github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Adding an e2e test for verifying https-only annotation with kubemci

Browse Source
This commit is contained in:
nikhiljindal 2018-04-02 23:44:53 -07:00
parent 8b94183e90
commit 146b00911a
1 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
test/e2e/network/ingress.go
View File

@ -120,18 +120,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
// ip released when the rest of lb resources are deleted in CleanupGCEIngressController // ip released when the rest of lb resources are deleted in CleanupGCEIngressController
ip := gceController.CreateStaticIP(ns) ip := gceController.CreateStaticIP(ns)
By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ns, ip)) By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ns, ip))
executeStaticIPHttpsOnlyTest(f, jig, ns, ip)
jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "static-ip"), ns, map[string]string{
framework.IngressStaticIPKey: ns,
framework.IngressAllowHTTPKey: "false",
}, map[string]string{})
By("waiting for Ingress to come up with ip: " + ip)
httpClient := framework.BuildInsecureClient(framework.IngressReqTimeout)
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, false))
By("should reject HTTP traffic")
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("http://%v/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, true))
By("should have correct firewall rule for ingress") By("should have correct firewall rule for ingress")
fw := gceController.GetFirewallRule() fw := gceController.GetFirewallRule()
@ -577,7 +566,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
Describe("GCE [Slow] [Feature:kubemci]", func() { Describe("GCE [Slow] [Feature:kubemci]", func() {
var gceController *framework.GCEIngressController var gceController *framework.GCEIngressController
var ipName string var ipName, ipAddress string
// Platform specific setup // Platform specific setup
BeforeEach(func() { BeforeEach(func() {
@ -597,7 +586,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
// Kubemci should reserve a static ip if user has not specified one. // Kubemci should reserve a static ip if user has not specified one.
ipName = "kubemci-" + string(uuid.NewUUID()) ipName = "kubemci-" + string(uuid.NewUUID())
// ip released when the rest of lb resources are deleted in CleanupGCEIngressController // ip released when the rest of lb resources are deleted in CleanupGCEIngressController
ipAddress := gceController.CreateStaticIP(ipName) ipAddress = gceController.CreateStaticIP(ipName)
By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ipName, ipAddress)) By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ipName, ipAddress))
}) })
@ -636,6 +625,11 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
It("should create ingress with backend HTTPS", func() { It("should create ingress with backend HTTPS", func() {
executeBacksideBacksideHTTPSTest(f, jig, ipName) executeBacksideBacksideHTTPSTest(f, jig, ipName)
}) })
It("should support https-only annotation", func() {
executeStaticIPHttpsOnlyTest(f, jig, ipName, ipAddress)
})
}) })
// Time: borderline 5m, slow by design // Time: borderline 5m, slow by design
@ -741,6 +735,20 @@ func executePresharedCertTest(f *framework.Framework, jig *framework.IngressTest
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Unexpected error while waiting for ingress: %v", err)) Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Unexpected error while waiting for ingress: %v", err))
} }
func executeStaticIPHttpsOnlyTest(f *framework.Framework, jig *framework.IngressTestJig, ipName, ip string) {
jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "static-ip"), f.Namespace.Name, map[string]string{
framework.IngressStaticIPKey: ipName,
framework.IngressAllowHTTPKey: "false",
}, map[string]string{})
By("waiting for Ingress to come up with ip: " + ip)
httpClient := framework.BuildInsecureClient(framework.IngressReqTimeout)
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%s/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, false))
By("should reject HTTP traffic")
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("http://%s/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, true))
}
func executeBacksideBacksideHTTPSTest(f *framework.Framework, jig *framework.IngressTestJig, staticIPName string) { func executeBacksideBacksideHTTPSTest(f *framework.Framework, jig *framework.IngressTestJig, staticIPName string) {
By("Creating a set of ingress, service and deployment that have backside re-encryption configured") By("Creating a set of ingress, service and deployment that have backside re-encryption configured")
deployCreated, svcCreated, ingCreated, err := jig.SetUpBacksideHTTPSIngress(f.ClientSet, f.Namespace.Name, staticIPName) deployCreated, svcCreated, ingCreated, err := jig.SetUpBacksideHTTPSIngress(f.ClientSet, f.Namespace.Name, staticIPName)