Add support for grpc_set_header
This commit is contained in:
Manuel de Brito Fontes
parent
7ef8a0a775
commit
ff3e182350
13 changed files with 248 additions and 46 deletions
|
|
@ -45,7 +45,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
It("should return status code 200 when no authentication is configured", func() {
|
||||
host := "auth"
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
It("should return status code 503 when authentication is configured with an invalid secret", func() {
|
||||
host := "auth"
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -106,7 +106,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -143,7 +143,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -181,7 +181,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -230,7 +230,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
|
|||
63
test/e2e/annotations/grpc.go
Normal file
63
test/e2e/annotations/grpc.go
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package annotations
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
var _ = framework.IngressNginxDescribe("Annotations - grpc", func() {
|
||||
f := framework.NewDefaultFramework("grpc")
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewGRPCFortuneTellerDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
|
||||
Context("when grpc is enabled", func() {
|
||||
It("should use grpc_pass in the configuration file", func() {
|
||||
host := "grpc"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/grpc-backend": "true",
|
||||
}
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "fortune-teller", 50051, &annotations))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring(fmt.Sprintf("server_name %v", host))) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("return 503"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("grpc_pass")) &&
|
||||
Expect(server).Should(ContainSubstring("grpc_set_header")) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("proxy_pass"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
@ -39,7 +39,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
Context("when lua-resty-waf is enabled", func() {
|
||||
It("should return 403 for a malicious request that matches a default WAF rule and 200 for other requests", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -52,7 +52,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should not apply ignored rulesets", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf": "active",
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf-ignore-rulesets": "41000_sqli, 42000_xss"})
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should apply configured extra rules", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf": "active",
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules": `[=[
|
||||
{ "access": [
|
||||
|
|
@ -106,7 +106,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
Context("when lua-resty-waf is not enabled", func() {
|
||||
It("should return 200 even for a malicious request", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -119,7 +119,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should run in simulate mode", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "simulate"})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "simulate"})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -138,14 +138,14 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
})
|
||||
|
||||
func createIngress(f *framework.Framework, host string, annotations map[string]string) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, &annotations))
|
||||
func createIngress(f *framework.Framework, host, service string, port int, annotations map[string]string) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, service, port, &annotations))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("server_name foo")) &&
|
||||
return Expect(server).Should(ContainSubstring(fmt.Sprintf("server_name %v", host))) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("return 503"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue