Skip to content

Commit

Permalink
Fix client tls tests (#9857)
Browse files Browse the repository at this point in the history 
* fix tests

* clean up invalid upstream

* replaces longform namespaces

* Adding changelog file to new location

* Deleting changelog file from old location

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: changelog-bot <changelog-bot>
  • Loading branch information
@jbohanon @soloio-bulldozer
jbohanon and soloio-bulldozer[bot] authored Aug 5, 2024
1 parent 77b72e6 commit d63426b
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 8 deletions.
4 changes: 4 additions & 0 deletions changelog/v1.18.0-beta14/fix-clienttls.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
changelog:
- type: NON_USER_FACING
description: >-
Ensure resources are deleted before moving on to next test in client tls feature suites.
28 changes: 20 additions & 8 deletions test/kubernetes/e2e/features/client_tls/suite.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,90 +51,102 @@ func (s *clientTlsTestingSuite) TearDownSuite() {
}

func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneWayTls() {
ns := s.testInstallation.Metadata.InstallNamespace
s.T().Cleanup(func() {
// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
s.NoError(err, "can delete vs targeting upstream manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns))
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxUpstreamManifestFile)
s.NoError(err, "can delete nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can delete tls secret manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
})

// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can apply tls secret manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxUpstreamManifestFile)
s.NoError(err, "can apply nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
s.NoError(err, "can apply vs targeting upstream manifest file")

s.assertEventualResponse(expectedCertVerifyFailedResponse)
}

func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() {
ns := s.testInstallation.Metadata.InstallNamespace
s.T().Cleanup(func() {
// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
s.NoError(err, "can delete vs targeting upstream manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns))
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxOneWayUpstreamManifestFile)
s.NoError(err, "can delete nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can delete tls secret manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
})

// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can apply tls secret manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxOneWayUpstreamManifestFile)
s.NoError(err, "can apply nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
s.NoError(err, "can apply vs targeting upstream manifest file")

s.assertEventualResponse(expectedHealthyResponse)
}

func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWithoutOneWayTls() {
ns := s.testInstallation.Metadata.InstallNamespace
s.T().Cleanup(func() {
// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
s.NoError(err, "can delete vs targeting upstream manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns))
// this is deleted in test cleanup
// err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxSvcManifestFile)
// s.NoError(err, "can delete nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can delete tls secret manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
})

// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can apply tls secret manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxSvcManifestFile)
s.NoError(err, "can apply nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
s.NoError(err, "can apply vs targeting upstream manifest file")

s.assertEventualResponse(expectedCertVerifyFailedResponse)
}

func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedService() {
ns := s.testInstallation.Metadata.InstallNamespace
s.T().Cleanup(func() {
// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
s.NoError(err, "can delete vs targeting upstream manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns))
// this is deleted in test cleanup
// err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxOneWaySvcManifestFile)
// s.NoError(err, "can delete nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can delete tls secret manifest file")
s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
})

// ordering here matters if strict validation enabled
err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, tlsSecretManifestFile)
s.NoError(err, "can apply tls secret manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxOneWaySvcManifestFile)
s.NoError(err, "can apply nginx upstream manifest file")
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
s.NoError(err, "can apply vs targeting upstream manifest file")

s.assertEventualResponse(expectedHealthyResponse)
Expand Down
24 changes: 24 additions & 0 deletions test/kubernetes/e2e/features/client_tls/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"path/filepath"

"github.com/onsi/gomega"
kubev1 "github.com/solo-io/gloo/projects/gateway/pkg/api/v1/kube/apis/gateway.solo.io/v1"
"github.com/solo-io/gloo/test/gomega/matchers"
"github.com/solo-io/skv2/codegen/util"
appsv1 "k8s.io/api/apps/v1"
Expand Down Expand Up @@ -35,6 +36,29 @@ var (
return &corev1.Service{ObjectMeta: glooProxyObjectMeta(ns)}
}

vsTargetingKube = func(ns string) *kubev1.VirtualService {
return &kubev1.VirtualService{
ObjectMeta: metav1.ObjectMeta{
Name: "vs-targeting-kube",
Namespace: ns,
},
}
}
vsTargetingUpstream = func(ns string) *kubev1.VirtualService {
return &kubev1.VirtualService{
ObjectMeta: metav1.ObjectMeta{
Name: "vs-targeting-upstream",
Namespace: ns,
},
}
}
tlsSecret = &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "my-tls",
Namespace: "nginx",
},
}

expectedHealthyResponse = &matchers.HttpResponse{
StatusCode: http.StatusOK,
Body: gomega.ContainSubstring("Welcome to nginx!"),
Expand Down
3 changes: 3 additions & 0 deletions test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,9 @@ func (s *testingSuite) TestInvalidUpstreamMissingPort() {
err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.ExampleUpstream, "-n", s.testInstallation.Metadata.InstallNamespace)
s.Assert().NoError(err, "can delete "+validation.ExampleUpstream)

err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.InvalidUpstreamNoPort, "-n", s.testInstallation.Metadata.InstallNamespace)
s.Assert().NoError(err, "can delete "+validation.InvalidUpstreamNoPort)

err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, testdefaults.NginxPodManifest)
s.Assert().NoError(err, "can delete "+testdefaults.NginxPodManifest)
})
Expand Down

0 comments on commit d63426b

Please sign in to comment.