From 880ebd9b99b56b3c00496daac7c056a924d78a02 Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Fri, 2 Aug 2024 15:48:41 -0400 Subject: [PATCH 1/5] fix tests --- changelog/v1.18.0-beta13/fix-clienttls.yaml | 4 ++++ .../e2e/features/client_tls/suite.go | 18 +++++++++++--- .../e2e/features/client_tls/types.go | 24 +++++++++++++++++++ 3 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 changelog/v1.18.0-beta13/fix-clienttls.yaml diff --git a/changelog/v1.18.0-beta13/fix-clienttls.yaml b/changelog/v1.18.0-beta13/fix-clienttls.yaml new file mode 100644 index 00000000000..52badf91045 --- /dev/null +++ b/changelog/v1.18.0-beta13/fix-clienttls.yaml @@ -0,0 +1,4 @@ +changelog: + - type: NON_USER_FACING + description: >- + Ensure resources are deleted before moving on to next test in client tls feature suites. diff --git a/test/kubernetes/e2e/features/client_tls/suite.go b/test/kubernetes/e2e/features/client_tls/suite.go index 04ccf3257a3..408ceafbac5 100644 --- a/test/kubernetes/e2e/features/client_tls/suite.go +++ b/test/kubernetes/e2e/features/client_tls/suite.go @@ -51,14 +51,17 @@ func (s *clientTlsTestingSuite) TearDownSuite() { } func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneWayTls() { + ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) s.NoError(err, "can delete vs targeting upstream manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns)) err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxUpstreamManifestFile) s.NoError(err, "can delete nginx upstream manifest file") err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile) s.NoError(err, "can delete tls secret manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret) }) // ordering here matters if strict validation enabled @@ -73,14 +76,17 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneW } func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() { + ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) s.NoError(err, "can delete vs targeting upstream manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns)) err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxOneWayUpstreamManifestFile) s.NoError(err, "can delete nginx upstream manifest file") err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile) s.NoError(err, "can delete tls secret manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret) }) // ordering here matters if strict validation enabled @@ -95,15 +101,18 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() { } func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWithoutOneWayTls() { + ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) s.NoError(err, "can delete vs targeting upstream manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns)) // this is deleted in test cleanup // err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxSvcManifestFile) // s.NoError(err, "can delete nginx upstream manifest file") err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile) s.NoError(err, "can delete tls secret manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret) }) // ordering here matters if strict validation enabled @@ -111,22 +120,25 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWit s.NoError(err, "can apply tls secret manifest file") err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxSvcManifestFile) s.NoError(err, "can apply nginx upstream manifest file") - err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns) s.NoError(err, "can apply vs targeting upstream manifest file") s.assertEventualResponse(expectedCertVerifyFailedResponse) } func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedService() { + ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled - err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns) s.NoError(err, "can delete vs targeting upstream manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns)) // this is deleted in test cleanup // err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxOneWaySvcManifestFile) // s.NoError(err, "can delete nginx upstream manifest file") err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile) s.NoError(err, "can delete tls secret manifest file") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret) }) // ordering here matters if strict validation enabled @@ -134,7 +146,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedService() { s.NoError(err, "can apply tls secret manifest file") err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxOneWaySvcManifestFile) s.NoError(err, "can apply nginx upstream manifest file") - err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns) s.NoError(err, "can apply vs targeting upstream manifest file") s.assertEventualResponse(expectedHealthyResponse) diff --git a/test/kubernetes/e2e/features/client_tls/types.go b/test/kubernetes/e2e/features/client_tls/types.go index 9be9a3eae91..c36552ab41e 100644 --- a/test/kubernetes/e2e/features/client_tls/types.go +++ b/test/kubernetes/e2e/features/client_tls/types.go @@ -5,6 +5,7 @@ import ( "path/filepath" "github.com/onsi/gomega" + kubev1 "github.com/solo-io/gloo/projects/gateway/pkg/api/v1/kube/apis/gateway.solo.io/v1" "github.com/solo-io/gloo/test/gomega/matchers" "github.com/solo-io/skv2/codegen/util" appsv1 "k8s.io/api/apps/v1" @@ -35,6 +36,29 @@ var ( return &corev1.Service{ObjectMeta: glooProxyObjectMeta(ns)} } + vsTargetingKube = func(ns string) *kubev1.VirtualService { + return &kubev1.VirtualService{ + ObjectMeta: metav1.ObjectMeta{ + Name: "vs-targeting-kube", + Namespace: ns, + }, + } + } + vsTargetingUpstream = func(ns string) *kubev1.VirtualService { + return &kubev1.VirtualService{ + ObjectMeta: metav1.ObjectMeta{ + Name: "vs-targeting-upstream", + Namespace: ns, + }, + } + } + tlsSecret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-tls", + Namespace: "nginx", + }, + } + expectedHealthyResponse = &matchers.HttpResponse{ StatusCode: http.StatusOK, Body: gomega.ContainSubstring("Welcome to nginx!"), From 0f4e955f7a30f4b33ab196b90b341fd48b880720 Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Fri, 2 Aug 2024 17:04:57 -0400 Subject: [PATCH 2/5] clean up invalid upstream --- .../e2e/features/validation/validation_allow_warnings/suite.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go b/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go index db101672803..65faed99b4e 100644 --- a/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go +++ b/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go @@ -98,6 +98,9 @@ func (s *testingSuite) TestInvalidUpstreamMissingPort() { err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.ExampleUpstream, "-n", s.testInstallation.Metadata.InstallNamespace) s.Assert().NoError(err, "can delete "+validation.ExampleUpstream) + err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.InvalidUpstreamNoPort, "-n", s.testInstallation.Metadata.InstallNamespace) + s.Assert().NoError(err, "can delete "+validation.InvalidUpstreamNoPort) + err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, testdefaults.NginxPodManifest) s.Assert().NoError(err, "can delete "+testdefaults.NginxPodManifest) }) From 4fbd57ddd3fd2e8c40423f18129076219e50245c Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Fri, 2 Aug 2024 17:06:03 -0400 Subject: [PATCH 3/5] replaces longform namespaces --- test/kubernetes/e2e/features/client_tls/suite.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/kubernetes/e2e/features/client_tls/suite.go b/test/kubernetes/e2e/features/client_tls/suite.go index 408ceafbac5..1ed019130ee 100644 --- a/test/kubernetes/e2e/features/client_tls/suite.go +++ b/test/kubernetes/e2e/features/client_tls/suite.go @@ -54,7 +54,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneW ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled - err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns) s.NoError(err, "can delete vs targeting upstream manifest file") s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns)) err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxUpstreamManifestFile) @@ -69,7 +69,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneW s.NoError(err, "can apply tls secret manifest file") err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxUpstreamManifestFile) s.NoError(err, "can apply nginx upstream manifest file") - err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns) s.NoError(err, "can apply vs targeting upstream manifest file") s.assertEventualResponse(expectedCertVerifyFailedResponse) @@ -79,7 +79,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() { ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled - err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns) s.NoError(err, "can delete vs targeting upstream manifest file") s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns)) err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxOneWayUpstreamManifestFile) @@ -94,7 +94,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() { s.NoError(err, "can apply tls secret manifest file") err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxOneWayUpstreamManifestFile) s.NoError(err, "can apply nginx upstream manifest file") - err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns) s.NoError(err, "can apply vs targeting upstream manifest file") s.assertEventualResponse(expectedHealthyResponse) @@ -104,7 +104,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWit ns := s.testInstallation.Metadata.InstallNamespace s.T().Cleanup(func() { // ordering here matters if strict validation enabled - err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace) + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns) s.NoError(err, "can delete vs targeting upstream manifest file") s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns)) // this is deleted in test cleanup From f46657350759ee6f9bd1801165ec9832a41c5813 Mon Sep 17 00:00:00 2001 From: changelog-bot Date: Sat, 3 Aug 2024 00:42:49 +0000 Subject: [PATCH 4/5] Adding changelog file to new location --- changelog/v1.18.0-beta14/fix-clienttls.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog/v1.18.0-beta14/fix-clienttls.yaml diff --git a/changelog/v1.18.0-beta14/fix-clienttls.yaml b/changelog/v1.18.0-beta14/fix-clienttls.yaml new file mode 100644 index 00000000000..52badf91045 --- /dev/null +++ b/changelog/v1.18.0-beta14/fix-clienttls.yaml @@ -0,0 +1,4 @@ +changelog: + - type: NON_USER_FACING + description: >- + Ensure resources are deleted before moving on to next test in client tls feature suites. From 8ea531297d4f63c6c0dfb3787497f8409900ae69 Mon Sep 17 00:00:00 2001 From: changelog-bot Date: Sat, 3 Aug 2024 00:42:50 +0000 Subject: [PATCH 5/5] Deleting changelog file from old location --- changelog/v1.18.0-beta13/fix-clienttls.yaml | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 changelog/v1.18.0-beta13/fix-clienttls.yaml diff --git a/changelog/v1.18.0-beta13/fix-clienttls.yaml b/changelog/v1.18.0-beta13/fix-clienttls.yaml deleted file mode 100644 index 52badf91045..00000000000 --- a/changelog/v1.18.0-beta13/fix-clienttls.yaml +++ /dev/null @@ -1,4 +0,0 @@ -changelog: - - type: NON_USER_FACING - description: >- - Ensure resources are deleted before moving on to next test in client tls feature suites.