def test_invalid_set_current_client_cert_details_value():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: default
spec:
config:
set_current_client_cert_details:
subject: invalid
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
require_errors(r1["ir"], [(
"ambassador.default.1",
"'set_current_client_cert_details' value for key 'subject' may only be 'true' or 'false', not 'invalid'"
)])
require_errors(r2["ir"], [(
"ambassador.default.1",
"'set_current_client_cert_details' value for key 'subject' may only be 'true' or 'false', not 'invalid'"
)])
def test_hr_good_1():
yaml = """
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-1
namespace: default
spec:
hostname: "*"
prefix: /
service: svc1
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-2
namespace: default
spec:
hostname: "*"
prefix: /
service: svc2
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
logger.info("R1 IR: %s", r1["ir"].as_json())
require_no_errors(r1["ir"])
require_no_errors(r2["ir"])
def test_invalid_forward_client_cert_details():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: default
spec:
config:
forward_client_cert_details: SANITIZE_INVALID
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
require_errors(r1["ir"], [(
"ambassador.default.1",
"'forward_client_cert_details' may not be set to 'SANITIZE_INVALID'; it may only be set to one of: SANITIZE, FORWARD_ONLY, APPEND_FORWARD, SANITIZE_SET, ALWAYS_FORWARD_ONLY"
)])
require_errors(r2["ir"], [(
"ambassador.default.1",
"'forward_client_cert_details' may not be set to 'SANITIZE_INVALID'; it may only be set to one of: SANITIZE, FORWARD_ONLY, APPEND_FORWARD, SANITIZE_SET, ALWAYS_FORWARD_ONLY"
)])
def test_invalid_set_current_client_cert_details_key():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: default
spec:
config:
set_current_client_cert_details:
invalid: true
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
logger.info("R1 IR: %s", r1["ir"].as_json())
require_errors(r1["ir"], [(
"ambassador.default.1",
"'set_current_client_cert_details' may not contain key 'invalid'; it may only contain keys: subject, cert, chain, dns, uri"
)])
require_errors(r2["ir"], [(
"ambassador.default.1",
"'set_current_client_cert_details' may not contain key 'invalid'; it may only contain keys: subject, cert, chain, dns, uri"
)])
def test_hr_error_4():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: mapping-1
namespace: default
spec:
prefix: /svc1
service: svc1
host_redirect: true
path_redirect: /path/
prefix_redirect: /prefix/
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: mapping-2
namespace: default
spec:
prefix: /svc2
service: svc2
host_redirect: true
path_redirect: /path/
regex_redirect:
pattern: /regex/
substitution: /substitution/
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: mapping-3
namespace: default
spec:
prefix: /svc3
service: svc3
host_redirect: true
prefix_redirect: /prefix/
regex_redirect:
pattern: /regex/
substitution: /substitution/
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
for r in [r1, r2]:
require_errors(r["ir"], [
("mapping-1.default.1",
"Cannot specify both path_redirect and prefix_redirect. Using path_redirect and ignoring prefix_redirect."
),
("mapping-2.default.1",
"Cannot specify both path_redirect and regex_redirect. Using path_redirect and ignoring regex_redirect."
),
("mapping-3.default.1",
"Cannot specify both prefix_redirect and regex_redirect. Using prefix_redirect and ignoring regex_redirect."
)
])
def econf_compile(yaml, envoy_version="V2"):
# Compile with and without a cache. Neither should produce errors.
cache = Cache(logger)
secret_handler = _secret_handler()
r1 = Compile(logger,
yaml,
k8s=True,
secret_handler=secret_handler,
envoy_version=envoy_version)
r2 = Compile(logger,
yaml,
k8s=True,
secret_handler=secret_handler,
cache=cache,
envoy_version=envoy_version)
_require_no_errors(r1["ir"])
_require_no_errors(r2["ir"])
# Both should produce equal Envoy config as sorted json.
r1j = json.dumps(r1[envoy_version.lower()].as_dict(),
sort_keys=True,
indent=2)
r2j = json.dumps(r2[envoy_version.lower()].as_dict(),
sort_keys=True,
indent=2)
assert r1j == r2j
# Now we can return the Envoy config as a dictionary
return r1[envoy_version.lower()].as_dict()
def compile_with_cachecheck(yaml, envoy_version="V2", errors_ok=False):
# Compile with and without a cache. Neither should produce errors.
cache = Cache(logger)
secret_handler = _secret_handler()
r1 = Compile(logger, yaml, k8s=True, secret_handler=secret_handler, envoy_version=envoy_version)
r2 = Compile(logger, yaml, k8s=True, secret_handler=secret_handler, cache=cache,
envoy_version=envoy_version)
if not errors_ok:
_require_no_errors(r1["ir"])
_require_no_errors(r2["ir"])
# Both should produce equal Envoy config as sorted json.
r1j = json.dumps(r1[envoy_version.lower()].as_dict(), sort_keys=True, indent=2)
r2j = json.dumps(r2[envoy_version.lower()].as_dict(), sort_keys=True, indent=2)
assert r1j == r2j
# All good.
return r1
def test_valid_forward_client_cert_details():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: default
spec:
config:
forward_client_cert_details: SANITIZE_SET
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
require_no_errors(r1["ir"])
require_no_errors(r2["ir"])
def test_valid_set_current_client_cert_details():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: default
spec:
config:
set_current_client_cert_details:
subject: true
dns: true
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
require_no_errors(r1["ir"])
require_no_errors(r2["ir"])
def test_hr_error_1():
yaml = """
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-1
namespace: default
spec:
hostname: "*"
prefix: /
service: svc1
host_redirect: true
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-2
namespace: default
spec:
hostname: "*"
prefix: /
service: svc2
host_redirect: true
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
# XXX Why are these showing up tagged with "mapping-1.default.1" rather than "mapping-2.default.1"?
require_errors(
r1["ir"],
[("mapping-1.default.1",
"cannot accept mapping-2 as second host_redirect after mapping-1")])
require_errors(
r2["ir"],
[("mapping-1.default.1",
"cannot accept mapping-2 as second host_redirect after mapping-1")])
def test_hr_error_2():
yaml = """
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-1
namespace: default
spec:
hostname: "*"
prefix: /
service: svc1
host_redirect: true
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: mapping-2
namespace: default
spec:
hostname: "*"
prefix: /
service: svc2
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
# XXX Why are these showing up as "-global-"?
require_errors(r1["ir"], [(
"-global-",
"cannot accept mapping-2 without host_redirect after mapping-1 with host_redirect"
)])
require_errors(r2["ir"], [(
"-global-",
"cannot accept mapping-2 without host_redirect after mapping-1 with host_redirect"
)])
def test_hr_error_3():
yaml = """
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: mapping-1
namespace: default
spec:
prefix: /
service: svc1
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: mapping-2
namespace: default
spec:
prefix: /
service: svc2
host_redirect: true
"""
cache = Cache(logger)
r1 = Compile(logger, yaml, k8s=True)
r2 = Compile(logger, yaml, k8s=True, cache=cache)
# XXX Why are these showing up tagged with "mapping-1.default.1" rather than "mapping-2.default.1"?
require_errors(r1["ir"], [(
"mapping-1.default.1",
"cannot accept mapping-2 with host_redirect after mappings without host_redirect (eg mapping-1)"
)])
require_errors(r2["ir"], [(
"mapping-1.default.1",
"cannot accept mapping-2 with host_redirect after mappings without host_redirect (eg mapping-1)"
)])