DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor e2e tests to use testify y httpexpect

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-02-19 00:08:56 -03:00
parent 046e2d959d
commit f9624cbe46
80 changed files with 2280 additions and 2631 deletions
Download patch file Download diff file Expand all files Collapse all files

16
test/e2e/settings/configmap_change.go
View file

@ -20,8 +20,8 @@ import (
"regexp"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -29,17 +29,17 @@ import (
var _ = framework.DescribeSetting("Configmap change", func() {
f := framework.NewDefaultFramework("configmap-change")
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
})
It("should reload after an update in the configuration", func() {
ginkgo.It("should reload after an update in the configuration", func() {
host := "configmap-change"
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
By("adding a whitelist-source-range")
ginkgo.By("adding a whitelist-source-range")
f.UpdateNginxConfigMapData("whitelist-source-range", "1.1.1.1")
@ -56,9 +56,9 @@ var _ = framework.DescribeSetting("Configmap change", func() {
return strings.Contains(cfg, "allow 1.1.1.1;")
})
Expect(checksum).NotTo(BeEmpty())
assert.NotEmpty(ginkgo.GinkgoT(), checksum)
By("changing error-log-level")
ginkgo.By("changing error-log-level")
f.UpdateNginxConfigMapData("error-log-level", "debug")
@ -72,6 +72,6 @@ var _ = framework.DescribeSetting("Configmap change", func() {
return strings.ContainsAny(cfg, "error_log /var/log/nginx/error.log debug;")
})
Expect(checksum).NotTo(BeEquivalentTo(newChecksum))
assert.NotEqual(ginkgo.GinkgoT(), checksum, newChecksum)
})
})

63
test/e2e/settings/custom_header.go
View file

@ -21,55 +21,48 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
var _ = framework.DescribeSetting("Add custom headers", func() {
var _ = framework.DescribeSetting("add-headers", func() {
f := framework.NewDefaultFramework("custom-header")
host := "custom-header"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
})
AfterEach(func() {
})
It("Add a custom header", func() {
ginkgo.It("Add a custom header", func() {
customHeader := "X-A-Custom-Header"
customHeaderValue := "customHeaderValue"
h := make(map[string]string)
h[customHeader] = customHeaderValue
f.CreateConfigMap("add-headers-configmap", h)
cfgMap := "add-headers-configmap"
wlKey := "add-headers"
wlValue := f.Namespace + "/add-headers-configmap"
f.CreateConfigMap(cfgMap, h)
f.UpdateNginxConfigMapData(wlKey, wlValue)
f.UpdateNginxConfigMapData("add-headers", fmt.Sprintf("%v/%v", f.Namespace, cfgMap))
f.WaitForNginxConfiguration(func(server string) bool {
return strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", customHeader, customHeaderValue))
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get(customHeader)).Should(ContainSubstring(customHeaderValue))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Header(customHeader).Contains(customHeaderValue)
})
It("Add multiple custom headers", func() {
ginkgo.It("Add multiple custom headers", func() {
firstCustomHeader := "X-First"
firstCustomHeaderValue := "Prepare for trouble!"
secondCustomHeader := "X-Second"
@ -79,25 +72,25 @@ var _ = framework.DescribeSetting("Add custom headers", func() {
h[firstCustomHeader] = firstCustomHeaderValue
h[secondCustomHeader] = secondCustomHeaderValue
f.CreateConfigMap("add-headers-configmap-two", h)
cfgMap := "add-headers-configmap-two"
wlKey := "add-headers"
wlValue := f.Namespace + "/add-headers-configmap-two"
f.CreateConfigMap(cfgMap, h)
f.UpdateNginxConfigMapData(wlKey, wlValue)
f.UpdateNginxConfigMapData("add-headers", fmt.Sprintf("%v/%v", f.Namespace, cfgMap))
f.WaitForNginxConfiguration(func(server string) bool {
return strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", firstCustomHeader, firstCustomHeaderValue)) && strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", secondCustomHeader, secondCustomHeaderValue))
return strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", firstCustomHeader, firstCustomHeaderValue)) &&
strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", secondCustomHeader, secondCustomHeaderValue))
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
resp := f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Raw()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get(firstCustomHeader)).Should(ContainSubstring(firstCustomHeaderValue))
Expect(resp.Header.Get(secondCustomHeader)).Should(ContainSubstring(secondCustomHeaderValue))
assert.Equal(ginkgo.GinkgoT(), resp.Header.Get(firstCustomHeader), firstCustomHeaderValue)
assert.Equal(ginkgo.GinkgoT(), resp.Header.Get(secondCustomHeader), secondCustomHeaderValue)
})
})

27
test/e2e/settings/default_ssl_certificate.go
View file

@ -21,9 +21,8 @@ import (
"fmt"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
"k8s.io/ingress-nginx/test/e2e/framework"
@ -36,7 +35,7 @@ var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", f
service := framework.EchoService
port := 80
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
var err error
@ -44,7 +43,7 @@ var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", f
[]string{"*"},
secretName,
f.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
err = framework.UpdateDeployment(f.KubeClientSet, f.Namespace, "nginx-ingress-controller", 1,
func(deployment *appsv1.Deployment) error {
@ -55,29 +54,29 @@ var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", f
return err
})
Expect(err).NotTo(HaveOccurred(), "unexpected error updating ingress controller deployment flags")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
// this asserts that it configures default custom ssl certificate without an ingress at all
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
})
It("uses default ssl certificate for catch-all ingress", func() {
ginkgo.It("uses default ssl certificate for catch-all ingress", func() {
ing := framework.NewSingleCatchAllIngress("catch-all", f.Namespace, service, port, nil)
f.EnsureIngress(ing)
By("making sure new ingress is deployed")
ginkgo.By("making sure new ingress is deployed")
expectedConfig := fmt.Sprintf(`set $proxy_upstream_name "%v-%v-%v";`, f.Namespace, service, port)
f.WaitForNginxServer("_", func(cfg string) bool {
return strings.Contains(cfg, expectedConfig)
})
By("making sure new ingress is responding")
ginkgo.By("making sure new ingress is responding")
By("making sure the configured default ssl certificate is being used")
ginkgo.By("making sure the configured default ssl certificate is being used")
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
})
It("uses default ssl certificate for host based ingress when configured certificate does not match host", func() {
ginkgo.It("uses default ssl certificate for host based ingress when configured certificate does not match host", func() {
host := "foo"
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, service, port, nil))
@ -85,15 +84,15 @@ var _ = framework.IngressNginxDescribe("[SSL] [Flag] default-ssl-certificate", f
[]string{"not.foo"},
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
By("making sure new ingress is deployed")
ginkgo.By("making sure new ingress is deployed")
expectedConfig := fmt.Sprintf(`set $proxy_upstream_name "%v-%v-%v";`, f.Namespace, service, port)
f.WaitForNginxServer(host, func(cfg string) bool {
return strings.Contains(cfg, expectedConfig)
})
By("making sure the configured default ssl certificate is being used")
ginkgo.By("making sure the configured default ssl certificate is being used")
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
})
})

53
test/e2e/settings/disable_catch_all.go
View file

@ -20,10 +20,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
networking "k8s.io/api/networking/v1beta1"
"k8s.io/apimachinery/pkg/util/intstr"
@ -34,7 +32,7 @@ import (
var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
f := framework.NewDefaultFramework("disabled-catch-all")
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
err := framework.UpdateDeployment(f.KubeClientSet, f.Namespace, "nginx-ingress-controller", 1,
@ -46,10 +44,10 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
return err
})
Expect(err).NotTo(HaveOccurred(), "unexpected error updating ingress controller deployment flags")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
})
It("should ignore catch all Ingress", func() {
ginkgo.It("should ignore catch all Ingress", func() {
host := "foo"
ing := framework.NewSingleCatchAllIngress("catch-all", f.Namespace, framework.EchoService, 80, nil)
@ -68,7 +66,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
})
})
It("should delete Ingress updated to catch-all", func() {
ginkgo.It("should delete Ingress updated to catch-all", func() {
host := "foo"
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
@ -79,12 +77,11 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
return strings.Contains(server, "server_name foo")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
err := framework.UpdateIngress(f.KubeClientSet, f.Namespace, host, func(ingress *networking.Ingress) error {
ingress.Spec.Rules = nil
@ -94,21 +91,20 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
}
return nil
})
Expect(err).ToNot(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
f.WaitForNginxConfiguration(func(cfg string) bool {
return !strings.Contains(cfg, "server_name foo")
})
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusNotFound)
})
It("should allow Ingress with both a default backend and rules", func() {
ginkgo.It("should allow Ingress with both a default backend and rules", func() {
host := "foo"
ing := framework.NewSingleIngressWithBackendAndRules("not-catch-all", "/rulepath", host, f.Namespace, framework.EchoService, 80, framework.EchoService, 80, nil)
@ -118,13 +114,10 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-catch-all", func() {
return strings.Contains(cfg, "server_name foo")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
})

112
test/e2e/settings/forwarded_headers.go
View file

@ -21,9 +21,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -33,12 +32,12 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
setting := "use-forwarded-headers"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.UpdateNginxConfigMapData(setting, "false")
})
It("should trust X-Forwarded headers when setting is true", func() {
ginkgo.It("should trust X-Forwarded headers when setting is true", func() {
host := "forwarded-headers"
f.UpdateNginxConfigMapData(setting, "true")
@ -51,41 +50,43 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
return strings.Contains(server, "server_name forwarded-headers")
})
By("ensuring single values are parsed correctly")
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("X-Forwarded-Port", "1234").
Set("X-Forwarded-Proto", "myproto").
Set("X-Forwarded-For", "1.2.3.4").
Set("X-Forwarded-Host", "myhost").
End()
ginkgo.By("ensuring single values are parsed correctly")
body := f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-Port", "1234").
WithHeader("X-Forwarded-Proto", "myproto").
WithHeader("X-Forwarded-For", "1.2.3.4").
WithHeader("X-Forwarded-Host", "myhost").
Expect().
Status(http.StatusOK).
Body().
Raw()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=myhost")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-host=myhost")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-proto=myproto")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=1234")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-for=1.2.3.4")))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
By("ensuring that first entry in X-Forwarded-Host is used as the best host")
resp, body, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("X-Forwarded-Port", "1234").
Set("X-Forwarded-Proto", "myproto").
Set("X-Forwarded-For", "1.2.3.4").
Set("X-Forwarded-Host", "myhost.com, another.host,example.net").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=myhost.com")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-host=myhost.com")))
ginkgo.By("ensuring that first entry in X-Forwarded-Host is used as the best host")
body = f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-Port", "1234").
WithHeader("X-Forwarded-Proto", "myproto").
WithHeader("X-Forwarded-For", "1.2.3.4").
WithHeader("X-Forwarded-Host", "myhost.com, another.host,example.net").
Expect().
Status(http.StatusOK).
Body().
Raw()
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost.com"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost.com"))
})
It("should not trust X-Forwarded headers when setting is false", func() {
ginkgo.It("should not trust X-Forwarded headers when setting is false", func() {
host := "forwarded-headers"
f.UpdateNginxConfigMapData(setting, "false")
@ -97,25 +98,26 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
return strings.Contains(server, "server_name forwarded-headers")
})
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("X-Forwarded-Port", "1234").
Set("X-Forwarded-Proto", "myproto").
Set("X-Forwarded-For", "1.2.3.4").
Set("X-Forwarded-Host", "myhost").
End()
body := f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-Port", "1234").
WithHeader("X-Forwarded-Proto", "myproto").
WithHeader("X-Forwarded-For", "1.2.3.4").
WithHeader("X-Forwarded-Host", "myhost").
Expect().
Status(http.StatusOK).
Body().
Raw()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=forwarded-headers")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=80")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-proto=http")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-original-forwarded-for=1.2.3.4")))
Expect(body).ShouldNot(ContainSubstring(fmt.Sprintf("host=myhost")))
Expect(body).ShouldNot(ContainSubstring(fmt.Sprintf("x-forwarded-host=myhost")))
Expect(body).ShouldNot(ContainSubstring(fmt.Sprintf("x-forwarded-proto=myproto")))
Expect(body).ShouldNot(ContainSubstring(fmt.Sprintf("x-forwarded-port=1234")))
Expect(body).ShouldNot(ContainSubstring(fmt.Sprintf("x-forwarded-for=1.2.3.4")))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=forwarded-headers"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=80"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=http"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-original-forwarded-for=1.2.3.4"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
})
})

37
test/e2e/settings/geoip2.go
View file

@ -21,9 +21,8 @@ import (
"net/http"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -32,12 +31,12 @@ var _ = framework.DescribeSetting("Geoip2", func() {
host := "geoip2"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
})
It("should only allow requests from specific countries", func() {
Skip("GeoIP test are temporarily disabled")
ginkgo.It("should only allow requests from specific countries", func() {
ginkgo.Skip("GeoIP test are temporarily disabled")
f.UpdateNginxConfigMapData("use-geoip2", "true")
@ -72,22 +71,20 @@ var _ = framework.DescribeSetting("Geoip2", func() {
// Should be blocked
usIP := "8.8.8.8"
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("X-Forwarded-For", usIP).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-For", usIP).
Expect().
Status(http.StatusForbidden)
// Shouldn't be blocked
australianIP := "1.1.1.1"
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("X-Forwarded-For", australianIP).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-For", australianIP).
Expect().
Status(http.StatusOK)
})
})

103
test/e2e/settings/global_access_block.go
View file

@ -20,9 +20,7 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -32,12 +30,12 @@ var _ = framework.DescribeSetting("[Security] block-*", func() {
host := "global-access-block"
BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
})
It("should block CIDRs defined in the ConfigMap", func() {
ginkgo.It("should block CIDRs defined in the ConfigMap", func() {
f.UpdateNginxConfigMapData("block-cidrs", "172.16.0.0/12,192.168.0.0/16,10.0.0.0/8")
f.WaitForNginxConfiguration(
@ -47,15 +45,14 @@ var _ = framework.DescribeSetting("[Security] block-*", func() {
strings.Contains(cfg, "deny 10.0.0.0/8;")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusForbidden)
})
It("should block User-Agents defined in the ConfigMap", func() {
ginkgo.It("should block User-Agents defined in the ConfigMap", func() {
f.UpdateNginxConfigMapData("block-user-agents", "~*chrome\\/68\\.0\\.3440\\.106\\ safari\\/537\\.36,AlphaBot")
f.WaitForNginxConfiguration(
@ -65,33 +62,30 @@ var _ = framework.DescribeSetting("[Security] block-*", func() {
})
// Should be blocked
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36").
Expect().
Status(http.StatusForbidden)
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("User-Agent", "AlphaBot").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("User-Agent", "AlphaBot").
Expect().
Status(http.StatusForbidden)
// Shouldn't be blocked
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("User-Agent", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("User-Agent", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1").
Expect().
Status(http.StatusOK)
})
It("should block Referers defined in the ConfigMap", func() {
ginkgo.It("should block Referers defined in the ConfigMap", func() {
f.UpdateNginxConfigMapData("block-referers", "~*example\\.com,qwerty")
f.WaitForNginxConfiguration(
@ -101,29 +95,26 @@ var _ = framework.DescribeSetting("[Security] block-*", func() {
})
// Should be blocked
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("Referer", "example.com").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Referer", "example.com").
Expect().
Status(http.StatusForbidden)
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("Referer", "qwerty").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Referer", "qwerty").
Expect().
Status(http.StatusForbidden)
// Shouldn't be blocked
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
Set("Referer", "qwerty123").
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Referer", "qwerty123").
Expect().
Status(http.StatusOK)
})
})

208
test/e2e/settings/global_external_auth.go
View file

@ -19,12 +19,13 @@ package settings
import (
"fmt"
"net/http"
"time"
"regexp"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
networking "k8s.io/api/networking/v1beta1"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -45,106 +46,107 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
enableGlobalExternalAuthAnnotation := "nginx.ingress.kubernetes.io/enable-global-auth"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.NewHttpbinDeployment()
})
Context("when global external authentication is configured", func() {
ginkgo.Context("when global external authentication is configured", func() {
BeforeEach(func() {
ginkgo.BeforeEach(func() {
globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/401", framework.HTTPBinService, f.Namespace)
By("Adding an ingress rule for /foo")
ginkgo.By("Adding an ingress rule for /foo")
fooIng := framework.NewSingleIngress("foo-ingress", fooPath, host, f.Namespace, echoServiceName, 80, nil)
f.EnsureIngress(fooIng)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("location /foo"))
return strings.Contains(server, "location /foo")
})
By("Adding an ingress rule for /bar")
ginkgo.By("Adding an ingress rule for /bar")
barIng := framework.NewSingleIngress("bar-ingress", barPath, host, f.Namespace, echoServiceName, 80, nil)
f.EnsureIngress(barIng)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("location /bar"))
return strings.Contains(server, "location /bar")
})
By("Adding a global-auth-url to configMap")
ginkgo.By("Adding a global-auth-url to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthURLSetting, globalExternalAuthURL)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring(globalExternalAuthURL))
return strings.Contains(server, globalExternalAuthURL)
})
})
It("should return status code 401 when request any protected service", func() {
ginkgo.It("should return status code 401 when request any protected service", func() {
By("Sending a request to protected service /foo")
fooResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+fooPath).
Set("Host", host).
End()
Expect(fooResp.StatusCode).Should(Equal(http.StatusUnauthorized))
ginkgo.By("Sending a request to protected service /foo")
f.HTTPTestClient().
GET(fooPath).
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized)
By("Sending a request to protected service /bar")
barResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+barPath).
Set("Host", host).
End()
Expect(barResp.StatusCode).Should(Equal(http.StatusUnauthorized))
ginkgo.By("Sending a request to protected service /bar")
f.HTTPTestClient().
GET(barPath).
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized)
})
It("should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service", func() {
ginkgo.It("should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service", func() {
By("Adding a no-auth-locations for /bar to configMap")
ginkgo.By("Adding a no-auth-locations for /bar to configMap")
f.UpdateNginxConfigMapData(noAuthSetting, noAuthLocations)
By("Sending a request to protected service /foo")
fooResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+fooPath).
Set("Host", host).
End()
Expect(fooResp.StatusCode).Should(Equal(http.StatusUnauthorized))
ginkgo.By("Sending a request to protected service /foo")
f.HTTPTestClient().
GET(fooPath).
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized)
By("Sending a request to whitelisted service /bar")
barResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+barPath).
Set("Host", host).
End()
Expect(barResp.StatusCode).Should(Equal(http.StatusOK))
ginkgo.By("Sending a request to whitelisted service /bar")
f.HTTPTestClient().
GET(barPath).
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
It("should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service", func() {
ginkgo.It("should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service", func() {
ginkgo.By("Adding an ingress rule for /bar with annotation enable-global-auth = false")
err := framework.UpdateIngress(f.KubeClientSet, f.Namespace, "bar-ingress", func(ingress *networking.Ingress) error {
ingress.ObjectMeta.Annotations[enableGlobalExternalAuthAnnotation] = "false"
return nil
})
assert.Nil(ginkgo.GinkgoT(), err)
By("Adding an ingress rule for /bar with annotation enable-global-auth = false")
annotations := map[string]string{
enableGlobalExternalAuthAnnotation: "false",
}
barIng := framework.NewSingleIngress("bar-ingress", barPath, host, f.Namespace, echoServiceName, 80, annotations)
f.EnsureIngress(barIng)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("location /bar"))
return strings.Contains(server, "location /bar")
})
By("Sending a request to protected service /foo")
fooResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+fooPath).
Set("Host", host).
End()
Expect(fooResp.StatusCode).Should(Equal(http.StatusUnauthorized))
ginkgo.By("Sending a request to protected service /foo")
f.HTTPTestClient().
GET(fooPath).
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized)
By("Sending a request to whitelisted service /bar")
barResp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)+barPath).
Set("Host", host).
End()
Expect(barResp.StatusCode).Should(Equal(http.StatusOK))
ginkgo.By("Sending a request to whitelisted service /bar")
f.HTTPTestClient().
GET(barPath).
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
It("should still return status code 200 after auth backend is deleted using cache ", func() {
ginkgo.It("should still return status code 200 after auth backend is deleted using cache ", func() {
globalExternalAuthCacheKeySetting := "global-auth-cache-key"
globalExternalAuthCacheKey := "foo"
@ -152,107 +154,101 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
globalExternalAuthCacheDuration := "200 201 401 30m"
globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/200", framework.HTTPBinService, f.Namespace)
By("Adding a global-auth-cache-key to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthCacheKeySetting, globalExternalAuthCacheKey)
f.UpdateNginxConfigMapData(globalExternalAuthCacheDurationSetting, globalExternalAuthCacheDuration)
f.UpdateNginxConfigMapData(globalExternalAuthURLSetting, globalExternalAuthURL)
ginkgo.By("Adding a global-auth-cache-key to configMap")
f.SetNginxConfigMapData(map[string]string{
globalExternalAuthCacheKeySetting: globalExternalAuthCacheKey,
globalExternalAuthCacheDurationSetting: globalExternalAuthCacheDuration,
globalExternalAuthURLSetting: globalExternalAuthURL,
})
cacheRegex := regexp.MustCompile(`\$cache_key.*foo`)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(MatchRegexp(`\$cache_key.*foo`)) &&
Expect(server).Should(ContainSubstring(`proxy_cache_valid 200 201 401 30m;`))
return cacheRegex.MatchString(server) &&
strings.Contains(server, `proxy_cache_valid 200 201 401 30m;`)
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)+barPath).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", host).
SetBasicAuth("user", "password").
End()
for _, err := range errs {
Expect(err).NotTo(HaveOccurred())
}
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET(barPath).
WithHeader("Host", host).
WithBasicAuth("user", "password").
Expect().
Status(http.StatusOK)
err := f.DeleteDeployment(framework.HTTPBinService)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
_, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", host).
SetBasicAuth("user", "password").
End()
for _, err := range errs {
Expect(err).NotTo(HaveOccurred())
}
f.HTTPTestClient().
GET(barPath).
WithHeader("Host", host).
WithBasicAuth("user", "password").
Expect().
Status(http.StatusOK)
})
It(`should proxy_method method when global-auth-method is configured`, func() {
ginkgo.It(`should proxy_method method when global-auth-method is configured`, func() {
globalExternalAuthMethodSetting := "global-auth-method"
globalExternalAuthMethod := "GET"
By("Adding a global-auth-method to configMap")
ginkgo.By("Adding a global-auth-method to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthMethodSetting, globalExternalAuthMethod)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("proxy_method"))
return strings.Contains(server, "proxy_method")
})
})
It(`should add custom error page when global-auth-signin url is configured`, func() {
ginkgo.It(`should add custom error page when global-auth-signin url is configured`, func() {
globalExternalAuthSigninSetting := "global-auth-signin"
globalExternalAuthSignin := "http://foo.com/global-error-page"
By("Adding a global-auth-signin to configMap")
ginkgo.By("Adding a global-auth-signin to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthSigninSetting, globalExternalAuthSignin)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("error_page 401 = "))
return strings.Contains(server, "error_page 401 = ")
})
})
It(`should add auth headers when global-auth-response-headers is configured`, func() {
ginkgo.It(`should add auth headers when global-auth-response-headers is configured`, func() {
globalExternalAuthResponseHeadersSetting := "global-auth-response-headers"
globalExternalAuthResponseHeaders := "Foo, Bar"
By("Adding a global-auth-response-headers to configMap")
ginkgo.By("Adding a global-auth-response-headers to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthResponseHeadersSetting, globalExternalAuthResponseHeaders)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("auth_request_set $authHeader0 $upstream_http_foo;")) &&
Expect(server).Should(ContainSubstring("auth_request_set $authHeader1 $upstream_http_bar;"))
return strings.Contains(server, "auth_request_set $authHeader0 $upstream_http_foo;") &&
strings.Contains(server, "auth_request_set $authHeader1 $upstream_http_bar;")
})
})
It(`should set request-redirect when global-auth-request-redirect is configured`, func() {
ginkgo.It(`should set request-redirect when global-auth-request-redirect is configured`, func() {
globalExternalAuthRequestRedirectSetting := "global-auth-request-redirect"
globalExternalAuthRequestRedirect := "Foo-Redirect"
By("Adding a global-auth-request-redirect to configMap")
ginkgo.By("Adding a global-auth-request-redirect to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthRequestRedirectSetting, globalExternalAuthRequestRedirect)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring(globalExternalAuthRequestRedirect))
return strings.Contains(server, globalExternalAuthRequestRedirect)
})
})
It(`should set snippet when global external auth is configured`, func() {
ginkgo.It(`should set snippet when global external auth is configured`, func() {
globalExternalAuthSnippetSetting := "global-auth-snippet"
globalExternalAuthSnippet := "proxy_set_header My-Custom-Header 42;"
By("Adding a global-auth-snippet to configMap")
ginkgo.By("Adding a global-auth-snippet to configMap")
f.UpdateNginxConfigMapData(globalExternalAuthSnippetSetting, globalExternalAuthSnippet)
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring(globalExternalAuthSnippet))
return strings.Contains(server, globalExternalAuthSnippet)
})
})

91
test/e2e/settings/ingress_class.go
View file

@ -20,9 +20,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -33,13 +32,13 @@ import (
var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
f := framework.NewDefaultFramework("ingress-class")
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
})
Context("Without a specific ingress-class", func() {
ginkgo.Context("Without a specific ingress-class", func() {
It("should ignore Ingress with class", func() {
ginkgo.It("should ignore Ingress with class", func() {
invalidHost := "foo"
annotations := map[string]string{
class.IngressKey: "testclass",
@ -56,24 +55,22 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
strings.Contains(cfg, "server_name bar")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", invalidHost).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", invalidHost).
Expect().
Status(http.StatusNotFound)
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", validHost).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", validHost).
Expect().
Status(http.StatusOK)
})
})
Context("With a specific ingress-class", func() {
BeforeEach(func() {
ginkgo.Context("With a specific ingress-class", func() {
ginkgo.BeforeEach(func() {
err := framework.UpdateDeployment(f.KubeClientSet, f.Namespace, "nginx-ingress-controller", 1,
func(deployment *appsv1.Deployment) error {
args := deployment.Spec.Template.Spec.Containers[0].Args
@ -83,10 +80,10 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
return err
})
Expect(err).NotTo(HaveOccurred(), "unexpected error updating ingress controller deployment flags")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
})
It("should ignore Ingress with no class", func() {
ginkgo.It("should ignore Ingress with no class", func() {
invalidHost := "bar"
ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
@ -107,22 +104,20 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
return !strings.Contains(cfg, "server_name bar")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", validHost).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", validHost).
Expect().
Status(http.StatusOK)
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", invalidHost).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", invalidHost).
Expect().
Status(http.StatusNotFound)
})
It("should delete Ingress when class is removed", func() {
ginkgo.It("should delete Ingress when class is removed", func() {
host := "foo"
annotations := map[string]string{
class.IngressKey: "testclass",
@ -134,30 +129,28 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
return strings.Contains(cfg, "server_name foo")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
ing, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Get(host, metav1.GetOptions{})
Expect(err).To(BeNil())
assert.Nil(ginkgo.GinkgoT(), err)
delete(ing.Annotations, class.IngressKey)
_, err = f.KubeClientSet.NetworkingV1beta1().Ingresses(ing.Namespace).Update(ing)
Expect(err).To(BeNil())
assert.Nil(ginkgo.GinkgoT(), err)
f.WaitForNginxConfiguration(func(cfg string) bool {
return !strings.Contains(cfg, "server_name foo")
})
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusNotFound)
})
})
})

82
test/e2e/settings/listen_nondefault_ports.go
View file

@ -21,10 +21,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/test/e2e/framework"
@ -36,7 +34,7 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
f := framework.NewDefaultFramework("forwarded-port-headers")
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.WaitForNginxServer("_",
@ -45,8 +43,8 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
})
})
Context("with a plain HTTP ingress", func() {
It("should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port", func() {
ginkgo.Context("with a plain HTTP ingress", func() {
ginkgo.It("should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port", func() {
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -56,20 +54,19 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
return strings.Contains(server, "server_name forwarded-headers")
})
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=%d", 1080)))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Body().
Contains(fmt.Sprintf("x-forwarded-port=%d", 1080))
})
})
Context("with a TLS enabled ingress", func() {
ginkgo.Context("with a TLS enabled ingress", func() {
It("should set X-Forwarded-Port header to 443", func() {
ginkgo.It("should set X-Forwarded-Port header to 443", func() {
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -78,7 +75,7 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
@ -87,29 +84,29 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
return strings.Contains(server, "server_name forwarded-headers")
})
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=443")))
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Body().
Contains(fmt.Sprintf("x-forwarded-port=443"))
})
Context("when external authentication is configured", func() {
ginkgo.Context("when external authentication is configured", func() {
It("should set the X-Forwarded-Port header to 443", func() {
ginkgo.It("should set the X-Forwarded-Port header to 443", func() {
f.NewHttpbinDeployment()
var httpbinIP string
err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(framework.HTTPBinService, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
httpbinIP = e.Subsets[0].Addresses[0].IP
@ -121,30 +118,29 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun
ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet,
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "server_name forwarded-headers")
})
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
SetBasicAuth("user", "password").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=443")))
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
WithBasicAuth("user", "password").
Expect().
Status(http.StatusOK).
Body().
Contains(fmt.Sprintf("x-forwarded-port=443"))
})
})
})
})

67
test/e2e/settings/log-format.go
View file

@ -17,45 +17,42 @@ limitations under the License.
package settings
import (
"fmt"
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
var _ = framework.DescribeSetting("Settings - log format", func() {
var _ = framework.DescribeSetting("log-format-*", func() {
f := framework.NewDefaultFramework("log-format")
host := "log-format"
BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
})
Context("Check log-format-escape-json", func() {
It("should disable the log-format-escape-json by default", func() {
ginkgo.Context("Check log-format-escape-json", func() {
ginkgo.It("should disable the log-format-escape-json by default", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
return !strings.Contains(cfg, "log_format upstreaminfo escape=json")
})
})
It("should enable the log-format-escape-json", func() {
ginkgo.It("should enable the log-format-escape-json", func() {
f.UpdateNginxConfigMapData("log-format-escape-json", "true")
f.WaitForNginxConfiguration(
func(cfg string) bool {
return strings.Contains(cfg, "log_format upstreaminfo escape=json")
})
})
It("should disable the log-format-escape-json", func() {
ginkgo.It("should disable the log-format-escape-json", func() {
f.UpdateNginxConfigMapData("log-format-escape-json", "false")
f.WaitForNginxConfiguration(
func(cfg string) bool {
@ -63,9 +60,10 @@ var _ = framework.DescribeSetting("Settings - log format", func() {
})
})
})
Context("Check log-format-upstream with log-format-escape-json", func() {
It("check log format with log-format-escape-json enabled", func() {
ginkgo.Context("Check log-format-upstream with log-format-escape-json", func() {
ginkgo.It("log-format-escape-json enabled", func() {
f.SetNginxConfigMapData(map[string]string{
"log-format-escape-json": "true",
"log-format-upstream": "\"{\"my_header1\":\"$http_header1\", \"my_header2\":\"$http_header2\"}\"",
@ -73,24 +71,22 @@ var _ = framework.DescribeSetting("Settings - log format", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
fmt.Sprintln(cfg)
return strings.Contains(cfg, "log_format upstreaminfo escape=json")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
AppendHeader("header1", "Here is \"header1\" with json escape").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("header1", `Here is "header1" with json escape`).
Expect().
Status(http.StatusOK)
logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).To(ContainSubstring(`{"my_header1":"Here is \"header1\" with json escape", "my_header2":""}`))
assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs")
assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header1":"Here is \"header1\" with json escape", "my_header2":""}`)
})
It("check log format with log-format-escape-json disabled", func() {
ginkgo.It("log-format-escape-json disabled", func() {
f.SetNginxConfigMapData(map[string]string{
"log-format-escape-json": "false",
"log-format-upstream": "\"{\"my_header3\":\"$http_header3\", \"my_header4\":\"$http_header4\"}\"",
@ -98,22 +94,19 @@ var _ = framework.DescribeSetting("Settings - log format", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
fmt.Sprintln(cfg)
return !strings.Contains(cfg, "log_format upstreaminfo escape=json")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
AppendHeader("header3", "Here is \"header3\" with json escape").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("header3", `Here is "header3" with json escape`).
Expect().
Status(http.StatusOK)
logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).To(ContainSubstring(`{"my_header3":"Here is \x22header3\x22 with json escape", "my_header4":"-"}`))
assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs")
assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header3":"Here is \x22header3\x22 with json escape", "my_header4":"-"}`)
})
})
})

24
test/e2e/settings/lua_shared_dicts.go
View file

@ -17,34 +17,22 @@ limitations under the License.
package settings
import (
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"strings"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
var _ = framework.DescribeSetting("[Lua] lua-shared-dicts", func() {
f := framework.NewDefaultFramework("lua-shared-dicts")
host := "lua-shared-dicts"
BeforeEach(func() {
f.NewEchoDeployment()
})
It("configures lua shared dicts", func() {
ingress := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ingress)
ginkgo.It("configures lua shared dicts", func() {
f.UpdateNginxConfigMapData("lua-shared-dicts", "configuration_data:60,certificate_data:300, my_dict: 15 , invalid: 1a")
ngxCfg := ""
f.WaitForNginxConfiguration(func(cfg string) bool {
ngxCfg = cfg
return true
return strings.Contains(cfg, "lua_shared_dict configuration_data 60M;") &&
strings.Contains(cfg, "lua_shared_dict certificate_data 20M;") &&
strings.Contains(cfg, "lua_shared_dict my_dict 15M;")
})
Expect(ngxCfg).Should(ContainSubstring("lua_shared_dict configuration_data 60M;"))
Expect(ngxCfg).Should(ContainSubstring("lua_shared_dict certificate_data 20M;"))
Expect(ngxCfg).Should(ContainSubstring("lua_shared_dict my_dict 15M;"))
})
})

4
test/e2e/settings/main_snippet.go
View file

@ -19,7 +19,7 @@ package settings
import (
"strings"
. "github.com/onsi/ginkgo"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -28,7 +28,7 @@ var _ = framework.DescribeSetting("main-snippet", func() {
f := framework.NewDefaultFramework("main-snippet")
mainSnippet := "main-snippet"
It("should add value of main-snippet setting to nginx config", func() {
ginkgo.It("should add value of main-snippet setting to nginx config", func() {
expectedComment := "# main snippet"
f.UpdateNginxConfigMapData(mainSnippet, expectedComment)

11
test/e2e/settings/modsecurity_snippet.go
View file

@ -19,7 +19,7 @@ package settings
import (
"strings"
. "github.com/onsi/ginkgo"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -27,12 +27,13 @@ import (
var _ = framework.DescribeSetting("[Security] modsecurity-snippet", func() {
f := framework.NewDefaultFramework("modsecurity-snippet")
It("should add value of modsecurity-snippet setting to nginx config", func() {
modsecSnippet := "modsecurity-snippet"
ginkgo.It("should add value of modsecurity-snippet setting to nginx config", func() {
expectedComment := "# modsecurity snippet"
f.UpdateNginxConfigMapData("enable-modsecurity", "true")
f.UpdateNginxConfigMapData(modsecSnippet, expectedComment)
f.SetNginxConfigMapData(map[string]string{
"enable-modsecurity": "true",
"modsecurity-snippet": expectedComment,
})
f.WaitForNginxConfiguration(
func(cfg string) bool {

8
test/e2e/settings/multi_accept.go
View file

@ -19,7 +19,7 @@ package settings
import (
"strings"
. "github.com/onsi/ginkgo"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -28,7 +28,7 @@ var _ = framework.DescribeSetting("enable-multi-accept", func() {
multiAccept := "enable-multi-accept"
f := framework.NewDefaultFramework(multiAccept)
It("should be enabled by default", func() {
ginkgo.It("should be enabled by default", func() {
expectedDirective := "multi_accept on;"
f.WaitForNginxConfiguration(
func(cfg string) bool {
@ -36,7 +36,7 @@ var _ = framework.DescribeSetting("enable-multi-accept", func() {
})
})
It("should be enabled when set to true", func() {
ginkgo.It("should be enabled when set to true", func() {
expectedDirective := "multi_accept on;"
f.UpdateNginxConfigMapData(multiAccept, "true")
@ -46,7 +46,7 @@ var _ = framework.DescribeSetting("enable-multi-accept", func() {
})
})
It("should be disabled when set to false", func() {
ginkgo.It("should be disabled when set to false", func() {
expectedDirective := "multi_accept off;"
f.UpdateNginxConfigMapData(multiAccept, "false")

64
test/e2e/settings/no_auth_locations.go
View file

@ -20,11 +20,10 @@ import (
"fmt"
"net/http"
"os/exec"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -42,7 +41,7 @@ var _ = framework.DescribeSetting("[Security] no-auth-locations", func() {
host := "no-auth-locations"
noAuthPath := "/noauth"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
s := f.EnsureSecret(buildSecret(username, password, secretName, f.Namespace))
@ -53,51 +52,46 @@ var _ = framework.DescribeSetting("[Security] no-auth-locations", func() {
f.EnsureIngress(bi)
})
It("should return status code 401 when accessing '/' unauthentication", func() {
ginkgo.It("should return status code 401 when accessing '/' unauthentication", func() {
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("test auth"))
return strings.Contains(server, "test auth")
})
resp, body, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusUnauthorized))
Expect(body).Should(ContainSubstring("401 Authorization Required"))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized).
Body().Contains("401 Authorization Required")
})
It("should return status code 200 when accessing '/' authentication", func() {
ginkgo.It("should return status code 200 when accessing '/' authentication", func() {
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("test auth"))
return strings.Contains(server, "test auth")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", host).
SetBasicAuth(username, password).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth(username, password).
Expect().
Status(http.StatusOK)
})
It("should return status code 200 when accessing '/noauth' unauthenticated", func() {
ginkgo.It("should return status code 200 when accessing '/noauth' unauthenticated", func() {
f.WaitForNginxServer(host,
func(server string) bool {
return Expect(server).Should(ContainSubstring("test auth"))
return strings.Contains(server, "test auth")
})
resp, _, errs := gorequest.New().
Get(fmt.Sprintf("%s/noauth", f.GetURL(framework.HTTP))).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
f.HTTPTestClient().
GET("/noauth").
WithHeader("Host", host).
WithBasicAuth(username, password).
Expect().
Status(http.StatusOK)
})
})
@ -143,7 +137,7 @@ func buildBasicAuthIngressWithSecondPath(host, namespace, secretName, pathName s
func buildSecret(username, password, name, namespace string) *corev1.Secret {
out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
Expect(err).NotTo(HaveOccurred(), "creating password")
assert.Nil(ginkgo.GinkgoT(), err, "creating password")
encpass := fmt.Sprintf("%v:%s\n", username, out)

30
test/e2e/settings/pod_security_policy.go
View file

@ -20,10 +20,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
policyv1beta1 "k8s.io/api/policy/v1beta1"
@ -41,16 +39,16 @@ const (
var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func() {
f := framework.NewDefaultFramework("pod-security-policies")
BeforeEach(func() {
ginkgo.BeforeEach(func() {
psp := createPodSecurityPolicy()
_, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(psp)
if !k8sErrors.IsAlreadyExists(err) {
Expect(err).NotTo(HaveOccurred(), "creating Pod Security Policy")
assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy")
}
role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get("nginx-ingress-controller", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred(), "getting ingress controller cluster role")
Expect(role).NotTo(BeNil())
assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role")
assert.NotNil(ginkgo.GinkgoT(), role)
role.Rules = append(role.Rules, rbacv1.PolicyRule{
APIGroups: []string{"policy"},
@ -60,7 +58,7 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func(
})
_, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(role)
Expect(err).NotTo(HaveOccurred(), "updating ingress controller cluster role to use a pod security policy")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy")
// update the deployment just to trigger a rolling update and the use of the security policy
err = framework.UpdateDeployment(f.KubeClientSet, f.Namespace, "nginx-ingress-controller", 1,
@ -72,22 +70,22 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func(
return err
})
Expect(err).NotTo(HaveOccurred(), "unexpected error updating ingress controller deployment flags")
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error updating ingress controller deployment flags")
f.NewEchoDeployment()
})
It("should be running with a Pod Security Policy", func() {
ginkgo.It("should be running with a Pod Security Policy", func() {
f.WaitForNginxConfiguration(
func(cfg string) bool {
return strings.Contains(cfg, "server_tokens on")
})
resp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", "foo.bar.com").
End()
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", "foo.bar.com").
Expect().
Status(http.StatusNotFound)
})
})

28
test/e2e/settings/pod_security_policy_volumes.go
View file

@ -20,10 +20,8 @@ import (
"net/http"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
@ -37,16 +35,16 @@ import (
var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with volumes", func() {
f := framework.NewDefaultFramework("pod-security-policies-volumes")
It("should be running with a Pod Security Policy", func() {
ginkgo.It("should be running with a Pod Security Policy", func() {
psp := createPodSecurityPolicy()
_, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(psp)
if !k8sErrors.IsAlreadyExists(err) {
Expect(err).NotTo(HaveOccurred(), "creating Pod Security Policy")
assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy")
}
role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get("nginx-ingress-controller", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred(), "getting ingress controller cluster role")
Expect(role).NotTo(BeNil())
assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role")
assert.NotNil(ginkgo.GinkgoT(), role)
role.Rules = append(role.Rules, rbacv1.PolicyRule{
APIGroups: []string{"policy"},
@ -56,7 +54,7 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo
})
_, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(role)
Expect(err).NotTo(HaveOccurred(), "updating ingress controller cluster role to use a pod security policy")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy")
err = framework.UpdateDeployment(f.KubeClientSet, f.Namespace, "nginx-ingress-controller", 1,
func(deployment *appsv1.Deployment) error {
@ -95,7 +93,7 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo
return err
})
Expect(err).NotTo(HaveOccurred(), "unexpected error updating ingress controller deployment")
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment")
f.NewEchoDeployment()
@ -104,10 +102,10 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo
return strings.Contains(cfg, "server_tokens on")
})
resp, _, _ := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Set("Host", "foo.bar.com").
End()
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
f.HTTPTestClient().
GET("/").
WithHeader("Host", "foo.bar.com").
Expect().
Status(http.StatusNotFound)
})
})

44
test/e2e/settings/proxy_host.go
View file

@ -20,12 +20,8 @@ import (
"fmt"
"net/http"
"strings"
"time"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -33,11 +29,11 @@ var _ = framework.IngressNginxDescribe("Dynamic $proxy_host", func() {
test := "proxy-host"
f := framework.NewDefaultFramework(test)
BeforeEach(func() {
f.NewEchoDeploymentWithReplicas(1)
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
})
It("should exist a proxy_host", func() {
ginkgo.It("should exist a proxy_host", func() {
upstreamName := fmt.Sprintf("%v-%v-80", f.Namespace, framework.EchoService)
annotations := map[string]string{
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_headers "Custom-Header: $proxy_host"`,
@ -50,18 +46,15 @@ var _ = framework.IngressNginxDescribe("Dynamic $proxy_host", func() {
strings.Contains(server, "set $proxy_host $proxy_upstream_name")
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", test).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get("Custom-Header")).Should(Equal(upstreamName))
f.HTTPTestClient().
GET("/").
WithHeader("Host", test).
Expect().
Status(http.StatusOK).
Header("Custom-Header").Equal(upstreamName)
})
It("should exist a proxy_host using the upstream-vhost annotation value", func() {
ginkgo.It("should exist a proxy_host using the upstream-vhost annotation value", func() {
upstreamName := fmt.Sprintf("%v-%v-80", f.Namespace, framework.EchoService)
upstreamVHost := "different.host"
annotations := map[string]string{
@ -76,14 +69,11 @@ var _ = framework.IngressNginxDescribe("Dynamic $proxy_host", func() {
strings.Contains(server, fmt.Sprintf("set $proxy_host $proxy_upstream_name"))
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", test).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get("Custom-Header")).Should(Equal(upstreamName))
f.HTTPTestClient().
GET("/").
WithHeader("Host", test).
Expect().
Status(http.StatusOK).
Header("Custom-Header").Equal(upstreamName)
})
})

36
test/e2e/settings/proxy_protocol.go
View file

@ -22,8 +22,8 @@ import (
"net"
"strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
@ -33,12 +33,12 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
setting := "use-proxy-protocol"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.UpdateNginxConfigMapData(setting, "false")
})
It("should respect port passed by the PROXY Protocol", func() {
ginkgo.It("should respect port passed by the PROXY Protocol", func() {
host := "proxy-protocol"
f.UpdateNginxConfigMapData(setting, "true")
@ -54,7 +54,7 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
ip := f.GetNginxIP()
conn, err := net.Dial("tcp", net.JoinHostPort(ip, "80"))
Expect(err).NotTo(HaveOccurred(), "unexpected error creating connection to %s:80", ip)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error creating connection to %s:80", ip)
defer conn.Close()
header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 1234\r\n"
@ -62,15 +62,16 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
data, err := ioutil.ReadAll(conn)
Expect(err).NotTo(HaveOccurred(), "unexpected error reading connection data")
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
body := string(data)
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", "proxy-protocol")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=1234")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-proto=http")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-for=192.168.0.1")))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=http"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=192.168.0.1"))
})
It("should respect proto passed by the PROXY Protocol server port", func() {
ginkgo.It("should respect proto passed by the PROXY Protocol server port", func() {
host := "proxy-protocol"
f.UpdateNginxConfigMapData(setting, "true")
@ -86,7 +87,7 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
ip := f.GetNginxIP()
conn, err := net.Dial("tcp", net.JoinHostPort(ip, "80"))
Expect(err).NotTo(HaveOccurred(), "unexpected error creating connection to %s:80", ip)
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error creating connection to %s:80", ip)
defer conn.Close()
header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n"
@ -94,11 +95,12 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
data, err := ioutil.ReadAll(conn)
Expect(err).NotTo(HaveOccurred(), "unexpected error reading connection data")
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
body := string(data)
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", "proxy-protocol")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-port=443")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-proto=https")))
Expect(body).Should(ContainSubstring(fmt.Sprintf("x-forwarded-for=192.168.0.1")))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=443"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=https"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=192.168.0.1"))
})
})

8
test/e2e/settings/server_tokens.go
View file

@ -19,7 +19,7 @@ package settings
import (
"strings"
. "github.com/onsi/ginkgo"
"github.com/onsi/ginkgo"
networking "k8s.io/api/networking/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -31,11 +31,11 @@ var _ = framework.DescribeSetting("server-tokens", func() {
f := framework.NewDefaultFramework("server-tokens")
serverTokens := "server-tokens"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
})
It("should not exists Server header in the response", func() {
ginkgo.It("should not exists Server header in the response", func() {
f.UpdateNginxConfigMapData(serverTokens, "false")
f.EnsureIngress(framework.NewSingleIngress(serverTokens, "/", serverTokens, f.Namespace, framework.EchoService, 80, nil))
@ -47,7 +47,7 @@ var _ = framework.DescribeSetting("server-tokens", func() {
})
})
It("should exists Server header in the response when is enabled", func() {
ginkgo.It("should exists Server header in the response when is enabled", func() {
f.UpdateNginxConfigMapData(serverTokens, "true")
f.EnsureIngress(&networking.Ingress{

164
test/e2e/settings/tls.go
View file

@ -21,29 +21,23 @@ import (
"fmt"
"net/http"
"strings"
"time"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
"k8s.io/ingress-nginx/test/e2e/framework"
)
func noRedirectPolicyFunc(gorequest.Request, []gorequest.Request) error {
return http.ErrUseLastResponse
}
var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
f := framework.NewDefaultFramework("settings-tls")
host := "settings-tls"
BeforeEach(func() {
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
f.UpdateNginxConfigMapData("use-forwarded-headers", "false")
})
It("should configure TLS protocol", func() {
ginkgo.It("should configure TLS protocol", func() {
sslCiphers := "ssl-ciphers"
sslProtocols := "ssl-protocols"
@ -56,11 +50,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
By("setting cipher suite")
ginkgo.By("setting cipher suite")
f.UpdateNginxConfigMapData(sslCiphers, testCiphers)
f.WaitForNginxConfiguration(
@ -68,18 +62,18 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
return strings.Contains(cfg, fmt.Sprintf("ssl_ciphers '%s';", testCiphers))
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
resp := f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Raw()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.TLS.Version).Should(BeNumerically("==", tls.VersionTLS12))
Expect(resp.TLS.CipherSuite).Should(BeNumerically("==", tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
assert.Equal(ginkgo.GinkgoT(), int(resp.TLS.Version), tls.VersionTLS12)
assert.Equal(ginkgo.GinkgoT(), resp.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
By("enforcing TLS v1.0")
ginkgo.By("enforcing TLS v1.0")
f.UpdateNginxConfigMapData(sslProtocols, "TLSv1")
f.WaitForNginxConfiguration(
@ -87,19 +81,19 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
return strings.Contains(cfg, "ssl_protocols TLSv1;")
})
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
resp = f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Raw()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.TLS.Version).Should(BeNumerically("==", tls.VersionTLS10))
Expect(resp.TLS.CipherSuite).Should(BeNumerically("==", tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA))
assert.Equal(ginkgo.GinkgoT(), int(resp.TLS.Version), tls.VersionTLS10)
assert.Equal(ginkgo.GinkgoT(), resp.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
})
It("should configure HSTS policy header", func() {
ginkgo.It("should configure HSTS policy header", func() {
hstsMaxAge := "hsts-max-age"
hstsIncludeSubdomains := "hsts-include-subdomains"
hstsPreload := "hsts-preload"
@ -109,85 +103,75 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
By("setting max-age parameter")
ginkgo.By("setting max-age parameter")
f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Header("Strict-Transport-Security").Equal("max-age=86400; includeSubDomains")
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get("Strict-Transport-Security")).Should(Equal("max-age=86400; includeSubDomains"))
By("setting includeSubDomains parameter")
ginkgo.By("setting includeSubDomains parameter")
f.UpdateNginxConfigMapData(hstsIncludeSubdomains, "false")
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Header("Strict-Transport-Security").Equal("max-age=86400")
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get("Strict-Transport-Security")).Should(Equal("max-age=86400"))
By("setting preload parameter")
ginkgo.By("setting preload parameter")
f.UpdateNginxConfigMapData(hstsPreload, "true")
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTPS)).
TLSClientConfig(tlsConfig).
Set("Host", host).
End()
f.HTTPTestClientWithTLSConfig(tlsConfig).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK).
Header("Strict-Transport-Security").Equal("max-age=86400; preload")
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
Expect(resp.Header.Get("Strict-Transport-Security")).Should(Equal("max-age=86400; preload"))
By("overriding what's set from the upstream")
ginkgo.By("overriding what's set from the upstream")
// we can not use gorequest here because it flattens the duplicate headers
// and specifically in case of Strict-Transport-Security it ignore extra headers
// intead of concatenating, rightfully. And I don't know of any API it provides for getting raw headers.
curlCmd := fmt.Sprintf("curl -I -k --fail --silent --resolve settings-tls:443:127.0.0.1 https://settings-tls/%v", "?hsts=true")
output, err := f.ExecIngressPod(curlCmd)
Expect(err).ToNot(HaveOccurred())
Expect(output).Should(ContainSubstring("strict-transport-security: max-age=86400; preload"))
assert.Nil(ginkgo.GinkgoT(), err)
assert.Contains(ginkgo.GinkgoT(), output, "strict-transport-security: max-age=86400; preload")
// this is what the upstream sets
Expect(output).ShouldNot(ContainSubstring("strict-transport-security: max-age=3600; preload"))
assert.NotContains(ginkgo.GinkgoT(), output, "strict-transport-security: max-age=3600; preload")
})
It("should not use ports during the HTTP to HTTPS redirection", func() {
ginkgo.It("should not use ports during the HTTP to HTTPS redirection", func() {
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, nil))
tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet,
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
RedirectPolicy(noRedirectPolicyFunc).
Set("Host", host).
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusPermanentRedirect))
Expect(resp.Header.Get("Location")).Should(Equal(fmt.Sprintf("https://%v/", host)))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusPermanentRedirect).
Header("Location").Equal(fmt.Sprintf("https://%v/", host))
})
It("should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection", func() {
ginkgo.It("should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection", func() {
f.UpdateNginxConfigMapData("use-forwarded-headers", "true")
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, nil))
@ -195,20 +179,16 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
ing.Spec.TLS[0].Hosts,
ing.Spec.TLS[0].SecretName,
ing.Namespace)
Expect(err).NotTo(HaveOccurred())
assert.Nil(ginkgo.GinkgoT(), err)
framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig)
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
RedirectPolicy(noRedirectPolicyFunc).
Set("Host", host).
Set("X-Forwarded-Host", "example.com:80").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusPermanentRedirect))
Expect(resp.Header.Get("Location")).Should(Equal("https://example.com/"))
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("X-Forwarded-Host", "example.com:80").
Expect().
Status(http.StatusPermanentRedirect).
Header("Location").Equal("https://example.com/")
})
})