From 97798c4f3d02033486b75b83480908bd1cb651d5 Mon Sep 17 00:00:00 2001 From: Nick Sardo Date: Thu, 12 Apr 2018 16:35:37 -0700 Subject: [PATCH] Fix ingress util handling of TLS --- test/e2e/framework/ingress_utils.go | 19 +++++++++++++++---- test/e2e/upgrades/ingress.go | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/test/e2e/framework/ingress_utils.go b/test/e2e/framework/ingress_utils.go index 9e3e145fb86..82cfe23eed4 100644 --- a/test/e2e/framework/ingress_utils.go +++ b/test/e2e/framework/ingress_utils.go @@ -183,7 +183,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m }, { fmt.Sprintf("should terminate TLS for host %v", tlsHost), - func() { jig.AddHTTPS(tlsSecretName, tlsHost) }, + func() { jig.SetHTTPS(tlsSecretName, tlsHost) }, fmt.Sprintf("waiting for HTTPS updates to reflect in ingress"), }, { @@ -241,7 +241,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m } ing.Spec.Rules = newRules }) - jig.AddHTTPS(tlsSecretName, updatedTLSHost) + jig.SetHTTPS(tlsSecretName, updatedTLSHost) }, fmt.Sprintf("Waiting for updated certificates to accept requests for host %v", updatedTLSHost), }) @@ -1211,19 +1211,30 @@ func (j *IngressTestJig) Update(update func(ing *extensions.Ingress)) { Failf("too many retries updating ingress %s/%s", ns, name) } -// AddHTTPS updates the ingress to use this secret for these hosts. +// AddHTTPS updates the ingress to add this secret for these hosts. func (j *IngressTestJig) AddHTTPS(secretName string, hosts ...string) { // TODO: Just create the secret in GetRootCAs once we're watching secrets in // the ingress controller. _, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...) ExpectNoError(err) - j.Logger.Infof("Updating ingress %v to use secret %v for TLS termination", j.Ingress.Name, secretName) + j.Logger.Infof("Updating ingress %v to also use secret %v for TLS termination", j.Ingress.Name, secretName) j.Update(func(ing *extensions.Ingress) { ing.Spec.TLS = append(ing.Spec.TLS, extensions.IngressTLS{Hosts: hosts, SecretName: secretName}) }) j.RootCAs[secretName] = cert } +// SetHTTPS updates the ingress to use only this secret for these hosts. +func (j *IngressTestJig) SetHTTPS(secretName string, hosts ...string) { + _, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...) + ExpectNoError(err) + j.Logger.Infof("Updating ingress %v to only use secret %v for TLS termination", j.Ingress.Name, secretName) + j.Update(func(ing *extensions.Ingress) { + ing.Spec.TLS = []extensions.IngressTLS{{Hosts: hosts, SecretName: secretName}} + }) + j.RootCAs = map[string][]byte{secretName: cert} +} + // RemoveHTTPS updates the ingress to not use this secret for TLS. // Note: Does not delete the secret. func (j *IngressTestJig) RemoveHTTPS(secretName string) { diff --git a/test/e2e/upgrades/ingress.go b/test/e2e/upgrades/ingress.go index cb527c666e6..851c08304e9 100644 --- a/test/e2e/upgrades/ingress.go +++ b/test/e2e/upgrades/ingress.go @@ -97,7 +97,7 @@ func (t *IngressUpgradeTest) Setup(f *framework.Framework) { framework.IngressStaticIPKey: t.ipName, framework.IngressAllowHTTPKey: "false", }, map[string]string{}) - t.jig.AddHTTPS("tls-secret", "ingress.test.com") + t.jig.SetHTTPS("tls-secret", "ingress.test.com") By("waiting for Ingress to come up with ip: " + t.ip) framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))