Additional AuthTLS assertions and doc change to demonstrate auth-tls-secret enables the other AuthTLS annotations (#7202)

* Fix indentation of nested list in AuthTLS annotations Also, put `<annotation>`: <description text>` on a single line in Markdown markup, which will match what gets rendered eventually. On the other hand, for the line on auth-tls-secret (This annotation expects the Secret name in the form "namespace/secretName"), its Markdown markup suggests that the author wanted the line to start on its own line, but currently this gets rendered on the same line. It's nice for this to be on its own line, since it's kind of a "note" about the annotation syntax. Format/indent the markup appropriately so that it shows up on its line. * Fix indentation of nested list in CORS annotations Also, put `<annotation>`: <description text>` on a single line in Markdown markup, which will match what gets rendered eventually. On the other hand, for lines noting the allowed characters (This is a multi-valued field...), its Markdown markup suggests that the author wanted the line to start on its own line, but currently this gets rendered on the same line. It's nice for this to be on its own line, since it's kind of a "note" about the annotation syntax. Format/indent the markup appropriately so that it shows up on its line. * Replace f.HTTPTestClientWithTLSConfig() in AuthTLS E2E, the odd one out for requests without client certs * Demonstrate and document that auth-tls-secret enables the other AuthTLS annotations like verify client, depth * Split E2E for auth-tls-error-page and *-pass-certificate-to-upstream
2021-09-08 01:35:16 +08:00 · 2021-09-08 01:35:16 +08:00 · cf9ae96d72
commit cf9ae96d72
parent e7791941ba
3 changed files with 143 additions and 62 deletions
--- a/internal/ingress/annotations/authtls/main_test.go
+++ b/internal/ingress/annotations/authtls/main_test.go
@ -94,10 +94,6 @@ func TestAnnotations(t *testing.T) {
 	data := map[string]string{}

 	data[parser.GetAnnotationWithPrefix("auth-tls-secret")] = "default/demo-secret"
-	data[parser.GetAnnotationWithPrefix("auth-tls-verify-client")] = "off"
-	data[parser.GetAnnotationWithPrefix("auth-tls-verify-depth")] = "1"
-	data[parser.GetAnnotationWithPrefix("auth-tls-error-page")] = "ok.com/error"
-	data[parser.GetAnnotationWithPrefix("auth-tls-pass-certificate-to-upstream")] = "true"

 	ing.SetAnnotations(data)

@ -120,12 +116,45 @@ func TestAnnotations(t *testing.T) {
 	if u.AuthSSLCert.Secret != secret.Secret {
 		t.Errorf("expected %v but got %v", secret.Secret, u.AuthSSLCert.Secret)
 	}
-	if u.VerifyClient != "off" {
-		t.Errorf("expected %v but got %v", "off", u.VerifyClient)
+	if u.VerifyClient != "on" {
+		t.Errorf("expected %v but got %v", "on", u.VerifyClient)
 	}
 	if u.ValidationDepth != 1 {
 		t.Errorf("expected %v but got %v", 1, u.ValidationDepth)
 	}
+	if u.ErrorPage != "" {
+		t.Errorf("expected %v but got %v", "", u.ErrorPage)
+	}
+	if u.PassCertToUpstream != false {
+		t.Errorf("expected %v but got %v", false, u.PassCertToUpstream)
+	}
+
+	data[parser.GetAnnotationWithPrefix("auth-tls-verify-client")] = "off"
+	data[parser.GetAnnotationWithPrefix("auth-tls-verify-depth")] = "2"
+	data[parser.GetAnnotationWithPrefix("auth-tls-error-page")] = "ok.com/error"
+	data[parser.GetAnnotationWithPrefix("auth-tls-pass-certificate-to-upstream")] = "true"
+
+	ing.SetAnnotations(data)
+
+	i, err = NewParser(fakeSecret).Parse(ing)
+	if err != nil {
+		t.Errorf("Unexpected error with ingress: %v", err)
+	}
+
+	u, ok = i.(*Config)
+	if !ok {
+		t.Errorf("expected *Config but got %v", u)
+	}
+
+	if u.AuthSSLCert.Secret != secret.Secret {
+		t.Errorf("expected %v but got %v", secret.Secret, u.AuthSSLCert.Secret)
+	}
+	if u.VerifyClient != "off" {
+		t.Errorf("expected %v but got %v", "off", u.VerifyClient)
+	}
+	if u.ValidationDepth != 2 {
+		t.Errorf("expected %v but got %v", 2, u.ValidationDepth)
+	}
 	if u.ErrorPage != "ok.com/error" {
 		t.Errorf("expected %v but got %v", "ok.com/error", u.ErrorPage)
 	}