSL(f *framework.Framework, host, sslName, ciphers, protocols, verify string, depth int, proxySSLServerName string) {

16
test/e2e/annotations/rewrite.go
View file

@ -27,6 +27,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const rewriteHost = "rewrite.bar.com"
var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-log", func() {
f := framework.NewDefaultFramework("rewrite")
@ -37,7 +39,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
ginkgo.It("should write rewrite logs", func() {
ginkgo.By("setting enable-rewrite-log annotation")
host := "rewrite.bar.com"
host := rewriteHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/rewrite-target": "/",
"nginx.ingress.kubernetes.io/enable-rewrite-log": "true",
@ -64,7 +66,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
})
ginkgo.It("should use correct longest path match", func() {
host := "rewrite.bar.com"
host := rewriteHost
ginkgo.By("creating a regular ingress definition")
ing := framework.NewSingleIngress("kube-lego", "/.well-known/acme/challenge", host, f.Namespace, framework.EchoService, 80, nil)
@ -109,10 +111,10 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
})
ginkgo.It("should use ~* location modifier if regex annotation is present", func() {
host := "rewrite.bar.com"
host := rewriteHost
ginkgo.By("creating a regular ingress definition")
ing := framework.NewSingleIngress("foo", "/foo", host, f.Namespace, framework.EchoService, 80, nil)
ing := framework.NewSingleIngress(fooHost, "/foo", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
@ -156,10 +158,10 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
})
ginkgo.It("should fail to use longest match for documented warning", func() {
host := "rewrite.bar.com"
host := rewriteHost
ginkgo.By("creating a regular ingress definition")
ing := framework.NewSingleIngress("foo", "/foo/bar/bar", host, f.Namespace, framework.EchoService, 80, nil)
ing := framework.NewSingleIngress(fooHost, "/foo/bar/bar", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
ginkgo.By(`creating an ingress definition with the use-regex annotation`)
@ -188,7 +190,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
})
ginkgo.It("should allow for custom rewrite parameters", func() {
host := "rewrite.bar.com"
host := rewriteHost
ginkgo.By(`creating an ingress definition with the use-regex annotation`)
annotations := map[string]string{

1
test/e2e/annotations/serversnippet.go
View file

@ -89,6 +89,5 @@ var _ = framework.DescribeAnnotation("server-snippet", func() {
Status(http.StatusOK).Headers().
NotContainsKey("Foo").
NotContainsKey("Xpto")
})
})

11
test/e2e/annotations/serviceupstream.go
View file

@ -27,6 +27,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const dbgCmd = "/dbg backends all"
var _ = framework.DescribeAnnotation("service-upstream", func() {
f := framework.NewDefaultFramework("serviceupstream")
host := "serviceupstream"
@ -57,10 +59,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
ginkgo.By("checking if the Service Cluster IP and Port are used")
s := f.GetService(f.Namespace, framework.EchoService)
dbgCmd := "/dbg backends all"
output, err := f.ExecIngressPod(dbgCmd)
assert.Nil(ginkgo.GinkgoT(), err)
assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
})
})
@ -86,10 +87,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
ginkgo.By("checking if the Service Cluster IP and Port are used")
s := f.GetService(f.Namespace, framework.EchoService)
dbgCmd := "/dbg backends all"
output, err := f.ExecIngressPod(dbgCmd)
assert.Nil(ginkgo.GinkgoT(), err)
assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
})
})
@ -117,10 +117,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
ginkgo.By("checking if the Service Cluster IP and Port are not used")
s := f.GetService(f.Namespace, framework.EchoService)
dbgCmd := "/dbg backends all"
output, err := f.ExecIngressPod(dbgCmd)
assert.Nil(ginkgo.GinkgoT(), err)
assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
})
})
})

7
test/e2e/annotations/upstreamhashby.go
View file

@ -39,12 +39,13 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
return strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
})
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(framework.Poll, framework.DefaultTimeout, func() (bool, error) {
resp := f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().Raw()
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
return true, nil
@ -55,7 +56,9 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
assert.Nil(ginkgo.GinkgoT(), err)
re, _ := regexp.Compile(fmt.Sprintf(`Hostname: %v.*`, framework.EchoService))
re, err := regexp.Compile(fmt.Sprintf(`Hostname: %v.*`, framework.EchoService))
assert.Nil(ginkgo.GinkgoT(), err, "error compiling regex")
podMap := map[string]bool{}
for i := 0; i < 100; i++ {

4
test/e2e/dbg/main.go
View file

@ -49,7 +49,7 @@ var _ = framework.IngressNginxDescribe("Debug CLI", func() {
assert.Nil(ginkgo.GinkgoT(), err)
// Should be 2: the default and the echo deployment
numUpstreams := len(strings.Split(strings.Trim(string(output), "\n"), "\n"))
numUpstreams := len(strings.Split(strings.Trim(output, "\n"), "\n"))
assert.Equal(ginkgo.GinkgoT(), numUpstreams, 2)
})
@ -67,7 +67,7 @@ var _ = framework.IngressNginxDescribe("Debug CLI", func() {
output, err := f.ExecIngressPod(cmd)
assert.Nil(ginkgo.GinkgoT(), err)
backends := strings.Split(string(output), "\n")
backends := strings.Split(output, "\n")
assert.Greater(ginkgo.GinkgoT(), len(backends), 0)
getCmd := "/dbg backends get " + backends[0]

1
test/e2e/e2e.go
View file

@ -48,7 +48,6 @@ import (
_ "k8s.io/ingress-nginx/test/e2e/settings/modsecurity"
_ "k8s.io/ingress-nginx/test/e2e/settings/ocsp"
_ "k8s.io/ingress-nginx/test/e2e/settings/validations"
_ "k8s.io/ingress-nginx/test/e2e/ssl"
_ "k8s.io/ingress-nginx/test/e2e/status"
_ "k8s.io/ingress-nginx/test/e2e/tcpudp"

1
test/e2e/e2e_test.go
View file

@ -26,6 +26,7 @@ func init() {
testing.Init()
framework.RegisterParseFlags()
}
func TestE2E(t *testing.T) {
RunE2ETests(t)
}

1
test/e2e/endpointslices/longname.go
View file

@ -36,7 +36,6 @@ var _ = framework.IngressNginxDescribe("[Endpointslices] long service name", fun
})
ginkgo.It("should return 200 when service name has max allowed number of characters 63", func() {
annotations := make(map[string]string)
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, name, 80, annotations)
f.EnsureIngress(ing)

3
test/e2e/endpointslices/topology.go
View file

@ -40,7 +40,6 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou
})
ginkgo.It("should return 200 when service has topology hints", func() {
annotations := make(map[string]string)
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
@ -85,7 +84,7 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou
}
if gotHints {
//we have 2 replics, if there is just one backend it means that we are routing according slices hints to same zone as controller is
// we have 2 replics, if there is just one backend it means that we are routing according slices hints to same zone as controller is
assert.Equal(ginkgo.GinkgoT(), 1, gotBackends)
} else {
// two replicas should have two endpoints without topology hints

15
test/e2e/framework/deployment.go
View file

@ -50,7 +50,7 @@ var HTTPBunImage = os.Getenv("HTTPBUN_IMAGE")
const EchoImage = "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a"
// TODO: change all Deployment functions to use these options
// in order to reduce complexity and have a unified API accross the
// in order to reduce complexity and have a unified API across the
// framework
type deploymentOptions struct {
name string
@ -317,7 +317,7 @@ func (f *Framework) GetNginxBaseImage() string {
// NGINXDeployment creates a new simple NGINX Deployment using NGINX base image
// and passing the desired configuration
func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) {
func (f *Framework) NGINXDeployment(name, cfg string, waitendpoint bool) {
cfgMap := map[string]string{
"nginx.conf": cfg,
}
@ -389,7 +389,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool)
}
// NGINXWithConfigDeployment creates an NGINX deployment using a configmap containing the nginx.conf configuration
func (f *Framework) NGINXWithConfigDeployment(name string, cfg string) {
func (f *Framework) NGINXWithConfigDeployment(name, cfg string) {
f.NGINXDeployment(name, cfg, true)
}
@ -487,7 +487,8 @@ func (f *Framework) NewGRPCBinDeployment() {
}
func newDeployment(name, namespace, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar,
volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) *appsv1.Deployment {
volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool,
) *appsv1.Deployment {
probe := &corev1.Probe{
InitialDelaySeconds: 2,
PeriodSeconds: 1,
@ -559,12 +560,12 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co
return d
}
func (f *Framework) NewDeployment(name, image string, port int32, replicas int32) {
func (f *Framework) NewDeployment(name, image string, port, replicas int32) {
f.NewDeploymentWithOpts(name, image, port, replicas, nil, nil, nil, nil, nil, true)
}
// NewDeployment creates a new deployment in a particular namespace.
func (f *Framework) NewDeploymentWithOpts(name, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar, volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) {
func (f *Framework) NewDeploymentWithOpts(name, image string, port, replicas int32, command, args []string, env []corev1.EnvVar, volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) {
deployment := newDeployment(name, f.Namespace, image, port, replicas, command, args, env, volumeMounts, volumes, setProbe)
f.EnsureDeployment(deployment)
@ -606,7 +607,7 @@ func (f *Framework) DeleteDeployment(name string) error {
})
assert.Nil(ginkgo.GinkgoT(), err, "deleting deployment")
return waitForPodsDeleted(f.KubeClientSet, 2*time.Minute, f.Namespace, metav1.ListOptions{
return waitForPodsDeleted(f.KubeClientSet, 2*time.Minute, f.Namespace, &metav1.ListOptions{
LabelSelector: labelSelectorToString(d.Spec.Selector.MatchLabels),
})
}

12
test/e2e/framework/exec.go
View file

@ -66,6 +66,7 @@ func (f *Framework) ExecCommand(pod *corev1.Pod, command string) (string, error)
execErr bytes.Buffer
)
//nolint:gosec // Ignore G204 error
cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("%v exec --namespace %s %s --container controller -- %s", KubectlPath, pod.Namespace, pod.Name, command))
cmd.Stdout = &execOut
cmd.Stderr = &execErr
@ -73,7 +74,6 @@ func (f *Framework) ExecCommand(pod *corev1.Pod, command string) (string, error)
err := cmd.Run()
if err != nil {
return "", fmt.Errorf("could not execute '%s %s': %v", cmd.Path, cmd.Args, err)
}
if execErr.Len() > 0 {
@ -91,6 +91,7 @@ func (f *Framework) NamespaceContent() (string, error) {
execErr bytes.Buffer
)
//nolint:gosec // Ignore G204 error
cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("%v get pods,services,endpoints,deployments --namespace %s", KubectlPath, f.Namespace))
cmd.Stdout = &execOut
cmd.Stderr = &execErr
@ -98,7 +99,6 @@ func (f *Framework) NamespaceContent() (string, error) {
err := cmd.Run()
if err != nil {
return "", fmt.Errorf("could not execute '%s %s': %v", cmd.Path, cmd.Args, err)
}
eout := strings.TrimSpace(execErr.String())
@ -110,7 +110,7 @@ func (f *Framework) NamespaceContent() (string, error) {
}
// newIngressController deploys a new NGINX Ingress controller in a namespace
func (f *Framework) newIngressController(namespace string, namespaceOverlay string) error {
func (f *Framework) newIngressController(namespace, namespaceOverlay string) error {
// Creates an nginx deployment
isChroot, ok := os.LookupEnv("IS_CHROOT")
if !ok {
@ -130,12 +130,11 @@ func (f *Framework) newIngressController(namespace string, namespaceOverlay stri
return nil
}
var (
proxyRegexp = regexp.MustCompile("Starting to serve on .*:([0-9]+)")
)
var proxyRegexp = regexp.MustCompile(`Starting to serve on .*:(\d+)`)
// KubectlProxy creates a proxy to kubernetes apiserver
func (f *Framework) KubectlProxy(port int) (int, *exec.Cmd, error) {
//nolint:gosec // Ignore G204 error
cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("%s proxy --accept-hosts=.* --address=0.0.0.0 --port=%d", KubectlPath, port))
stdout, stderr, err := startCmdAndStreamOutput(cmd)
if err != nil {
@ -163,6 +162,7 @@ func (f *Framework) KubectlProxy(port int) (int, *exec.Cmd, error) {
}
func (f *Framework) UninstallChart() error {
//nolint:gosec //Ignore G204 error
cmd := exec.Command("helm", "uninstall", "--namespace", f.Namespace, "nginx-ingress")
_, err := cmd.CombinedOutput()
if err != nil {

3
test/e2e/framework/fastcgi_helloserver.go
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
//nolint:dupl // Ignore dupl errors for similar test case
package framework
import (
@ -75,7 +76,7 @@ func (f *Framework) NewNewFastCGIHelloServerDeploymentWithReplicas(replicas int3
d := f.EnsureDeployment(deployment)
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, int(replicas), f.Namespace, metav1.ListOptions{
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, int(replicas), f.Namespace, &metav1.ListOptions{
LabelSelector: fields.SelectorFromSet(fields.Set(d.Spec.Template.ObjectMeta.Labels)).String(),
})
assert.Nil(ginkgo.GinkgoT(), err, "failed to wait for to become ready")

41
test/e2e/framework/framework.go
View file

@ -49,10 +49,8 @@ const (
HTTPS RequestScheme = "https"
)
var (
// KubectlPath defines the full path of the kubectl binary
KubectlPath = "/usr/local/bin/kubectl"
)
// KubectlPath defines the full path of the kubectl binary
var KubectlPath = "/usr/local/bin/kubectl"
// Framework supports common operations used by e2e tests; it will keep a client & a namespace for you.
type Framework struct {
@ -131,7 +129,6 @@ func (f *Framework) CreateEnvironment() {
f.KubeClientSet, err = kubernetes.NewForConfig(f.KubeConfig)
assert.Nil(ginkgo.GinkgoT(), err, "creating a kubernetes client")
}
f.Namespace, err = CreateKubeNamespace(f.BaseName, f.KubeClientSet)
@ -250,9 +247,9 @@ func (f *Framework) GetNginxPodIP() string {
}
// GetURL returns the URL should be used to make a request to NGINX
func (f *Framework) GetURL(scheme RequestScheme) string {
func (f *Framework) GetURL(requestScheme RequestScheme) string {
ip := f.GetNginxIP()
return fmt.Sprintf("%v://%v", scheme, ip)
return fmt.Sprintf("%v://%v", requestScheme, ip)
}
// GetIngressNGINXPod returns the ingress controller running pod
@ -270,6 +267,7 @@ func (f *Framework) updateIngressNGINXPod() error {
// WaitForNginxServer waits until the nginx configuration contains a particular server section.
// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
func (f *Framework) WaitForNginxServer(name string, matcher func(cfg string) bool) {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(Poll, DefaultTimeout, f.matchNginxConditions(name, matcher))
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s")
Sleep(1 * time.Second)
@ -278,13 +276,15 @@ func (f *Framework) WaitForNginxServer(name string, matcher func(cfg string) boo
// WaitForNginxConfiguration waits until the nginx configuration contains a particular configuration
// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(Poll, DefaultTimeout, f.matchNginxConditions("", matcher))
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s")
Sleep(1 * time.Second)
}
// WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
func (f *Framework) WaitForNginxCustomConfiguration(from string, to string, matcher func(cfg string) bool) {
func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(Poll, DefaultTimeout, f.matchNginxCustomConditions(from, to, matcher))
assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s")
}
@ -325,7 +325,7 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
}
}
func (f *Framework) matchNginxCustomConditions(from string, to string, matcher func(cfg string) bool) wait.ConditionFunc {
func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
return func() (bool, error) {
cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)
@ -395,7 +395,7 @@ func (f *Framework) CreateConfigMap(name string, data map[string]string) {
}
// UpdateNginxConfigMapData updates single field in ingress-nginx's nginx-ingress-controller map data
func (f *Framework) UpdateNginxConfigMapData(key string, value string) {
func (f *Framework) UpdateNginxConfigMapData(key, value string) {
config, err := f.getConfigMap("nginx-ingress-controller")
assert.Nil(ginkgo.GinkgoT(), err)
assert.NotNil(ginkgo.GinkgoT(), config, "expected a configmap but none returned")
@ -421,6 +421,7 @@ func (f *Framework) WaitForReload(fn func()) {
fn()
count := 0
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(1*time.Second, DefaultTimeout, func() (bool, error) {
reloads := getReloadCount(f.pod, f.Namespace, f.KubeClientSet)
// most of the cases reload the ingress controller
@ -441,8 +442,8 @@ func getReloadCount(pod *v1.Pod, namespace string, client kubernetes.Interface)
assert.Nil(ginkgo.GinkgoT(), err, "obtaining NGINX Pod")
reloadCount := 0
for _, e := range events.Items {
if e.Reason == "RELOAD" && e.Type == v1.EventTypeNormal {
for i := range events.Items {
if events.Items[i].Reason == "RELOAD" && events.Items[i].Type == v1.EventTypeNormal {
reloadCount++
}
}
@ -457,7 +458,7 @@ func (f *Framework) DeleteNGINXPod(grace int64) {
err := f.KubeClientSet.CoreV1().Pods(ns).Delete(context.TODO(), f.pod.GetName(), *metav1.NewDeleteOptions(grace))
assert.Nil(ginkgo.GinkgoT(), err, "deleting ingress nginx pod")
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err = wait.Poll(Poll, DefaultTimeout, func() (bool, error) {
err := f.updateIngressNGINXPod()
if err != nil || f.pod == nil {
@ -487,7 +488,7 @@ func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.
func (f *Framework) newHTTPTestClient(config *tls.Config, setIngressURL bool) *httpexpect.HTTPRequest {
if config == nil {
config = &tls.Config{
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
}
}
var baseURL string
@ -507,12 +508,13 @@ func (f *Framework) newHTTPTestClient(config *tls.Config, setIngressURL bool) *h
// WaitForNginxListening waits until NGINX starts accepting connections on a port
func (f *Framework) WaitForNginxListening(port int) {
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, 1, f.Namespace, metav1.ListOptions{
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, 1, f.Namespace, &metav1.ListOptions{
LabelSelector: "app.kubernetes.io/name=ingress-nginx",
})
assert.Nil(ginkgo.GinkgoT(), err, "waiting for ingress pods to be ready")
podIP := f.GetNginxIP()
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err = wait.Poll(500*time.Millisecond, DefaultTimeout, func() (bool, error) {
hostPort := net.JoinHostPort(podIP, fmt.Sprintf("%v", port))
conn, err := net.Dial("tcp", hostPort)
@ -529,7 +531,7 @@ func (f *Framework) WaitForNginxListening(port int) {
// WaitForPod waits for a specific Pod to be ready, using a label selector
func (f *Framework) WaitForPod(selector string, timeout time.Duration, shouldFail bool) {
err := waitForPodsReady(f.KubeClientSet, timeout, 1, f.Namespace, metav1.ListOptions{
err := waitForPodsReady(f.KubeClientSet, timeout, 1, f.Namespace, &metav1.ListOptions{
LabelSelector: selector,
})
@ -541,7 +543,7 @@ func (f *Framework) WaitForPod(selector string, timeout time.Duration, shouldFai
}
// UpdateDeployment runs the given updateFunc on the deployment and waits for it to be updated
func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name string, replicas int, updateFunc func(d *appsv1.Deployment) error) error {
func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace, name string, replicas int, updateFunc func(d *appsv1.Deployment) error) error {
deployment, err := kubeClientSet.AppsV1().Deployments(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return err
@ -571,7 +573,7 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
}
}
err = waitForPodsReady(kubeClientSet, DefaultTimeout, replicas, namespace, metav1.ListOptions{
err = waitForPodsReady(kubeClientSet, DefaultTimeout, replicas, namespace, &metav1.ListOptions{
LabelSelector: fields.SelectorFromSet(fields.Set(deployment.Spec.Template.ObjectMeta.Labels)).String(),
})
if err != nil {
@ -582,6 +584,7 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
}
func waitForDeploymentRollout(kubeClientSet kubernetes.Interface, resource *appsv1.Deployment) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, 5*time.Minute, func() (bool, error) {
d, err := kubeClientSet.AppsV1().Deployments(resource.Namespace).Get(context.TODO(), resource.Name, metav1.GetOptions{})
if apierrors.IsNotFound(err) {
@ -605,7 +608,7 @@ func waitForDeploymentRollout(kubeClientSet kubernetes.Interface, resource *apps
}
// UpdateIngress runs the given updateFunc on the ingress
func UpdateIngress(kubeClientSet kubernetes.Interface, namespace string, name string, updateFunc func(d *networking.Ingress) error) error {
func UpdateIngress(kubeClientSet kubernetes.Interface, namespace, name string, updateFunc func(d *networking.Ingress) error) error {
ingress, err := kubeClientSet.NetworkingV1().Ingresses(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return err

3
test/e2e/framework/grpc_fortune_teller.go
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
//nolint:dupl // Ignore dupl errors for similar test case
package framework
import (
@ -75,7 +76,7 @@ func (f *Framework) NewNewGRPCFortuneTellerDeploymentWithReplicas(replicas int32
d := f.EnsureDeployment(deployment)
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, int(replicas), f.Namespace, metav1.ListOptions{
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, int(replicas), f.Namespace, &metav1.ListOptions{
LabelSelector: fields.SelectorFromSet(fields.Set(d.Spec.Template.ObjectMeta.Labels)).String(),
})
assert.Nil(ginkgo.GinkgoT(), err, "failed to wait for to become ready")

2
test/e2e/framework/healthz.go
View file

@ -26,7 +26,7 @@ func (f *Framework) VerifyHealthz(ip string, statusCode int) error {
url := fmt.Sprintf("http://%v:10254/healthz", ip)
client := &http.Client{}
req, err := http.NewRequest(http.MethodGet, url, nil)
req, err := http.NewRequest(http.MethodGet, url, http.NoBody)
if err != nil {
return fmt.Errorf("creating GET request for URL %q failed: %v", url, err)
}

2
test/e2e/framework/httpexpect/match.go
View file

@ -23,7 +23,7 @@ type Match struct {
names map[string]int
}
func makeMatch(chain chain, submatches []string, names []string) *Match {
func makeMatch(chain chain, submatches, names []string) *Match {
if submatches == nil {
submatches = []string{}
}

17
test/e2e/framework/httpexpect/object.go
View file

@ -23,6 +23,8 @@ import (
"github.com/yudai/gojsondiff/formatter"
)
const unavailableMsg = " (unavailable)"
// Object provides methods to inspect attached map[string]interface{} object
// (Go representation of JSON object).
type Object struct {
@ -81,20 +83,21 @@ func diffValues(expected, actual interface{}) string {
var diff gojsondiff.Diff
if ve, ok := expected.(map[string]interface{}); ok {
switch ve := expected.(type) {
case map[string]interface{}:
if va, ok := actual.(map[string]interface{}); ok {
diff = differ.CompareObjects(ve, va)
} else {
return " (unavailable)"
return unavailableMsg
}
} else if ve, ok := expected.([]interface{}); ok {
case []interface{}:
if va, ok := actual.([]interface{}); ok {
diff = differ.CompareArrays(ve, va)
} else {
return " (unavailable)"
return unavailableMsg
}
} else {
return " (unavailable)"
default:
return unavailableMsg
}
config := formatter.AsciiFormatterConfig{
@ -104,7 +107,7 @@ func diffValues(expected, actual interface{}) string {
str, err := f.Format(diff)
if err != nil {
return " (unavailable)"
return unavailableMsg
}
return "--- expected\n+++ actual\n" + str

3
test/e2e/framework/httpexpect/request.go
View file

@ -65,7 +65,7 @@ func (h *HTTPRequest) DoRequest(method, rpath string) *HTTPRequest {
var request *http.Request
uri.Path = path.Join(uri.Path, rpath)
if request, err = http.NewRequest(method, uri.String(), nil); err != nil {
if request, err = http.NewRequest(method, uri.String(), http.NoBody); err != nil {
h.chain.fail(err.Error())
}
@ -110,6 +110,7 @@ func (h *HTTPRequest) Expect() *HTTPResponse {
if err != nil {
h.chain.fail(err.Error())
}
defer response.Body.Close()
h.HTTPResponse.Response = response // set the HTTP response

55
test/e2e/framework/k8s.go
View file

@ -47,7 +47,7 @@ func (f *Framework) EnsureSecret(secret *core.Secret) *core.Secret {
}
// GetConfigMap gets a ConfigMap object from the given namespace, name and returns it, throws error if it does not exist.
func (f *Framework) GetConfigMap(namespace string, name string) *core.ConfigMap {
func (f *Framework) GetConfigMap(namespace, name string) *core.ConfigMap {
cm, err := f.KubeClientSet.CoreV1().ConfigMaps(namespace).Get(context.TODO(), name, metav1.GetOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "getting configmap")
assert.NotNil(ginkgo.GinkgoT(), cm, "expected a configmap but none returned")
@ -73,7 +73,7 @@ func (f *Framework) EnsureConfigMap(configMap *core.ConfigMap) *core.ConfigMap {
}
// GetIngress gets an Ingress object from the given namespace, name and returns it, throws error if it does not exists.
func (f *Framework) GetIngress(namespace string, name string) *networking.Ingress {
func (f *Framework) GetIngress(namespace, name string) *networking.Ingress {
ing, err := f.KubeClientSet.NetworkingV1().Ingresses(namespace).Get(context.TODO(), name, metav1.GetOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "getting ingress")
assert.NotNil(ginkgo.GinkgoT(), ing, "expected an ingress but none returned")
@ -114,7 +114,7 @@ func (f *Framework) UpdateIngress(ingress *networking.Ingress) *networking.Ingre
}
// GetService gets a Service object from the given namespace, name and returns it, throws error if it does not exist.
func (f *Framework) GetService(namespace string, name string) *core.Service {
func (f *Framework) GetService(namespace, name string) *core.Service {
s, err := f.KubeClientSet.CoreV1().Services(namespace).Get(context.TODO(), name, metav1.GetOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "getting service")
assert.NotNil(ginkgo.GinkgoT(), s, "expected a service but none returned")
@ -143,16 +143,21 @@ func (f *Framework) EnsureDeployment(deployment *appsv1.Deployment) *appsv1.Depl
}
// waitForPodsReady waits for a given amount of time until a group of Pods is running in the given namespace.
func waitForPodsReady(kubeClientSet kubernetes.Interface, timeout time.Duration, expectedReplicas int, namespace string, opts metav1.ListOptions) error {
func waitForPodsReady(kubeClientSet kubernetes.Interface, timeout time.Duration, expectedReplicas int, namespace string, opts *metav1.ListOptions) error {
//nolint:staticcheck // TODO: will replace it since wait.PollImmediate is deprecated
return wait.PollImmediate(1*time.Second, timeout, func() (bool, error) {
pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), opts)
pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), *opts)
if err != nil {
return false, nil
}
r := 0
for _, p := range pl.Items {
if isRunning, _ := podRunningReady(&p); isRunning {
for i := range pl.Items {
isRunning, err := podRunningReady(&pl.Items[i])
if err != nil {
Logf("error checking if pod is running : %v", err)
}
if isRunning {
r++
}
}
@ -166,9 +171,10 @@ func waitForPodsReady(kubeClientSet kubernetes.Interface, timeout time.Duration,
}
// waitForPodsDeleted waits for a given amount of time until a group of Pods are deleted in the given namespace.
func waitForPodsDeleted(kubeClientSet kubernetes.Interface, timeout time.Duration, namespace string, opts metav1.ListOptions) error {
func waitForPodsDeleted(kubeClientSet kubernetes.Interface, timeout time.Duration, namespace string, opts *metav1.ListOptions) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, timeout, func() (bool, error) {
pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), opts)
pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), *opts)
if err != nil {
return false, nil
}
@ -186,7 +192,7 @@ func WaitForEndpoints(kubeClientSet kubernetes.Interface, timeout time.Duration,
if expectedEndpoints == 0 {
return nil
}
//nolint:staticcheck // TODO: will replace it since wait.PollImmediate is deprecated
return wait.PollImmediate(Poll, timeout, func() (bool, error) {
endpoint, err := kubeClientSet.CoreV1().Endpoints(ns).Get(context.TODO(), name, metav1.GetOptions{})
if k8sErrors.IsNotFound(err) {
@ -248,6 +254,7 @@ func isPodReady(p *core.Pod) bool {
// getIngressNGINXPod returns the ingress controller running pod
func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Pod, error) {
var pod *core.Pod
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(1*time.Second, DefaultTimeout, func() (bool, error) {
l, err := kubeClientSet.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{
LabelSelector: "app.kubernetes.io/name=ingress-nginx",
@ -256,15 +263,16 @@ func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Po
return false, nil
}
for _, p := range l.Items {
for i := range l.Items {
p := &l.Items[i]
if strings.HasPrefix(p.GetName(), "nginx-ingress-controller") {
isRunning, err := podRunningReady(&p)
isRunning, err := podRunningReady(p)
if err != nil {
continue
}
if isRunning {
pod = &p
pod = p
return true, nil
}
}
@ -273,6 +281,7 @@ func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Po
return false, nil
})
if err != nil {
//nolint:staticcheck // TODO: will replace it since wait.ErrWaitTimeout is deprecated
if err == wait.ErrWaitTimeout {
return nil, fmt.Errorf("timeout waiting at least one ingress-nginx pod running in namespace %v", ns)
}
@ -285,7 +294,7 @@ func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Po
func createDeploymentWithRetries(c kubernetes.Interface, namespace string, obj *appsv1.Deployment) error {
if obj == nil {
return fmt.Errorf("Object provided to create is empty")
return fmt.Errorf("object provided to create is empty")
}
createFunc := func() (bool, error) {
_, err := c.AppsV1().Deployments(namespace).Create(context.TODO(), obj, metav1.CreateOptions{})
@ -298,7 +307,7 @@ func createDeploymentWithRetries(c kubernetes.Interface, namespace string, obj *
if isRetryableAPIError(err) {
return false, nil
}
return false, fmt.Errorf("Failed to create object with non-retriable error: %v", err)
return false, fmt.Errorf("failed to create object with non-retriable error: %v", err)
}
return retryWithExponentialBackOff(createFunc)
@ -306,7 +315,7 @@ func createDeploymentWithRetries(c kubernetes.Interface, namespace string, obj *
func createSecretWithRetries(c kubernetes.Interface, namespace string, obj *core.Secret) error {
if obj == nil {
return fmt.Errorf("Object provided to create is empty")
return fmt.Errorf("object provided to create is empty")
}
createFunc := func() (bool, error) {
_, err := c.CoreV1().Secrets(namespace).Create(context.TODO(), obj, metav1.CreateOptions{})
@ -319,14 +328,14 @@ func createSecretWithRetries(c kubernetes.Interface, namespace string, obj *core
if isRetryableAPIError(err) {
return false, nil
}
return false, fmt.Errorf("Failed to create object with non-retriable error: %v", err)
return false, fmt.Errorf("failed to create object with non-retriable error: %v", err)
}
return retryWithExponentialBackOff(createFunc)
}
func createServiceWithRetries(c kubernetes.Interface, namespace string, obj *core.Service) error {
if obj == nil {
return fmt.Errorf("Object provided to create is empty")
return fmt.Errorf("object provided to create is empty")
}
createFunc := func() (bool, error) {
_, err := c.CoreV1().Services(namespace).Create(context.TODO(), obj, metav1.CreateOptions{})
@ -339,7 +348,7 @@ func createServiceWithRetries(c kubernetes.Interface, namespace string, obj *cor
if isRetryableAPIError(err) {
return false, nil
}
return false, fmt.Errorf("Failed to create object with non-retriable error: %v", err)
return false, fmt.Errorf("failed to create object with non-retriable error: %v", err)
}
return retryWithExponentialBackOff(createFunc)
@ -347,7 +356,7 @@ func createServiceWithRetries(c kubernetes.Interface, namespace string, obj *cor
func createIngressWithRetries(c kubernetes.Interface, namespace string, obj *networking.Ingress) error {
if obj == nil {
return fmt.Errorf("Object provided to create is empty")
return fmt.Errorf("object provided to create is empty")
}
createFunc := func() (bool, error) {
_, err := c.NetworkingV1().Ingresses(namespace).Create(context.TODO(), obj, metav1.CreateOptions{})
@ -360,7 +369,7 @@ func createIngressWithRetries(c kubernetes.Interface, namespace string, obj *net
if isRetryableAPIError(err) {
return false, nil
}
return false, fmt.Errorf("Failed to create object with non-retriable error: %v", err)
return false, fmt.Errorf("failed to create object with non-retriable error: %v", err)
}
return retryWithExponentialBackOff(createFunc)
@ -368,7 +377,7 @@ func createIngressWithRetries(c kubernetes.Interface, namespace string, obj *net
func updateIngressWithRetries(c kubernetes.Interface, namespace string, obj *networking.Ingress) error {
if obj == nil {
return fmt.Errorf("Object provided to create is empty")
return fmt.Errorf("object provided to create is empty")
}
updateFunc := func() (bool, error) {
_, err := c.NetworkingV1().Ingresses(namespace).Update(context.TODO(), obj, metav1.UpdateOptions{})
@ -378,7 +387,7 @@ func updateIngressWithRetries(c kubernetes.Interface, namespace string, obj *net
if isRetryableAPIError(err) {
return false, nil
}
return false, fmt.Errorf("Failed to update object with non-retriable error: %v", err)
return false, fmt.Errorf("failed to update object with non-retriable error: %v", err)
}
return retryWithExponentialBackOff(updateFunc)

3
test/e2e/framework/metrics.go
View file

@ -29,7 +29,7 @@ func (f *Framework) GetMetric(metricName, ip string) (*dto.MetricFamily, error)
url := fmt.Sprintf("http://%v:10254/metrics", ip)
client := &http.Client{}
req, err := http.NewRequest(http.MethodGet, url, nil)
req, err := http.NewRequest(http.MethodGet, url, http.NoBody)
if err != nil {
return nil, fmt.Errorf("creating GET request for URL %q failed: %v", url, err)
}
@ -44,7 +44,6 @@ func (f *Framework) GetMetric(metricName, ip string) (*dto.MetricFamily, error)
var parser expfmt.TextParser
metrics, err := parser.TextToMetricFamilies(resp.Body)
if err != nil {
return nil, fmt.Errorf("reading text format failed: %v", err)
}

10
test/e2e/framework/ssl.go
View file

@ -93,8 +93,8 @@ func CreateIngressTLSSecret(client kubernetes.Interface, hosts []string, secretN
// CreateIngressMASecret creates or updates a Secret containing a Mutual Auth
// certificate-chain for the given Ingress and returns a TLS configuration suitable
// for HTTP clients to use against that particular Ingress.
func CreateIngressMASecret(client kubernetes.Interface, host string, secretName, namespace string) (*tls.Config, error) {
if len(host) == 0 {
func CreateIngressMASecret(client kubernetes.Interface, host, secretName, namespace string) (*tls.Config, error) {
if host == "" {
return nil, fmt.Errorf("requires a non-empty host")
}
@ -138,12 +138,13 @@ func CreateIngressMASecret(client kubernetes.Interface, host string, secretName,
return &tls.Config{
ServerName: host,
Certificates: []tls.Certificate{clientPair},
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
}, nil
}
// WaitForTLS waits until the TLS handshake with a given server completes successfully.
func WaitForTLS(url string, tlsConfig *tls.Config) {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err := wait.Poll(Poll, DefaultTimeout, matchTLSServerName(url, tlsConfig))
assert.Nil(ginkgo.GinkgoT(), err, "waiting for TLS configuration in URL %s", url)
}
@ -160,7 +161,6 @@ func generateRSACert(host string, isCA bool, keyOut, certOut io.Writer) error {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return fmt.Errorf("failed to generate serial number: %s", err)
}
@ -329,7 +329,7 @@ func tlsConfig(serverName string, pemCA []byte) (*tls.Config, error) {
if !rootCAPool.AppendCertsFromPEM(pemCA) {
return nil, fmt.Errorf("error creating CA certificate pool (%s)", serverName)
}
return &tls.Config{
return &tls.Config{ //nolint:gosec // Ignore the gosec error in testing
ServerName: serverName,
RootCAs: rootCAPool,
}, nil

3
test/e2e/framework/test_context.go
View file

@ -23,7 +23,7 @@ import (
// TestContextType describes the client context to use in communications with the Kubernetes API.
type TestContextType struct {
KubeHost string
//KubeConfig string
// KubeConfig string
KubeContext string
}
@ -33,7 +33,6 @@ var TestContext TestContextType
// registerCommonFlags registers flags common to all e2e test suites.
func registerCommonFlags() {
flag.StringVar(&TestContext.KubeHost, "kubernetes-host", "http://127.0.0.1:8080", "The kubernetes host, or apiserver, to connect to")
//flag.StringVar(&TestContext.KubeConfig, "kubernetes-config", os.Getenv(clientcmd.RecommendedConfigPathEnvVar), "Path to config containing embedded authinfo for kubernetes. Default value is from environment variable "+clientcmd.RecommendedConfigPathEnvVar)
flag.StringVar(&TestContext.KubeContext, "kubernetes-context", "", "config context to use for kubernetes. If unset, will use value from 'current-context'")
}

40
test/e2e/framework/util.go
View file

@ -49,24 +49,24 @@ func nowStamp() string {
return time.Now().Format(time.StampMilli)
}
func log(level string, format string, args ...interface{}) {
func logf(level, format string, args ...interface{}) {
fmt.Fprintf(ginkgo.GinkgoWriter, nowStamp()+": "+level+": "+format+"\n", args...)
}
// Logf logs to the INFO logs.
func Logf(format string, args ...interface{}) {
log("INFO", format, args...)
logf("INFO", format, args...)
}
// Failf logs to the INFO logs and fails the test.
func Failf(format string, args ...interface{}) {
msg := fmt.Sprintf(format, args...)
log("INFO", msg)
logf("INFO", msg)
ginkgo.Fail(nowStamp()+": "+msg, 1)
}
// RestclientConfig deserializes the contents of a kubeconfig file into a Config object.
func RestclientConfig(config, context string) (*api.Config, error) {
func RestclientConfig(config, newContext string) (*api.Config, error) {
Logf(">>> config: %s\n", config)
if config == "" {
return nil, fmt.Errorf("config file must be specified to load client config")
@ -75,9 +75,9 @@ func RestclientConfig(config, context string) (*api.Config, error) {
if err != nil {
return nil, fmt.Errorf("error loading config: %v", err.Error())
}
if context != "" {
Logf(">>> context: %s\n", context)
c.CurrentContext = context
if newContext != "" {
Logf(">>> context: %s\n", newContext)
c.CurrentContext = newContext
}
return c, nil
}
@ -98,6 +98,7 @@ func createNamespace(baseName string, labels map[string]string, c kubernetes.Int
var got *corev1.Namespace
var err error
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err = wait.Poll(Poll, DefaultTimeout, func() (bool, error) {
got, err = c.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{})
if err != nil {
@ -114,13 +115,11 @@ func createNamespace(baseName string, labels map[string]string, c kubernetes.Int
// CreateKubeNamespace creates a new namespace in the cluster
func CreateKubeNamespace(baseName string, c kubernetes.Interface) (string, error) {
return createNamespace(baseName, nil, c)
}
// CreateKubeNamespaceWithLabel creates a new namespace with given labels in the cluster
func CreateKubeNamespaceWithLabel(baseName string, labels map[string]string, c kubernetes.Interface) (string, error) {
return createNamespace(baseName, labels, c)
}
@ -150,7 +149,7 @@ func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error
},
}, metav1.CreateOptions{})
if err != nil {
return "", fmt.Errorf("Unexpected error creating IngressClass %s: %v", icname, err)
return "", fmt.Errorf("unexpected error creating IngressClass %s: %v", icname, err)
}
_, err = c.RbacV1().ClusterRoles().Create(context.TODO(), &rbacv1.ClusterRole{
@ -162,7 +161,7 @@ func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error
}},
}, metav1.CreateOptions{})
if err != nil {
return "", fmt.Errorf("Unexpected error creating IngressClass ClusterRole %s: %v", icname, err)
return "", fmt.Errorf("unexpected error creating IngressClass ClusterRole %s: %v", icname, err)
}
_, err = c.RbacV1().ClusterRoleBindings().Create(context.TODO(), &rbacv1.ClusterRoleBinding{
@ -184,7 +183,7 @@ func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error
},
}, metav1.CreateOptions{})
if err != nil {
return "", fmt.Errorf("Unexpected error creating IngressClass ClusterRoleBinding %s: %v", icname, err)
return "", fmt.Errorf("unexpected error creating IngressClass ClusterRoleBinding %s: %v", icname, err)
}
return ic.Name, nil
}
@ -200,16 +199,16 @@ func deleteIngressClass(c kubernetes.Interface, ingressclass string) error {
}
err = c.NetworkingV1().IngressClasses().Delete(context.TODO(), ingressclass, deleteOptions)
if err != nil {
return fmt.Errorf("Unexpected error deleting IngressClass %s: %v", ingressclass, err)
return fmt.Errorf("unexpected error deleting IngressClass %s: %v", ingressclass, err)
}
err = c.RbacV1().ClusterRoleBindings().Delete(context.TODO(), ingressclass, deleteOptions)
if err != nil {
return fmt.Errorf("Unexpected error deleting IngressClass ClusterRoleBinding %s: %v", ingressclass, err)
return fmt.Errorf("unexpected error deleting IngressClass ClusterRoleBinding %s: %v", ingressclass, err)
}
err = c.RbacV1().ClusterRoles().Delete(context.TODO(), ingressclass, deleteOptions)
if err != nil {
return fmt.Errorf("Unexpected error deleting IngressClass ClusterRole %s: %v", ingressclass, err)
return fmt.Errorf("unexpected error deleting IngressClass ClusterRole %s: %v", ingressclass, err)
}
return nil
@ -223,6 +222,7 @@ func GetIngressClassName(namespace string) *string {
// WaitForKubeNamespaceNotExist waits until a namespaces is not present in the cluster
func WaitForKubeNamespaceNotExist(c kubernetes.Interface, namespace string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, namespaceNotExist(c, namespace))
}
@ -241,6 +241,7 @@ func namespaceNotExist(c kubernetes.Interface, namespace string) wait.ConditionF
// WaitForNoPodsInNamespace waits until there are no pods running in a namespace
func WaitForNoPodsInNamespace(c kubernetes.Interface, namespace string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, noPodsInNamespace(c, namespace))
}
@ -267,15 +268,17 @@ func WaitForPodRunningInNamespace(c kubernetes.Interface, pod *corev1.Pod) error
if pod.Status.Phase == corev1.PodRunning {
return nil
}
return waitTimeoutForPodRunningInNamespace(c, pod.Name, pod.Namespace, DefaultTimeout)
return waitTimeoutForPodRunningInNamespace(c, pod.Name, pod.Namespace)
}
func waitTimeoutForPodRunningInNamespace(c kubernetes.Interface, podName, namespace string, timeout time.Duration) error {
func waitTimeoutForPodRunningInNamespace(c kubernetes.Interface, podName, namespace string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, podRunning(c, podName, namespace))
}
// WaitForSecretInNamespace waits a default amount of time for the specified secret is present in a particular namespace
func WaitForSecretInNamespace(c kubernetes.Interface, namespace, name string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, secretInNamespace(c, namespace, name))
}
@ -298,6 +301,7 @@ func secretInNamespace(c kubernetes.Interface, namespace, name string) wait.Cond
// WaitForFileInFS waits a default amount of time for the specified file is present in the filesystem
func WaitForFileInFS(file string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, fileInFS(file))
}
@ -322,6 +326,7 @@ func fileInFS(file string) wait.ConditionFunc {
// WaitForNoIngressInNamespace waits until there is no ingress object in a particular namespace
func WaitForNoIngressInNamespace(c kubernetes.Interface, namespace, name string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, noIngressInNamespace(c, namespace, name))
}
@ -344,6 +349,7 @@ func noIngressInNamespace(c kubernetes.Interface, namespace, name string) wait.C
// WaitForIngressInNamespace waits until a particular ingress object exists namespace
func WaitForIngressInNamespace(c kubernetes.Interface, namespace, name string) error {
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
return wait.Poll(Poll, DefaultTimeout, ingressInNamespace(c, namespace, name))
}

2
test/e2e/gracefulshutdown/grace_period.go
View file

@ -33,7 +33,6 @@ var _ = framework.IngressNginxDescribe("[Shutdown] Grace period shutdown", func(
f := framework.NewDefaultFramework("shutdown-grace-period")
ginkgo.It("/healthz should return status code 500 during shutdown grace period", func() {
f.NewSlowEchoDeployment()
err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
@ -83,6 +82,5 @@ var _ = framework.IngressNginxDescribe("[Shutdown] Grace period shutdown", func(
for _, err := range <-result {
assert.Nil(ginkgo.GinkgoT(), err)
}
})
})

3
test/e2e/ingress/pathtype_exact.go
View file

@ -35,14 +35,13 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] exact", func() {
})
ginkgo.It("should choose exact location for /exact", func() {
host := "exact.path"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: exact";`,
}
var exactPathType = networking.PathTypeExact
exactPathType := networking.PathTypeExact
ing := framework.NewSingleIngress("exact", "/exact", host, f.Namespace, framework.EchoService, 80, annotations)
ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &exactPathType
f.EnsureIngress(ing)

3
test/e2e/ingress/pathtype_mixed.go
View file

@ -34,10 +34,9 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
f.NewEchoDeployment()
})
var exactPathType = networking.PathTypeExact
exactPathType := networking.PathTypeExact
ginkgo.It("should choose the correct location", func() {
host := "mixed.path"
annotations := map[string]string{

4
test/e2e/leaks/lua_ssl.go
View file

@ -87,14 +87,14 @@ func provisionIngress(hostname string, f *framework.Framework) {
func checkIngress(hostname string, f *framework.Framework) {
resp := f.HTTPTestClientWithTLSConfig(&tls.Config{
ServerName: hostname,
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
}).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", hostname).
Expect().
Raw()
defer resp.Body.Close()
assert.Equal(ginkgo.GinkgoT(), resp.StatusCode, http.StatusOK)
// check the returned secret is not the fake one

4
test/e2e/loadbalance/configmap.go
View file

@ -25,6 +25,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const loadBalanceHost = "load-balance.com"
var _ = framework.DescribeSetting("[Load Balancer] load-balance", func() {
f := framework.NewDefaultFramework("lb-configmap")
@ -33,7 +35,7 @@ var _ = framework.DescribeSetting("[Load Balancer] load-balance", func() {
})
ginkgo.It("should apply the configmap load-balance setting", func() {
host := "load-balance.com"
host := loadBalanceHost
f.UpdateNginxConfigMapData("load-balance", "ewma")

9
test/e2e/loadbalance/ewma.go
View file

@ -35,12 +35,13 @@ var _ = framework.DescribeSetting("[Load Balancer] EWMA", func() {
f.NewEchoDeployment(framework.WithDeploymentReplicas(3))
f.SetNginxConfigMapData(map[string]string{
"worker-processes": "2",
"load-balance": "ewma"},
"load-balance": "ewma",
},
)
})
ginkgo.It("does not fail requests", func() {
host := "load-balance.com"
host := loadBalanceHost
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
f.WaitForNginxServer(host,
@ -52,7 +53,9 @@ var _ = framework.DescribeSetting("[Load Balancer] EWMA", func() {
assert.Nil(ginkgo.GinkgoT(), err)
assert.Equal(ginkgo.GinkgoT(), algorithm, "ewma")
re, _ := regexp.Compile(fmt.Sprintf(`%v.*`, framework.EchoService))
re, err := regexp.Compile(fmt.Sprintf(`%v.*`, framework.EchoService))
assert.Nil(ginkgo.GinkgoT(), err, "error compiling regex")
replicaRequestCount := map[string]int{}
for i := 0; i < 30; i++ {

6
test/e2e/loadbalance/round_robin.go
View file

@ -37,7 +37,7 @@ var _ = framework.DescribeSetting("[Load Balancer] round-robin", func() {
})
ginkgo.It("should evenly distribute requests with round-robin (default algorithm)", func() {
host := "load-balance.com"
host := loadBalanceHost
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
f.WaitForNginxServer(host,
@ -45,7 +45,9 @@ var _ = framework.DescribeSetting("[Load Balancer] round-robin", func() {
return strings.Contains(server, "server_name load-balance.com")
})
re, _ := regexp.Compile(fmt.Sprintf(`%v.*`, framework.EchoService))
re, err := regexp.Compile(fmt.Sprintf(`%v.*`, framework.EchoService))
assert.Nil(ginkgo.GinkgoT(), err, "error compiling regex")
replicaRequestCount := map[string]int{}
for i := 0; i < 600; i++ {

2
test/e2e/lua/dynamic_certificates.go
View file

@ -245,7 +245,6 @@ var _ = framework.IngressNginxDescribe("[Lua] dynamic certificates", func() {
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
})
})
@ -254,7 +253,6 @@ func extractReloadCount(mf *dto.MetricFamily) (float64, error) {
vec, err := expfmt.ExtractSamples(&expfmt.DecodeOptions{
Timestamp: model.Now(),
}, mf)
if err != nil {
return 0, err
}

19
test/e2e/lua/dynamic_configuration.go
View file

@ -26,7 +26,6 @@ import (
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
networking "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/test/e2e/framework"
@ -199,20 +198,18 @@ var _ = framework.IngressNginxDescribe("[Lua] dynamic configuration", func() {
})
})
func ensureIngress(f *framework.Framework, host string, deploymentName string) *networking.Ingress {
ing := createIngress(f, host, deploymentName)
func ensureIngress(f *framework.Framework, host, deploymentName string) {
createIngress(f, host, deploymentName)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
return ing
}
func createIngress(f *framework.Framework, host string, deploymentName string) *networking.Ingress {
ing := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, deploymentName, 80,
func createIngress(f *framework.Framework, host, deploymentName string) {
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, deploymentName, 80,
map[string]string{
"nginx.ingress.kubernetes.io/load-balance": "ewma",
},
@ -223,21 +220,19 @@ func createIngress(f *framework.Framework, host string, deploymentName string) *
return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) &&
strings.Contains(server, "proxy_pass http://upstream_balancer;")
})
return ing
}
func ensureHTTPSRequest(f *framework.Framework, url string, host string, expectedDNSName string) {
func ensureHTTPSRequest(f *framework.Framework, url, host, expectedDNSName string) {
resp := f.HTTPTestClientWithTLSConfig(&tls.Config{
ServerName: host,
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
}).
GET("/").
WithURL(url).
WithHeader("Host", host).
Expect().
Raw()
defer resp.Body.Close()
assert.Equal(ginkgo.GinkgoT(), resp.StatusCode, http.StatusOK)
assert.Equal(ginkgo.GinkgoT(), len(resp.TLS.PeerCertificates), 1)
assert.Equal(ginkgo.GinkgoT(), resp.TLS.PeerCertificates[0].DNSNames[0], expectedDNSName)

5
test/e2e/nginx/nginx.go
View file

@ -100,7 +100,6 @@ var _ = framework.DescribeSetting("nginx-configuration", func() {
f := framework.NewSimpleFramework("nginxconfiguration")
ginkgo.It("start nginx with default configuration", func() {
f.NGINXWithConfigDeployment("default-nginx", cfgOK)
f.WaitForPod("app=default-nginx", 60*time.Second, false)
framework.Sleep(5 * time.Second)
@ -113,20 +112,16 @@ var _ = framework.DescribeSetting("nginx-configuration", func() {
})
ginkgo.It("fails when using alias directive", func() {
f.NGINXDeployment("alias-nginx", cfgAlias, false)
// This should fail with a crashloopback because our NGINX does not have
// alias directive!
f.WaitForPod("app=alias-nginx", 60*time.Second, true)
})
ginkgo.It("fails when using root directive", func() {
f.NGINXDeployment("root-nginx", cfgRoot, false)
// This should fail with a crashloopback because our NGINX does not have
// root directive!
f.WaitForPod("app=root-nginx", 60*time.Second, true)
})
})

8
test/e2e/security/request_smuggling.go
View file

@ -50,9 +50,9 @@ server {
f.UpdateNginxConfigMapData("http-snippet", snippet)
//TODO: currently using a self hosted HTTPBun instance results in a 499, we
//should move away from using httpbun.com once we have the httpbun
//deployment as part of the framework
// TODO: currently using a self hosted HTTPBun instance results in a 499, we
// should move away from using httpbun.com once we have the httpbun
// deployment as part of the framework
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, map[string]string{
"nginx.ingress.kubernetes.io/auth-signin": "https://httpbun.com/bearer/d4bcba7a-0def-4a31-91a7-47e420adf44b",
"nginx.ingress.kubernetes.io/auth-url": "https://httpbun.com/basic-auth/user/passwd",
@ -91,7 +91,7 @@ func smugglingRequest(host, addr string, port int) (string, error) {
// wait for /_hidden/index.html response
framework.Sleep()
var buf = make([]byte, 1024)
buf := make([]byte, 1024)
r := bufio.NewReader(conn)
_, err = r.Read(buf)
if err != nil {

91
test/e2e/servicebackend/service_backend.go
View file

@ -29,48 +29,50 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
var pathtype = networking.PathTypePrefix
var _ = framework.IngressNginxDescribe("[Service] backend status code 503", func() {
f := framework.NewDefaultFramework("service-backend")
var (
pathtype = networking.PathTypePrefix
_ = framework.IngressNginxDescribe("[Service] backend status code 503", func() {
f := framework.NewDefaultFramework("service-backend")
ginkgo.It("should return 503 when backend service does not exist", func() {
host := "nonexistent.svc.com"
ginkgo.It("should return 503 when backend service does not exist", func() {
host := "nonexistent.svc.com"
bi := buildIngressWithNonexistentService(host, f.Namespace, "/")
f.EnsureIngress(bi)
bi := buildIngressWithNonexistentService(host, f.Namespace, "/")
f.EnsureIngress(bi)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "proxy_pass http://upstream_balancer;")
})
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "proxy_pass http://upstream_balancer;")
})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusServiceUnavailable)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusServiceUnavailable)
})
ginkgo.It("should return 503 when all backend service endpoints are unavailable", func() {
host := "unavailable.svc.com"
bi, bs := buildIngressWithUnavailableServiceEndpoints(host, f.Namespace, "/")
f.EnsureService(bs)
f.EnsureIngress(bi)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "proxy_pass http://upstream_balancer;")
})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusServiceUnavailable)
})
})
ginkgo.It("should return 503 when all backend service endpoints are unavailable", func() {
host := "unavailable.svc.com"
bi, bs := buildIngressWithUnavailableServiceEndpoints(host, f.Namespace, "/")
f.EnsureService(bs)
f.EnsureIngress(bi)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "proxy_pass http://upstream_balancer;")
})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusServiceUnavailable)
})
})
)
func buildIngressWithNonexistentService(host, namespace, path string) *networking.Ingress {
backendService := "nonexistent-svc"
@ -146,14 +148,15 @@ func buildIngressWithUnavailableServiceEndpoints(host, namespace, path string) (
Name: backendService,
Namespace: namespace,
},
Spec: corev1.ServiceSpec{Ports: []corev1.ServicePort{
{
Name: "tcp",
Port: 80,
TargetPort: intstr.FromInt(80),
Protocol: "TCP",
Spec: corev1.ServiceSpec{
Ports: []corev1.ServicePort{
{
Name: "tcp",
Port: 80,
TargetPort: intstr.FromInt(80),
Protocol: "TCP",
},
},
},
Selector: map[string]string{
"app": backendService,
},

22
test/e2e/servicebackend/service_externalname.go
View file

@ -33,12 +33,14 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const echoHost = "echo"
var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
f := framework.NewDefaultFramework("type-externalname", framework.WithHTTPBunEnabled())
ginkgo.It("works with external name set to incomplete fqdn", func() {
f.NewEchoDeployment()
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -74,7 +76,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should return 200 for service type=ExternalName without a port defined", func() {
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -114,7 +116,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should return 200 for service type=ExternalName with a port defined", func() {
host := "echo"
host := echoHost
svc := framework.BuildNIPExternalNameService(f, f.HTTPBunIP, host)
f.EnsureService(svc)
@ -144,7 +146,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should return status 502 for service type=ExternalName with an invalid host", func() {
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -180,7 +182,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should return 200 for service type=ExternalName using a port name", func() {
host := "echo"
host := echoHost
svc := framework.BuildNIPExternalNameService(f, f.HTTPBunIP, host)
f.EnsureService(svc)
@ -221,7 +223,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should return 200 for service type=ExternalName using FQDN with trailing dot", func() {
host := "echo"
host := echoHost
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
@ -257,7 +259,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
})
ginkgo.It("should update the external name after a service update", func() {
host := "echo"
host := echoHost
svc := framework.BuildNIPExternalNameService(f, f.HTTPBunIP, host)
f.EnsureService(svc)
@ -306,7 +308,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
Get(context.TODO(), framework.NIPService, metav1.GetOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error obtaining external service")
//Deploy a new instance to switch routing to
// Deploy a new instance to switch routing to
ip := f.NewHttpbunDeployment(framework.WithDeploymentName("eu-server"))
svc.Spec.ExternalName = framework.BuildNIPHost(ip)
@ -335,12 +337,12 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() {
assert.Contains(
ginkgo.GinkgoT(),
output,
fmt.Sprintf(`"address": "%s"`, framework.BuildNIPHost(ip)),
fmt.Sprintf(`"address": %q`, framework.BuildNIPHost(ip)),
)
})
ginkgo.It("should sync ingress on external name service addition/deletion", func() {
host := "echo"
host := echoHost
// Create the Ingress first
ing := framework.NewSingleIngress(host,

1
test/e2e/servicebackend/service_nil_backend.go
View file

@ -64,7 +64,6 @@ var _ = framework.IngressNginxDescribe("[Service] Nil Service Backend", func() {
WithHeader("Host", invalidHost).
Expect().
Status(http.StatusNotFound)
})
})

4
test/e2e/settings/access_log.go
View file

@ -28,7 +28,6 @@ var _ = framework.DescribeSetting("access-log", func() {
f := framework.NewDefaultFramework("access-log")
ginkgo.Context("access-log-path", func() {
ginkgo.It("use the default configuration", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
@ -50,7 +49,6 @@ var _ = framework.DescribeSetting("access-log", func() {
})
ginkgo.Context("http-access-log-path", func() {
ginkgo.It("use the specified configuration", func() {
f.UpdateNginxConfigMapData("http-access-log-path", "/tmp/nginx/http-access.log")
f.WaitForNginxConfiguration(
@ -63,7 +61,6 @@ var _ = framework.DescribeSetting("access-log", func() {
})
ginkgo.Context("stream-access-log-path", func() {
ginkgo.It("use the specified configuration", func() {
f.UpdateNginxConfigMapData("stream-access-log-path", "/tmp/nginx/stream-access.log")
f.WaitForNginxConfiguration(
@ -76,7 +73,6 @@ var _ = framework.DescribeSetting("access-log", func() {
})
ginkgo.Context("http-access-log-path & stream-access-log-path", func() {
ginkgo.It("use the specified configuration", func() {
f.SetNginxConfigMapData(map[string]string{
"http-access-log-path": "/tmp/nginx/http-access.log",

2
test/e2e/settings/badannotationvalues.go
View file

@ -100,7 +100,6 @@ var _ = framework.DescribeAnnotation("Bad annotation values", func() {
})
ginkgo.It("[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place", func() {
hostValid := "custom-allowed-value-test"
annotationsValid := map[string]string{
"nginx.ingress.kubernetes.io/configuration-snippet": `
@ -159,6 +158,5 @@ var _ = framework.DescribeAnnotation("Bad annotation values", func() {
WithHeader("Host", host).
Expect().
Status(http.StatusNotFound)
})
})

6
test/e2e/settings/default_ssl_certificate.go
View file

@ -30,10 +30,12 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const fooHost = "foo"
var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", func() {
f := framework.NewDefaultFramework("default-ssl-certificate")
var tlsConfig *tls.Config
secretName := "my-custom-cert"
secretName := "my-custom-cert" //nolint:gosec // Ignore the gosec error in testing
service := framework.EchoService
port := 80
@ -78,7 +80,7 @@ var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", f
})
ginkgo.It("uses default ssl certificate for host based ingress when configured certificate does not match host", func() {
host := "foo"
host := fooHost
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, service, port, nil))
_, err := framework.CreateIngressTLSSecret(f.KubeClientSet,

8
test/e2e/settings/disable_catch_all.go
View file

@ -48,7 +48,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
})
ginkgo.It("should ignore catch all Ingress with backend", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleCatchAllIngress("catch-all", f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -67,7 +67,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
})
ginkgo.It("should ignore catch all Ingress with backend and rules", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleIngressWithBackendAndRules(host, "/", host, f.Namespace, framework.EchoService, 80, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -79,7 +79,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
})
ginkgo.It("should delete Ingress updated to catch-all", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -121,7 +121,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
})
ginkgo.It("should allow Ingress with rules", func() {
host := "foo"
host := fooHost
ing := framework.NewSingleIngress("not-catch-all", "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)

1
test/e2e/settings/disable_service_external_name.go
View file

@ -95,6 +95,5 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-service-external-name", f
WithHeader("Host", externalhost).
Expect().
StatusRange(httpexpect.Status5xx)
})
})

3
test/e2e/settings/disable_sync_events.go
View file

@ -50,6 +50,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() {
assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events")
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should create sync events", func() {
host := "disable-sync-events-false"
f.NewEchoDeployment(framework.WithDeploymentReplicas(1))
@ -77,6 +78,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() {
assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events")
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should not create sync events", func() {
host := "disable-sync-events-true"
f.NewEchoDeployment(framework.WithDeploymentReplicas(1))
@ -103,5 +105,4 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() {
assert.Empty(ginkgo.GinkgoT(), events.Items, "got events")
})
})

6
test/e2e/settings/forwarded_headers.go
View file

@ -26,6 +26,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const forwardedHeadersHost = "forwarded-headers"
var _ = framework.DescribeSetting("use-forwarded-headers", func() {
f := framework.NewDefaultFramework("forwarded-headers")
@ -37,7 +39,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
})
ginkgo.It("should trust X-Forwarded headers when setting is true", func() {
host := "forwarded-headers"
host := forwardedHeadersHost
f.UpdateNginxConfigMapData(setting, "true")
@ -89,7 +91,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
})
ginkgo.It("should not trust X-Forwarded headers when setting is false", func() {
host := "forwarded-headers"
host := forwardedHeadersHost
f.UpdateNginxConfigMapData(setting, "false")

9
test/e2e/settings/geoip2.go
View file

@ -19,11 +19,10 @@ package settings
import (
"context"
"fmt"
"net/http"
"path/filepath"
"strings"
"net/http"
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
@ -72,8 +71,7 @@ var _ = framework.DescribeSetting("Geoip2", func() {
f.UpdateNginxConfigMapData("use-geoip2", "true")
httpSnippetAllowingOnlyAustralia :=
`map $geoip2_city_country_code $blocked_country {
httpSnippetAllowingOnlyAustralia := `map $geoip2_city_country_code $blocked_country {
default 1;
AU 0;
}`
@ -85,8 +83,7 @@ var _ = framework.DescribeSetting("Geoip2", func() {
return strings.Contains(cfg, "map $geoip2_city_country_code $blocked_country")
})
configSnippet :=
`if ($blocked_country) {
configSnippet := `if ($blocked_country) {
return 403;
}`

22
test/e2e/settings/global_external_auth.go
View file

@ -31,6 +31,11 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
disable = "false"
noAuthLocaltionSetting = "no-auth-locations"
)
var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
f := framework.NewDefaultFramework(
"global-external-auth",
@ -46,7 +51,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
fooPath := "/foo"
barPath := "/bar"
noAuthSetting := "no-auth-locations"
noAuthSetting := noAuthLocaltionSetting
noAuthLocations := barPath
enableGlobalExternalAuthAnnotation := "nginx.ingress.kubernetes.io/enable-global-auth"
@ -56,7 +61,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.Context("when global external authentication is configured", func() {
ginkgo.BeforeEach(func() {
globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/401", framework.HTTPBunService, f.Namespace)
@ -85,7 +89,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It("should return status code 401 when request any protected service", func() {
ginkgo.By("Sending a request to protected service /foo")
f.HTTPTestClient().
GET(fooPath).
@ -102,7 +105,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It("should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service", func() {
ginkgo.By("Adding a no-auth-locations for /bar to configMap")
f.UpdateNginxConfigMapData(noAuthSetting, noAuthLocations)
f.WaitForNginxServer(host,
@ -126,10 +128,9 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It("should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service", func() {
ginkgo.By("Adding an ingress rule for /bar with annotation enable-global-auth = false")
err := framework.UpdateIngress(f.KubeClientSet, f.Namespace, "bar-ingress", func(ingress *networking.Ingress) error {
ingress.ObjectMeta.Annotations[enableGlobalExternalAuthAnnotation] = "false"
ingress.ObjectMeta.Annotations[enableGlobalExternalAuthAnnotation] = disable
return nil
})
assert.Nil(ginkgo.GinkgoT(), err)
@ -155,9 +156,8 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It("should still return status code 200 after auth backend is deleted using cache", func() {
globalExternalAuthCacheKeySetting := "global-auth-cache-key"
globalExternalAuthCacheKey := "foo"
globalExternalAuthCacheKey := fooHost
globalExternalAuthCacheDurationSetting := "global-auth-cache-duration"
globalExternalAuthCacheDuration := "200 201 401 30m"
globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/200", framework.HTTPBunService, f.Namespace)
@ -197,7 +197,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It(`should proxy_method method when global-auth-method is configured`, func() {
globalExternalAuthMethodSetting := "global-auth-method"
globalExternalAuthMethod := "GET"
@ -210,7 +209,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It(`should add custom error page when global-auth-signin url is configured`, func() {
globalExternalAuthSigninSetting := "global-auth-signin"
globalExternalAuthSignin := "http://foo.com/global-error-page"
@ -223,7 +221,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It(`should add auth headers when global-auth-response-headers is configured`, func() {
globalExternalAuthResponseHeadersSetting := "global-auth-response-headers"
globalExternalAuthResponseHeaders := "Foo, Bar"
@ -237,7 +234,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
})
ginkgo.It(`should set request-redirect when global-auth-request-redirect is configured`, func() {
globalExternalAuthRequestRedirectSetting := "global-auth-request-redirect"
globalExternalAuthRequestRedirect := "Foo-Redirect"
@ -260,7 +256,6 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
return strings.Contains(server, globalExternalAuthSnippet)
})
})
})
ginkgo.Context("cookie set by external authentication server", func() {
@ -322,7 +317,6 @@ http {
f.WaitForNginxServer(host, func(server string) bool {
return strings.Contains(server, "server_name "+host)
})
})
ginkgo.It("user retains cookie by default", func() {

1
test/e2e/settings/global_options.go
View file

@ -31,7 +31,6 @@ var _ = framework.IngressNginxDescribe("global-options", func() {
ginkgo.It("should have worker_rlimit_nofile option", func() {
f.WaitForNginxConfiguration(func(server string) bool {
return strings.Contains(server, fmt.Sprintf("worker_rlimit_nofile %d;", rlimitMaxNumFiles()-1024))
})
})

9
test/e2e/settings/hash-size.go
View file

@ -36,7 +36,6 @@ var _ = framework.DescribeSetting("hash size", func() {
})
ginkgo.Context("Check server names hash size", func() {
ginkgo.It("should set server_names_hash_bucket_size", func() {
f.UpdateNginxConfigMapData("server-name-hash-bucket-size", "512")
@ -52,11 +51,9 @@ var _ = framework.DescribeSetting("hash size", func() {
return strings.Contains(server, "server_names_hash_max_size 4096;")
})
})
})
ginkgo.Context("Check proxy header hash size", func() {
ginkgo.It("should set proxy-headers-hash-bucket-size", func() {
f.UpdateNginxConfigMapData("proxy-headers-hash-bucket-size", "512")
@ -72,11 +69,9 @@ var _ = framework.DescribeSetting("hash size", func() {
return strings.Contains(server, "proxy_headers_hash_max_size 4096;")
})
})
})
ginkgo.Context("Check the variable hash size", func() {
ginkgo.It("should set variables-hash-bucket-size", func() {
f.UpdateNginxConfigMapData("variables-hash-bucket-size", "512")
@ -92,11 +87,9 @@ var _ = framework.DescribeSetting("hash size", func() {
return strings.Contains(server, "variables_hash_max_size 512;")
})
})
})
ginkgo.Context("Check the map hash size", func() {
ginkgo.It("should set vmap-hash-bucket-size", func() {
f.UpdateNginxConfigMapData("map-hash-bucket-size", "512")
@ -104,7 +97,5 @@ var _ = framework.DescribeSetting("hash size", func() {
return strings.Contains(server, "map_hash_bucket_size 512;")
})
})
})
})

24
test/e2e/settings/ingress_class.go
View file

@ -36,6 +36,8 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const barHost = "bar"
var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
f := framework.NewDefaultFramework("ingress-class")
@ -66,7 +68,7 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
ginkgo.Context("With default ingress class config", func() {
ginkgo.It("should ignore Ingress with a different class annotation", func() {
invalidHost := "foo"
invalidHost := fooHost
annotations := map[string]string{
ingressclass.IngressKey: "testclass",
}
@ -75,7 +77,7 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
ing.Spec.IngressClassName = nil
f.EnsureIngress(ing)
validHost := "bar"
validHost := barHost
annotationClass := map[string]string{
ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
}
@ -385,7 +387,6 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
Expect().
Status(http.StatusOK)
})
})
ginkgo.Context("With specific ingress-class flags", func() {
@ -411,13 +412,13 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
})
ginkgo.It("should ignore Ingress with no class and accept the correctly configured Ingresses", func() {
invalidHost := "bar"
invalidHost := barHost
ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
ing.Spec.IngressClassName = nil
f.EnsureIngress(ing)
validHost := "foo"
validHost := fooHost
annotations := map[string]string{
ingressclass.IngressKey: "testclass",
}
@ -455,7 +456,6 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
Expect().
Status(http.StatusNotFound)
})
})
ginkgo.Context("With watch-ingress-without-class flag", func() {
@ -480,13 +480,13 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
})
ginkgo.It("should watch Ingress with no class and ignore ingress with a different class", func() {
validHost := "bar"
validHost := barHost
ing := framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, nil)
ing.Spec.IngressClassName = nil
f.EnsureIngress(ing)
invalidHost := "foo"
invalidHost := fooHost
annotations := map[string]string{
ingressclass.IngressKey: "testclass123",
}
@ -511,7 +511,6 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
Expect().
Status(http.StatusNotFound)
})
})
ginkgo.Context("With ingress-class-by-name flag", func() {
@ -579,11 +578,9 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
Expect().
Status(http.StatusNotFound)
})
})
ginkgo.Context("Without IngressClass Cluster scoped Permission", func() {
ginkgo.BeforeEach(func() {
icname := fmt.Sprintf("ic-%s", f.Namespace)
@ -629,8 +626,7 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
})
ginkgo.It("should watch Ingress with correct annotation", func() {
validHost := "foo"
validHost := fooHost
annotations := map[string]string{
ingressclass.IngressKey: "testclass",
}
@ -650,7 +646,6 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
})
ginkgo.It("should ignore Ingress with only IngressClassName", func() {
invalidHost := "noclassforyou"
ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
@ -666,6 +661,5 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
Expect().
Status(http.StatusNotFound)
})
})
})

14
test/e2e/settings/keep-alive.go
View file

@ -21,6 +21,7 @@ import (
"strings"
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -50,7 +51,6 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() {
f.WaitForNginxConfiguration(func(server string) bool {
return strings.Contains(server, `keepalive_requests 200;`)
})
})
})
@ -59,7 +59,8 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() {
f.UpdateNginxConfigMapData("upstream-keepalive-connections", "128")
f.WaitForNginxConfiguration(func(server string) bool {
match, _ := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive 128;`, server)
match, err := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive 128;`, server)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error matching the upstream keepalive time")
return match
})
})
@ -68,7 +69,8 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() {
f.UpdateNginxConfigMapData("upstream-keepalive-timeout", "120")
f.WaitForNginxConfiguration(func(server string) bool {
match, _ := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_timeout\s*120s;`, server)
match, err := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_timeout\s*120s;`, server)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error matching the upstream keepalive time")
return match
})
})
@ -77,7 +79,8 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() {
f.UpdateNginxConfigMapData("upstream-keepalive-time", "75s")
f.WaitForNginxConfiguration(func(server string) bool {
match, _ := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_time\s*75s;`, server)
match, err := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_time\s*75s;`, server)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error matching the upstream keepalive time")
return match
})
})
@ -86,7 +89,8 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() {
f.UpdateNginxConfigMapData("upstream-keepalive-requests", "200")
f.WaitForNginxConfiguration(func(server string) bool {
match, _ := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_requests\s*200;`, server)
match, err := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_requests\s*200;`, server)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error matching the upstream keepalive time")
return match
})
})

5
test/e2e/settings/listen_nondefault_ports.go
View file

@ -28,7 +28,6 @@ import (
)
var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", func() {
host := "forwarded-headers"
f := framework.NewDefaultFramework("forwarded-port-headers", framework.WithHTTPBunEnabled())
@ -44,7 +43,6 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
ginkgo.Context("with a plain HTTP ingress", func() {
ginkgo.It("should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port", func() {
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -64,9 +62,7 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
})
ginkgo.Context("with a TLS enabled ingress", func() {
ginkgo.It("should set X-Forwarded-Port header to 443", func() {
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -94,7 +90,6 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
})
ginkgo.Context("when external authentication is configured", func() {
ginkgo.It("should set the X-Forwarded-Port header to 443", func() {
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", f.HTTPBunIP),

2
test/e2e/settings/log-format.go
View file

@ -36,7 +36,6 @@ var _ = framework.DescribeSetting("log-format-*", func() {
})
ginkgo.Context("Check log-format-escape-json and log-format-escape-none", func() {
ginkgo.It("should not configure log-format escape by default", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
@ -78,7 +77,6 @@ var _ = framework.DescribeSetting("log-format-*", func() {
})
ginkgo.Context("Check log-format-upstream with log-format-escape-json and log-format-escape-none", func() {
ginkgo.It("log-format-escape-json enabled", func() {
f.SetNginxConfigMapData(map[string]string{
"log-format-escape-json": "true",

16
test/e2e/settings/namespace_selector.go
View file

@ -29,12 +29,12 @@ import (
var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector", func() {
f := framework.NewDefaultFramework("namespace-selector")
notMatchedHost, matchedHost := "bar", "foo"
notMatchedHost, matchedHost := barHost, fooHost
var notMatchedNs string
var matchedNs string
// create a test namespace, under which create an ingress and backend deployment
prepareTestIngress := func(baseName string, host string, labels map[string]string) string {
prepareTestIngress := func(host string, labels map[string]string) string {
ns, err := framework.CreateKubeNamespaceWithLabel(f.BaseName, labels, f.KubeClientSet)
assert.Nil(ginkgo.GinkgoT(), err, "creating test namespace")
f.NewEchoDeployment(framework.WithDeploymentNamespace(ns))
@ -49,8 +49,8 @@ var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector",
}
ginkgo.BeforeEach(func() {
notMatchedNs = prepareTestIngress(notMatchedHost, notMatchedHost, nil) // create namespace without label "foo=bar"
matchedNs = prepareTestIngress(matchedHost, matchedHost, map[string]string{"foo": "bar"})
notMatchedNs = prepareTestIngress(notMatchedHost, nil) // create namespace without label "foo=bar"
matchedNs = prepareTestIngress(matchedHost, map[string]string{fooHost: barHost})
})
ginkgo.AfterEach(func() {
@ -59,9 +59,7 @@ var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector",
})
ginkgo.Context("With specific watch-namespace-selector flags", func() {
ginkgo.It("should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar", func() {
ginkgo.It("should ignore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar", func() {
f.WaitForNginxConfiguration(func(cfg string) bool {
return !strings.Contains(cfg, "server_name bar") &&
strings.Contains(cfg, "server_name foo")
@ -86,7 +84,7 @@ var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector",
if ns.Labels == nil {
ns.Labels = make(map[string]string)
}
ns.Labels["foo"] = "bar"
ns.Labels[fooHost] = barHost
_, err = f.KubeClientSet.CoreV1().Namespaces().Update(context.TODO(), ns, metav1.UpdateOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "labeling not matched namespace")
@ -97,7 +95,7 @@ var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector",
if ing.Labels == nil {
ing.Labels = make(map[string]string)
}
ing.Labels["foo"] = "bar"
ing.Labels[fooHost] = barHost
_, err = f.KubeClientSet.NetworkingV1().Ingresses(notMatchedNs).Update(context.TODO(), ing, metav1.UpdateOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress")

8
test/e2e/settings/no_auth_locations.go
View file

@ -18,12 +18,12 @@ package settings
import (
"fmt"
"golang.org/x/crypto/bcrypt"
"net/http"
"strings"
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
"golang.org/x/crypto/bcrypt"
corev1 "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -34,7 +34,7 @@ var _ = framework.DescribeSetting("[Security] no-auth-locations", func() {
f := framework.NewDefaultFramework("no-auth-locations")
setting := "no-auth-locations"
username := "foo"
username := fooHost
password := "bar"
secretName := "test-secret"
host := "no-auth-locations"
@ -100,7 +100,8 @@ func buildBasicAuthIngressWithSecondPath(host, namespace, secretName, pathName s
ObjectMeta: metav1.ObjectMeta{
Name: host,
Namespace: namespace,
Annotations: map[string]string{"nginx.ingress.kubernetes.io/auth-type": "basic",
Annotations: map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": secretName,
"nginx.ingress.kubernetes.io/auth-realm": "test auth",
},
@ -147,7 +148,6 @@ func buildBasicAuthIngressWithSecondPath(host, namespace, secretName, pathName s
}
func buildSecret(username, password, name, namespace string) *corev1.Secret {
//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
assert.Nil(ginkgo.GinkgoT(), err, "creating password")

1
test/e2e/settings/no_tls_redirect_locations.go
View file

@ -44,6 +44,5 @@ var _ = framework.DescribeSetting("Add no tls redirect locations", func() {
f.WaitForNginxConfiguration(func(server string) bool {
return strings.Contains(server, "force_no_ssl_redirect = true,")
})
})
})

5
test/e2e/settings/ocsp/ocsp.go
View file

@ -112,7 +112,7 @@ var _ = framework.DescribeSetting("OCSP", func() {
return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))
})
tlsConfig := &tls.Config{ServerName: host, InsecureSkipVerify: true}
tlsConfig := &tls.Config{ServerName: host, InsecureSkipVerify: true} //nolint:gosec // Ignore the gosec error in testing
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
@ -195,7 +195,8 @@ const configTemplate = `
func prepareCertificates(namespace string) error {
config := fmt.Sprintf(configTemplate, namespace)
err := os.WriteFile("cfssl_config.json", []byte(config), 0644)
//nolint:gosec // Not change permission to avoid possible issues
err := os.WriteFile("cfssl_config.json", []byte(config), 0o644)
if err != nil {
return fmt.Errorf("creating cfssl_config.json file: %v", err)
}

15
test/e2e/settings/opentelemetry.go
View file

@ -32,6 +32,8 @@ const (
opentelemetryLocationOperationName = "opentelemetry-location-operation-name"
opentelemetryConfig = "opentelemetry-config"
opentelemetryConfigPath = "/etc/nginx/opentelemetry.toml"
enable = "true"
)
var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
@ -46,7 +48,7 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
ginkgo.It("should not exists opentelemetry directive", func() {
config := map[string]string{}
config[enableOpentelemetry] = "false"
config[enableOpentelemetry] = disable
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentelemetry, "/", enableOpentelemetry, f.Namespace, "http-svc", 80, nil))
@ -59,7 +61,7 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
ginkgo.It("should exists opentelemetry directive when is enabled", func() {
config := map[string]string{}
config[enableOpentelemetry] = "true"
config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath
f.SetNginxConfigMapData(config)
@ -73,9 +75,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() {
config := map[string]string{}
config[enableOpentelemetry] = "true"
config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath
config[opentelemetryTrustIncomingSpan] = "true"
config[opentelemetryTrustIncomingSpan] = enable
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentelemetry, "/", enableOpentelemetry, f.Namespace, "http-svc", 80, nil))
@ -88,7 +90,7 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() {
config := map[string]string{}
config[enableOpentelemetry] = "true"
config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath
config[opentelemetryOperationName] = ""
f.SetNginxConfigMapData(config)
@ -103,7 +105,7 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() {
config := map[string]string{}
config[enableOpentelemetry] = "true"
config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath
config[opentelemetryOperationName] = "HTTP $request_method $uri"
f.SetNginxConfigMapData(config)
@ -115,5 +117,4 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
return strings.Contains(cfg, `opentelemetry_operation_name "HTTP $request_method $uri"`)
})
})
})

60
test/e2e/settings/opentracing.go
View file

@ -41,8 +41,12 @@ const (
datadogCollectorHost = "datadog-collector-host"
opentracingOperationName = "opentracing-operation-name"
opentracingOperationName = "opentracing-operation-name"
opentracingOperationValue = "HTTP $request_method $uri"
opentracingLocationOperationName = "opentracing-location-operation-name"
localhost = "127.0.0.1"
)
var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
@ -57,7 +61,7 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should not exists opentracing directive", func() {
config := map[string]string{}
config[enableOpentracing] = "false"
config[enableOpentracing] = disable
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentracing, "/", enableOpentracing, f.Namespace, "http-svc", 80, nil))
@ -70,8 +74,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should exists opentracing directive when is enabled", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentracing, "/", enableOpentracing, f.Namespace, "http-svc", 80, nil))
@ -84,9 +88,9 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should include opentracing_trust_incoming_span off directive when disabled", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[opentracingTrustIncomingSpan] = "false"
config[zipkinCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[opentracingTrustIncomingSpan] = disable
config[zipkinCollectorHost] = localhost
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentracing, "/", enableOpentracing, f.Namespace, "http-svc", 80, nil))
@ -99,8 +103,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should not exists opentracing_operation_name directive when is empty", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
config[opentracingOperationName] = ""
f.SetNginxConfigMapData(config)
@ -114,9 +118,9 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should exists opentracing_operation_name directive when is configured", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[opentracingOperationName] = "HTTP $request_method $uri"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
config[opentracingOperationName] = opentracingOperationValue
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentracing, "/", enableOpentracing, f.Namespace, "http-svc", 80, nil))
@ -129,8 +133,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should not exists opentracing_location_operation_name directive when is empty", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
config[opentracingLocationOperationName] = ""
f.SetNginxConfigMapData(config)
@ -144,9 +148,9 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should exists opentracing_location_operation_name directive when is configured", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[opentracingLocationOperationName] = "HTTP $request_method $uri"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
config[opentracingLocationOperationName] = opentracingOperationValue
f.SetNginxConfigMapData(config)
f.EnsureIngress(framework.NewSingleIngress(enableOpentracing, "/", enableOpentracing, f.Namespace, "http-svc", 80, nil))
@ -159,8 +163,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should enable opentracing using zipkin", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[zipkinCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[zipkinCollectorHost] = localhost
f.SetNginxConfigMapData(config)
framework.Sleep(10 * time.Second)
@ -171,8 +175,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should enable opentracing using jaeger", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[jaegerCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[jaegerCollectorHost] = localhost
f.SetNginxConfigMapData(config)
framework.Sleep(10 * time.Second)
@ -183,9 +187,9 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should enable opentracing using jaeger with sampler host", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[jaegerCollectorHost] = "127.0.0.1"
config[jaegerSamplerHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[jaegerCollectorHost] = localhost
config[jaegerSamplerHost] = localhost
f.SetNginxConfigMapData(config)
framework.Sleep(10 * time.Second)
@ -197,8 +201,8 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should propagate the w3c header when configured with jaeger", func() {
host := "jaeger-w3c"
config := map[string]string{}
config[enableOpentracing] = "true"
config[jaegerCollectorHost] = "127.0.0.1"
config[enableOpentracing] = enable
config[jaegerCollectorHost] = localhost
config[jaegerPropagationFormat] = "w3c"
f.SetNginxConfigMapData(config)
@ -227,7 +231,7 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
/*
ginkgo.It("should enable opentracing using jaeger with an HTTP endpoint", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[enableOpentracing] = TRUE
config[jaegerEndpoint] = "http://127.0.0.1/api/traces"
f.SetNginxConfigMapData(config)
@ -240,7 +244,7 @@ var _ = framework.IngressNginxDescribe("Configure OpenTracing", func() {
ginkgo.It("should enable opentracing using datadog", func() {
config := map[string]string{}
config[enableOpentracing] = "true"
config[enableOpentracing] = enable
config[datadogCollectorHost] = "http://127.0.0.1"
f.SetNginxConfigMapData(config)

1
test/e2e/settings/pod_security_policy_volumes.go
View file

@ -38,7 +38,6 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo
f := framework.NewDefaultFramework("pod-security-policies-volumes")
ginkgo.It("should be running with a Pod Security Policy", func() {
k8sversion, err := f.KubeClientSet.Discovery().ServerVersion()
if err != nil {
assert.Nil(ginkgo.GinkgoT(), err, "getting version")

2
test/e2e/settings/proxy_connect_timeout.go
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
//nolint:dupl // Ignore dupl errors for similar test case
package settings
import (
@ -64,5 +65,4 @@ var _ = framework.DescribeSetting("proxy-connect-timeout", func() {
return !strings.Contains(server, fmt.Sprintf("proxy_connect_timeout %ss;", proxyConnectTimeout))
})
})
})

19
test/e2e/settings/proxy_protocol.go
View file

@ -33,8 +33,10 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const proxyProtocol = "proxy-protocol"
var _ = framework.DescribeSetting("use-proxy-protocol", func() {
f := framework.NewDefaultFramework("proxy-protocol")
f := framework.NewDefaultFramework(proxyProtocol)
setting := "use-proxy-protocol"
@ -42,9 +44,9 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
f.NewEchoDeployment()
f.UpdateNginxConfigMapData(setting, "false")
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should respect port passed by the PROXY Protocol", func() {
host := "proxy-protocol"
host := proxyProtocol
f.UpdateNginxConfigMapData(setting, "true")
@ -73,14 +75,15 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
body := string(data)
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", proxyProtocol))
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-port=1234")
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-proto=http")
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-for=192.168.0.1")
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should respect proto passed by the PROXY Protocol server port", func() {
host := "proxy-protocol"
host := proxyProtocol
f.UpdateNginxConfigMapData(setting, "true")
@ -109,14 +112,14 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
body := string(data)
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", proxyProtocol))
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-port=443")
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-proto=https")
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-for=192.168.0.1")
})
ginkgo.It("should enable PROXY Protocol for HTTPS", func() {
host := "proxy-protocol"
host := proxyProtocol
f.UpdateNginxConfigMapData(setting, "true")
@ -151,7 +154,7 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
body := string(data)
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", proxyProtocol))
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-port=1234")
assert.Contains(ginkgo.GinkgoT(), body, "x-forwarded-proto=https")
assert.Contains(ginkgo.GinkgoT(), body, "x-scheme=https")

2
test/e2e/settings/proxy_read_timeout.go
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
//nolint:dupl // Ignore dupl errors for similar test case
package settings
import (
@ -64,5 +65,4 @@ var _ = framework.DescribeSetting("proxy-read-timeout", func() {
return !strings.Contains(server, fmt.Sprintf("proxy_read_timeout %ss;", proxyReadtimeout))
})
})
})

2
test/e2e/settings/proxy_send_timeout.go
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
//nolint:dupl // Ignore dupl errors for similar test case
package settings
import (
@ -64,5 +65,4 @@ var _ = framework.DescribeSetting("proxy-send-timeout", func() {
return !strings.Contains(server, fmt.Sprintf("proxy_send_timeout %ss;", proxySendTimeout))
})
})
})

11
test/e2e/settings/ssl_passthrough.go
View file

@ -19,7 +19,7 @@ package settings
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"strings"
@ -54,7 +54,6 @@ var _ = framework.IngressNginxDescribe("[Flag] enable-ssl-passthrough", func() {
ginkgo.Describe("With enable-ssl-passthrough enabled", func() {
ginkgo.It("should enable ssl-passthrough-proxy-port on a different port", func() {
err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
args := deployment.Spec.Template.Spec.Containers[0].Args
args = append(args, "--ssl-passthrough-proxy-port=1442")
@ -77,7 +76,6 @@ var _ = framework.IngressNginxDescribe("[Flag] enable-ssl-passthrough", func() {
})
ginkgo.It("should pass unknown traffic to default backend and handle known traffic", func() {
host := "testpassthrough.com"
echoName := "echopass"
@ -170,20 +168,21 @@ var _ = framework.IngressNginxDescribe("[Flag] enable-ssl-passthrough", func() {
return strings.Contains(server, "listen 442")
})
//nolint:gosec // Ignore the gosec error in testing
f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
GET("/").
WithURL(fmt.Sprintf("https://%s:443", host)).
WithURL("https://"+net.JoinHostPort(host, "443")).
ForceResolve(f.GetNginxIP(), 443).
Expect().
Status(http.StatusOK)
//nolint:gosec // Ignore the gosec error in testing
f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: hostBad, InsecureSkipVerify: true}).
GET("/").
WithURL(fmt.Sprintf("https://%s:443", hostBad)).
WithURL("https://"+net.JoinHostPort(hostBad, "443")).
ForceResolve(f.GetNginxIP(), 443).
Expect().
Status(http.StatusNotFound)
})
})
})

5
test/e2e/settings/tls.go
View file

@ -87,9 +87,7 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
})
ginkgo.Context("should configure HSTS policy header", func() {
var (
tlsConfig *tls.Config
)
var tlsConfig *tls.Config
const (
hstsMaxAge = "hsts-max-age"
@ -182,7 +180,6 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
got := header["Strict-Transport-Security"]
assert.Equal(ginkgo.GinkgoT(), 1, len(got))
})
})
ginkgo.Context("ports or X-Forwarded-Host check during HTTP tp HTTPS redirection", func() {

6
test/e2e/settings/validations/validations.go
View file

@ -29,7 +29,7 @@ import (
var _ = framework.IngressNginxDescribeSerial("annotation validations", func() {
f := framework.NewDefaultFramework("validations")
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should allow ingress based on their risk on webhooks", func() {
host := "annotation-validations"
@ -54,9 +54,8 @@ var _ = framework.IngressNginxDescribeSerial("annotation validations", func() {
ing = framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
assert.NotNil(ginkgo.GinkgoT(), err, "creating ingress with risky annotations should trigger an error")
})
//nolint:dupl // Ignore dupl errors for similar test case
ginkgo.It("should allow ingress based on their risk on webhooks", func() {
host := "annotation-validations"
@ -81,6 +80,5 @@ var _ = framework.IngressNginxDescribeSerial("annotation validations", func() {
ing = framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
assert.NotNil(ginkgo.GinkgoT(), err, "creating ingress with risky annotations should trigger an error")
})
})

2
test/e2e/ssl/secret_update.go
View file

@ -98,7 +98,7 @@ var _ = framework.IngressNginxDescribe("[SSL] secret update", func() {
return strings.Contains(server, "server_name invalid-ssl") &&
strings.Contains(server, "listen 443")
})
//nolint:gosec // Ignore certificate validation in testing
resp := f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).

4
test/e2e/status/update.go
View file

@ -108,6 +108,7 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() {
}
}()
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
err = wait.Poll(5*time.Second, 4*time.Minute, func() (done bool, err error) {
ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
if err != nil {
@ -134,7 +135,8 @@ func getHostIP() net.IP {
}
defer conn.Close()
localAddr := conn.LocalAddr().(*net.UDPAddr)
localAddr, ok := conn.LocalAddr().(*net.UDPAddr)
assert.True(ginkgo.GinkgoT(), ok, "unexpected type: %T", conn.LocalAddr())
return localAddr.IP
}

12
test/e2e/tcpudp/tcp.go
View file

@ -148,18 +148,18 @@ var _ = framework.IngressNginxDescribe("[TCP] tcp-services", func() {
}
var ips []string
var retryErr error
var errRetry error
err = wait.ExponentialBackoff(retry, func() (bool, error) {
ips, retryErr = resolver.LookupHost(context.Background(), "google-public-dns-b.google.com")
if retryErr == nil {
ips, errRetry = resolver.LookupHost(context.Background(), "google-public-dns-b.google.com")
if errRetry == nil {
return true, nil
}
return false, nil
})
//nolint:staticcheck // TODO: will replace it since wait.ErrWaitTimeout is deprecated
if err == wait.ErrWaitTimeout {
err = retryErr
err = errRetry
}
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error from DNS resolver")
@ -167,7 +167,6 @@ var _ = framework.IngressNginxDescribe("[TCP] tcp-services", func() {
})
ginkgo.It("should reload after an update in the configuration", func() {
ginkgo.By("setting up a first deployment")
f.NewEchoDeployment(framework.WithDeploymentName("first-service"))
@ -217,5 +216,4 @@ var _ = framework.IngressNginxDescribe("[TCP] tcp-services", func() {
assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs")
assert.Contains(ginkgo.GinkgoT(), logs, "Backend successfully reloaded")
})
})