diff --git a/pkg/apis/networking/validation/validation_test.go b/pkg/apis/networking/validation/validation_test.go index 9b4e5b5ddd4..78fc949d8f1 100644 --- a/pkg/apis/networking/validation/validation_test.go +++ b/pkg/apis/networking/validation/validation_test.go @@ -2274,6 +2274,67 @@ func TestValidateIngressTLS(t *testing.T) { } } +// TestValidateEmptyIngressTLS verifies that an empty TLS configuration can be +// specified, which ingress controllers may interpret to mean that TLS should be +// used with a default certificate that the ingress controller furnishes. +func TestValidateEmptyIngressTLS(t *testing.T) { + pathTypeImplementationSpecific := networking.PathTypeImplementationSpecific + serviceBackend := &networking.IngressServiceBackend{ + Name: "defaultbackend", + Port: networking.ServiceBackendPort{ + Number: 443, + }, + } + defaultBackend := networking.IngressBackend{ + Service: serviceBackend, + } + newValid := func() networking.Ingress { + return networking.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + Namespace: metav1.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + Host: "foo.bar.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + PathType: &pathTypeImplementationSpecific, + Backend: defaultBackend, + }, + }, + }, + }, + }, + }, + }, + } + } + + validCases := map[string]networking.Ingress{} + goodEmptyTLS := newValid() + goodEmptyTLS.Spec.TLS = []networking.IngressTLS{ + {}, + } + validCases[fmt.Sprintf("spec.tls[0]: Valid value: %v", goodEmptyTLS.Spec.TLS[0])] = goodEmptyTLS + goodEmptyHosts := newValid() + goodEmptyHosts.Spec.TLS = []networking.IngressTLS{ + { + Hosts: []string{}, + }, + } + validCases[fmt.Sprintf("spec.tls[0]: Valid value: %v", goodEmptyHosts.Spec.TLS[0])] = goodEmptyHosts + for k, v := range validCases { + errs := validateIngress(&v, IngressValidationOptions{}, networkingv1beta1.SchemeGroupVersion) + if len(errs) != 0 { + t.Errorf("expected success for %q", k) + } + } +} + func TestValidateIngressStatusUpdate(t *testing.T) { serviceBackend := &networking.IngressServiceBackend{ Name: "defaultbackend",