def test_tls_redirect_based_on_scheme(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup):
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-tls-redirect/virtual-server-scheme-redirect.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(kube_apis.v1,
virtual_server_setup.namespace,
virtual_server_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
assert "proxy_set_header X-Forwarded-Proto $scheme;" in config
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host},
allow_redirects=False)
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host},
allow_redirects=False)
assert resp_1.status_code == 302, "Expected: a redirect for scheme=http"
assert resp_2.status_code == 302, "Expected: a redirect for scheme=http"
resp_3 = requests.get(virtual_server_setup.backend_1_url_ssl,
headers={"host": virtual_server_setup.vs_host},
allow_redirects=False, verify=False)
resp_4 = requests.get(virtual_server_setup.backend_2_url_ssl,
headers={"host": virtual_server_setup.vs_host},
allow_redirects=False, verify=False)
assert resp_3.status_code == 200, "Expected: no redirect for scheme=https"
assert resp_4.status_code == 200, "Expected: no redirect for scheme=https"
def test_nginx_config_upstreams_defaults(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup,
v_s_route_app_setup):
print("Case 1: no ConfigMap keys, no options in VS")
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
assert "random two least_conn;" in config
assert "ip_hash;" not in config
assert "hash " not in config
assert "least_time " not in config
assert "proxy_connect_timeout 60s;" in config
assert "proxy_read_timeout 60s;" in config
assert "proxy_send_timeout 60s;" in config
assert "max_fails=1 fail_timeout=10s max_conns=0;" in config
assert "keepalive" not in config
assert 'proxy_set_header Connection "";' not in config
assert "proxy_next_upstream error timeout;" in config
assert "proxy_next_upstream_timeout 0s;" in config
assert "proxy_next_upstream_tries 0;" in config
def test_responses_and_config_after_disable_tls(
self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
initial_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
initial_count = get_event_count(vs_event_text, initial_events_vs)
patch_virtual_server_from_yaml(
kube_apis.custom_objects, virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-upstream-tls/virtual-server-disable-tls.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
new_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
assert 'proxy_pass https://' not in config
assert_response_codes(resp_1, resp_2, 200, 400)
assert_event_count_increased(vs_event_text, initial_count,
new_events_vs)
def pytest_runtest_makereport(item) -> None:
"""
Print out IC Pod logs on test failure.
Only look at actual failing test calls, not setup/teardown.
Only show the logs if commandline argument `--show-ic-logs` is set to 'yes'
:param item:
:return:
"""
# execute all other hooks to obtain the report object
outcome = yield
rep = outcome.get_result()
# we only look at actual failing test calls, not setup/teardown
if rep.when == "call" and rep.failed and item.config.getoption(
"--show-ic-logs") == "yes":
pod_namespace = item.funcargs[
"ingress_controller_prerequisites"].namespace
pod_name = get_first_pod_name(item.funcargs["kube_apis"].v1,
pod_namespace)
print("\n===================== IC Logs Start =====================")
print(item.funcargs["kube_apis"].v1.read_namespaced_pod_log(
pod_name, pod_namespace))
print("\n===================== IC Logs End =====================")
def test_when_option_in_v_s_only(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup, options,
expected_strings):
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace)
initial_count = assert_event_and_get_count(vs_event_text, events_vs)
print(f"Case 2: no key in ConfigMap , option specified in VS")
new_body = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml",
options)
patch_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace, new_body)
wait_before_test(1)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_count_increased(vs_event_text, initial_count, vs_events)
for _ in expected_strings:
assert _ in config
assert_response_codes(resp_1, resp_2)
def test_slow_start_warning(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup,
options):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated with warning(s): Slow start will be disabled"
print(f"Case 0: verify a warning")
new_body = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml",
options)
patch_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace, new_body)
wait_before_test(1)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event(vs_event_text, vs_events)
assert "slow_start" not in config
def send_build_info(self, kube_apis,
ingress_controller_prerequisites) -> str:
"""
Helper function to get pod logs
"""
pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
try:
api_response = kube_apis.v1.read_namespaced_pod_log(
name=pod_name,
namespace=ingress_controller_prerequisites.namespace,
limit_bytes=200,
)
logging.info(api_response)
except ApiException as e:
logging.exception(f"Found exception in reading the logs: {e}")
br = io.StringIO(api_response)
_log = br.readline()
try:
_info = _log[_log.find("Version"):].strip()
logging.info(f"Version and GitCommit info: {_info}")
except Exception as e:
logging.exception(f"Tag labels not found")
return _info
def test_invalid_value_rejection(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup, v_s_route_secure_app_setup):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
initial_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
initial_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_s.name,
f"{TEST_DATA}/virtual-server-route-upstream-tls/route-single-invalid.yaml",
v_s_route_setup.route_s.namespace)
wait_before_test(1)
config = get_vs_nginx_template_conf(kube_apis.v1,
v_s_route_setup.namespace,
v_s_route_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
new_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
new_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
vs_line = f"vs_{v_s_route_setup.namespace}_{v_s_route_setup.vs_name}"
proxy_host_s = f"{vs_line}_vsr_{v_s_route_setup.route_s.namespace}_{v_s_route_setup.route_s.name}"
proxy_host_m = f"{vs_line}_vsr_{v_s_route_setup.route_m.namespace}_{v_s_route_setup.route_m.name}"
assert f'proxy_pass https://{proxy_host_m}' not in config
assert f'proxy_pass https://{proxy_host_s}' in config
assert_response_codes(resp_1, resp_2)
assert_no_new_events(initial_events_ns_m, new_events_ns_m)
assert_no_new_events(initial_events_ns_s, new_events_ns_s)
def test_make_existing_vsr_invalid(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup,
route_yaml):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_s.name,
route_yaml,
v_s_route_setup.route_s.namespace)
wait_before_test(1)
new_config = get_vs_nginx_template_conf(kube_apis.v1,
v_s_route_setup.namespace,
v_s_route_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
new_vs_events = get_events(kube_apis.v1, v_s_route_setup.namespace)
new_vsr_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
assert_locations_not_in_config(new_config, v_s_route_setup.route_s.paths)
text = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
assert_event_and_count(f"Ignored VirtualServerRoute {text}",
1,
new_vs_events)
assert_event_and_count(f"Ignored by VirtualServer {v_s_route_setup.namespace}/{v_s_route_setup.vs_name}",
1,
new_vsr_events)
def test_validation_event_flow(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
invalid_fields = [
"spec.routes[0].errorPages[0].redirect.url: Invalid value",
"spec.routes[0].errorPages[0].redirect.code: Invalid value: 101",
"spec.routes[1].errorPages[0].return.body: Invalid value: \"status\"",
"spec.routes[1].errorPages[0].return.code: Invalid value: 100",
"spec.routes[1].errorPages[0].return.headers[0].value: Invalid value: \"schema\""
]
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"VirtualServer {text} is invalid and was rejected: "
vs_file = f"{TEST_DATA}/virtual-server-error-pages/virtual-server-invalid.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name, vs_file,
virtual_server_setup.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_starts_with_text_and_contains_errors(
vs_event_text, vs_events, invalid_fields)
assert_vs_conf_not_exists(kube_apis, ic_pod_name,
ingress_controller_prerequisites.namespace,
virtual_server_setup)
def test_virtual_server_behavior(self,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
print("Step 1: initial check")
step_1_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_template_conf_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_200(virtual_server_setup)
print("Step 2: make a valid VirtualServer invalid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/virtual-server-invalid-cookie.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_2_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_new_event_emitted(virtual_server_setup, step_2_list, step_1_list)
assert_template_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
print("Step 3: update an invalid VirtualServer with another invalid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/virtual-server-no-default-action.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_3_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_new_event_emitted(virtual_server_setup, step_3_list, step_2_list)
assert_template_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
print("Step 4: make an invalid VirtualServer valid and check")
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-validation/standard/virtual-server.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_4_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_template_conf_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_event_count_increased(virtual_server_setup, step_4_list, step_3_list)
assert_response_200(virtual_server_setup)
print("Step 5: delete VS and then create an invalid and check")
delete_virtual_server(kube_apis.custom_objects, virtual_server_setup.vs_name, virtual_server_setup.namespace)
create_virtual_server_from_yaml(kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server-validation/virtual-server-invalid-cookie.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
step_5_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_new_event_emitted(virtual_server_setup, step_5_list, step_4_list)
assert_template_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace,
virtual_server_setup)
assert_response_404(virtual_server_setup)
def test_flow_for_invalid_vsr(self, kube_apis,
ingress_controller_prerequisites, crd_ingress_controller,
v_s_route_setup, v_s_route_app_setup):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
text_vs = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
text_vsr_s = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vs_event_text = f'Ignored by VirtualServer {text_vs}: spec.subroutes: Invalid value: "subroutes": ' \
f'must have only one subroute if regex match or exact match are being used'
vsr_event_text = f'VirtualServerRoute {text_vsr_s} is invalid and was rejected: ' \
f'spec.subroutes[1].path: Duplicate value: "=/backends/exact-match$request"'
vs_src_yaml = f"{TEST_DATA}" \
f"/virtual-server-route-regexp-location/standard/virtual-server-exact.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects, v_s_route_setup.vs_name,
vs_src_yaml,
v_s_route_setup.namespace)
vsr_src_yaml = f"{TEST_DATA}" \
f"/virtual-server-route-regexp-location/route-multiple-invalid-multiple-regexp-subroutes.yaml"
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_m.name,
vsr_src_yaml,
v_s_route_setup.route_m.namespace)
wait_before_test(2)
config = get_vs_nginx_template_conf(kube_apis.v1,
v_s_route_setup.namespace,
v_s_route_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
ns_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
assert_event(vsr_event_text, ns_events) and assert_event(vs_event_text, ns_events)
assert "location =/backends/exact-match$request {" not in config
def test_grpc_healthcheck_validation(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, backend_setup,
virtual_server_setup):
invalid_fields = [
"upstreams[0].healthCheck.path",
"upstreams[0].healthCheck.statusMatch",
"upstreams[0].healthCheck.grpcStatus",
"upstreams[0].healthCheck.grpcService"
]
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"VirtualServer {text} was rejected with error:"
patch_virtual_server_from_yaml(
kube_apis.custom_objects, virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-grpc/virtual-server-healthcheck-invalid.yaml",
virtual_server_setup.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
print(vs_events)
assert_event_starts_with_text_and_contains_errors(
vs_event_text, vs_events, invalid_fields)
assert_vs_conf_not_exists(kube_apis, ic_pod_name,
ingress_controller_prerequisites.namespace,
virtual_server_setup)
def test_event_message_and_config(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
invalid_fields = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails", "upstreams[0].connect-timeout",
"upstreams[0].read-timeout", "upstreams[0].send-timeout",
"upstreams[0].keepalive", "upstreams[0].max-conns",
"upstreams[1].lb-method", "upstreams[1].fail-timeout",
"upstreams[1].max-fails", "upstreams[1].connect-timeout",
"upstreams[1].read-timeout", "upstreams[1].send-timeout",
"upstreams[1].keepalive", "upstreams[1].max-conns"
]
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"VirtualServer {text} is invalid and was rejected: "
vs_file = f"{TEST_DATA}/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name, vs_file,
virtual_server_setup.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
response = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_starts_with_text_and_contains_errors(
vs_event_text, vs_events, invalid_fields)
assert_template_config_does_not_exist(response)
def vs_externalname_setup(request, kube_apis, ingress_controller_prerequisites,
virtual_server_setup) -> ExternalNameSetup:
print(
"------------------------- Prepare ExternalName Setup -----------------------------------"
)
external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml"
external_svc_host = get_external_host_from_service_yaml(external_svc_src)
config_map_name = ingress_controller_prerequisites.config_map["metadata"][
"name"]
replace_configmap_from_yaml(
kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml")
external_svc = create_service_from_yaml(kube_apis.v1,
virtual_server_setup.namespace,
external_svc_src)
wait_before_test(1)
ensure_connection_to_public_endpoint(
virtual_server_setup.public_endpoint.public_ip,
virtual_server_setup.public_endpoint.port,
virtual_server_setup.public_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
def fin():
print("Clean up ExternalName Setup:")
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
request.addfinalizer(fin)
return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def test_ap_nginx_config_entries(
self, kube_apis, crd_ingress_controller_with_ap, appprotect_setup, test_namespace
):
"""
Test to verify AppProtect annotations in nginx config
"""
conf_annotations = [
"app_protect_enable on;",
f"app_protect_policy_file /etc/nginx/waf/nac-policies/{test_namespace}_{ap_policy};",
"app_protect_security_log_enable on;",
f"app_protect_security_log /etc/nginx/waf/nac-logconfs/{test_namespace}_logconf syslog:server=127.0.0.1:514;",
]
create_ingress_with_ap_annotations(
kube_apis, src_ing_yaml, test_namespace, ap_policy, "True", "True", "127.0.0.1:514"
)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
ensure_response_from_backend(appprotect_setup.req_url, ingress_host, check404=True)
pod_name = get_first_pod_name(kube_apis.v1, "nginx-ingress")
result_conf = get_ingress_nginx_template_conf(
kube_apis.v1, test_namespace, "appprotect-ingress", pod_name, "nginx-ingress"
)
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
for _ in conf_annotations:
assert _ in result_conf
def vs_externalname_setup(request,
kube_apis,
ingress_controller_prerequisites,
virtual_server_setup) -> ExternalNameSetup:
print("------------------------- Deploy External-Backend -----------------------------------")
external_ns = create_namespace_with_name_from_yaml(kube_apis.v1, "external-ns", f"{TEST_DATA}/common/ns.yaml")
external_svc_name = create_service_with_name(kube_apis.v1, external_ns, "external-backend-svc")
create_deployment_with_name(kube_apis.apps_v1_api, external_ns, "external-backend")
print("------------------------- Prepare ExternalName Setup -----------------------------------")
external_svc_src = f"{TEST_DATA}/virtual-server-externalname/externalname-svc.yaml"
external_svc_host = f"{external_svc_name}.{external_ns}.svc.cluster.local"
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-externalname/nginx-config.yaml")
external_svc = create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, external_svc_src)
wait_before_test(2)
ensure_connection_to_public_endpoint(virtual_server_setup.public_endpoint.public_ip,
virtual_server_setup.public_endpoint.port,
virtual_server_setup.public_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
ensure_response_from_backend(virtual_server_setup.backend_1_url, virtual_server_setup.vs_host)
def fin():
print("Clean up ExternalName Setup:")
delete_namespace(kube_apis.v1, external_ns)
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
request.addfinalizer(fin)
return ExternalNameSetup(ic_pod_name, external_svc, external_svc_host)
def test_validation_flow(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
initial_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
try:
patch_virtual_server_from_yaml(
kube_apis.custom_objects, virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-upstream-tls/virtual-server-invalid.yaml",
virtual_server_setup.namespace)
except ApiException as ex:
assert ex.status == 422 and "spec.upstreams.tls.enable" in ex.body
except Exception as ex:
pytest.fail(f"An unexpected exception is raised: {ex}")
else:
pytest.fail("Expected an exception but there was none")
wait_before_test(1)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
new_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
proxy_host = f"vs_{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}"
assert f'proxy_pass https://{proxy_host}_backend1' not in config
assert f'proxy_pass https://{proxy_host}_backend2' in config
assert_response_codes(resp_1, resp_2)
assert_no_new_events(initial_events_vs, new_events_vs)
def test_ap_nginx_config_entries(self, kube_apis,
crd_ingress_controller_with_ap,
appprotect_setup, test_namespace):
"""
Test to verify AppProtect annotations in nginx config
"""
conf_annotations = [
f"app_protect_enable on;",
f"app_protect_policy_file /etc/nginx/waf/nac-policies/{test_namespace}_{ap_policy};",
f"app_protect_security_log_enable on;",
f"app_protect_security_log /etc/nginx/waf/nac-logconfs/{test_namespace}_logconf syslog:server=127.0.0.1:514;",
]
src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml"
create_ingress_with_ap_annotations(kube_apis, src_ing_yaml,
test_namespace, ap_policy, "True",
"True", "127.0.0.1:514")
wait_before_test(40)
pod_name = get_first_pod_name(kube_apis.v1, "nginx-ingress")
result_conf = get_ingress_nginx_template_conf(kube_apis.v1,
test_namespace,
"appprotect-ingress",
pod_name,
"nginx-ingress")
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
for _ in conf_annotations:
assert _ in result_conf
def test_when_option_in_config_map_only(
self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup, restore_configmap,
config_map_file, expected_strings, unexpected_strings):
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was updated"
print(f"Case 3: key specified in ConfigMap, no option in VS")
patch_virtual_server_from_yaml(
kube_apis.custom_objects, virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml",
virtual_server_setup.namespace)
config_map_name = ingress_controller_prerequisites.config_map[
"metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
config_map_file)
wait_before_test(1)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event(vs_event_text, vs_events)
for _ in expected_strings:
assert _ in config
for _ in unexpected_strings:
assert _ not in config
assert_response_codes(resp_1, resp_2)
def test_ssl_keys(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller,
virtual_server_setup, clean_up):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
print("Step 1: update ConfigMap with valid ssl keys")
replace_configmap_from_yaml(kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys.yaml")
wait_before_test(1)
step_1_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
step_1_config = get_vs_nginx_template_conf(kube_apis.v1,
virtual_server_setup.namespace,
virtual_server_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
assert_valid_event_emitted(virtual_server_setup, step_1_events, initial_list)
assert_ssl_keys(step_1_config)
print("Step 2: update ConfigMap with invalid ssl keys")
replace_configmap_from_yaml(kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml")
wait_before_test(1)
step_2_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
step_2_config = get_vs_nginx_template_conf(kube_apis.v1,
virtual_server_setup.namespace,
virtual_server_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
assert_valid_event_count_increased(virtual_server_setup, step_2_events, step_1_events)
assert_defaults_of_ssl_keys(step_2_config)
def test_slow_start_warning(self, kube_apis,
ingress_controller_prerequisites, crd_ingress_controller,
v_s_route_setup, v_s_route_app_setup, options):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"Configuration for {text_s} was added or updated with warning(s): " \
f"Slow start will be disabled"
vsr_m_event_text = f"Configuration for {text_m} was added or updated with warning(s): " \
f"Slow start will be disabled"
print(f"Case 2: no key in ConfigMap, option specified in VSR")
new_body_m = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple.yaml",
options)
new_body_s = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-route-upstream-options/route-single.yaml",
options)
patch_v_s_route(kube_apis.custom_objects,
v_s_route_setup.route_m.name, v_s_route_setup.route_m.namespace, new_body_m)
patch_v_s_route(kube_apis.custom_objects,
v_s_route_setup.route_s.name, v_s_route_setup.route_s.namespace, new_body_s)
wait_before_test(1)
config = get_vs_nginx_template_conf(kube_apis.v1,
v_s_route_setup.namespace,
v_s_route_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
vsr_s_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
assert_event(vsr_s_event_text, vsr_s_events)
assert_event(vsr_m_event_text, vsr_m_events)
assert "slow_start" not in config
def test_make_existing_vsr_invalid(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup,
route_yaml):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_s.name, route_yaml,
v_s_route_setup.route_s.namespace)
wait_before_test(1)
new_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
new_vs_events = get_events(kube_apis.v1, v_s_route_setup.namespace)
new_vsr_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_locations_not_in_config(new_config,
v_s_route_setup.route_s.paths)
text = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
assert_event_and_count(
f"Configuration for {v_s_route_setup.namespace}/{v_s_route_setup.vs_name} was added or updated with warning(s)",
1, new_vs_events)
if route_yaml == f"{TEST_DATA}/virtual-server-route/route-single-invalid-host.yaml":
assert_event_and_count(
f"VirtualServer is invalid or doesn't exist", 1,
new_vsr_events)
else:
assert_event_and_count(
f"VirtualServerRoute {text} was rejected with error", 1,
new_vsr_events)
def test_invalid_value_rejection(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
initial_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
patch_virtual_server_from_yaml(
kube_apis.custom_objects, virtual_server_setup.vs_name,
f"{TEST_DATA}/virtual-server-upstream-tls/virtual-server-invalid.yaml",
virtual_server_setup.namespace)
wait_before_test(1)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
new_events_vs = get_events(kube_apis.v1,
virtual_server_setup.namespace)
proxy_host = f"vs_{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}"
assert f'proxy_pass https://{proxy_host}_backend1' not in config
assert f'proxy_pass https://{proxy_host}_backend2' in config
assert_response_codes(resp_1, resp_2)
assert_no_new_events(initial_events_vs, new_events_vs)
def test_create_invalid_vsr(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup):
route_yaml = f"{TEST_DATA}/virtual-server-route/route-single-duplicate-path.yaml"
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
text = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
vs_event_text = f"Configuration for {v_s_route_setup.namespace}/{v_s_route_setup.vs_name} was added or updated with warning(s)"
vsr_event_text = f"VirtualServerRoute {text} was rejected with error: spec.subroutes[1].path: Duplicate value: \"/backend2\""
delete_v_s_route(kube_apis.custom_objects,
v_s_route_setup.route_s.name,
v_s_route_setup.route_s.namespace)
create_v_s_route_from_yaml(kube_apis.custom_objects, route_yaml,
v_s_route_setup.route_s.namespace)
wait_before_test(1)
new_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
new_vs_events = get_events(kube_apis.v1, v_s_route_setup.namespace)
new_vsr_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
assert_locations_not_in_config(new_config,
v_s_route_setup.route_s.paths)
assert_event_and_count(vs_event_text, 1, new_vs_events)
assert_event_and_count(vsr_event_text, 1, new_vsr_events)
def test_openapi_validation_flow(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config_old = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
vs_src = f"{TEST_DATA}/virtual-server-redirects/virtual-server-invalid-openapi.yaml"
try:
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
vs_src,
virtual_server_setup.namespace)
except ApiException as ex:
assert ex.status == 422 \
and "spec.routes.action.redirect.url" in ex.body \
and "spec.routes.action.redirect.code" in ex.body
except Exception as ex:
pytest.fail(f"An unexpected exception is raised: {ex}")
else:
pytest.fail("Expected an exception but there was none")
wait_before_test(1)
config_new = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
assert config_old == config_new, "Expected: config doesn't change"
def annotations_grpc_setup(request,
kube_apis,
ingress_controller_prerequisites,
ingress_controller_endpoint, ingress_controller, test_namespace) -> AnnotationsSetup:
print("------------------------- Deploy gRPC Annotations-Example -----------------------------------")
create_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/grpc/annotations-ingress.yaml",
test_namespace)
ingress_name = get_names_from_yaml(f"{TEST_DATA}/annotations/grpc/annotations-ingress.yaml")[0]
ingress_host = get_first_ingress_host_from_yaml(f"{TEST_DATA}/annotations/grpc/annotations-ingress.yaml")
replace_configmap_from_yaml(kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/common/configmap-with-grpc.yaml")
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
event_text = f"Configuration for {test_namespace}/{ingress_name} was added or updated"
error_text = f"{event_text}, but not applied: Error reloading NGINX"
def fin():
print("Clean up gRPC Annotations Example:")
delete_items_from_yaml(kube_apis,
f"{TEST_DATA}/annotations/grpc/annotations-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return AnnotationsSetup(ingress_controller_endpoint,
f"{TEST_DATA}/annotations/grpc/annotations-ingress.yaml",
ingress_name, ingress_host, ic_pod_name, test_namespace, event_text, error_text)
def external_name_setup(request, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, ingress_controller, test_namespace) -> ExternalNameSetup:
print("------------------------- Deploy External-Name-Example -----------------------------------")
ingress_name = create_ingress_from_yaml(kube_apis.extensions_v1_beta1, test_namespace,
f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-ingress.yaml")
external_host = get_external_host_from_yaml(f"{TEST_DATA}/externalname-services/externalname-svc.yaml")
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/externalname-services/nginx-config.yaml")
svc_name = create_service_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/externalname-services/externalname-svc.yaml")
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
def fin():
print("Clean up External-Name-Example:")
replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map)
delete_ingress(kube_apis.extensions_v1_beta1, ingress_name, test_namespace)
delete_service(kube_apis.v1, svc_name, test_namespace)
request.addfinalizer(fin)
return ExternalNameSetup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, svc_name, external_host, test_namespace)
def test_v_s_r_overrides_config_map(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup, v_s_route_app_setup,
options, expected_strings,
unexpected_strings):
req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"Configuration for {text_s} was added or updated"
vsr_m_event_text = f"Configuration for {text_m} was added or updated"
events_ns_m = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
events_ns_s = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
initial_count_vsr_m = get_event_count(vsr_m_event_text, events_ns_m)
initial_count_vsr_s = get_event_count(vsr_s_event_text, events_ns_s)
print(f"Case 4: key specified in ConfigMap, option specified in VS")
new_body_m = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple.yaml",
options)
new_body_s = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-route-upstream-options/route-single.yaml",
options)
patch_v_s_route(kube_apis.custom_objects, v_s_route_setup.route_m.name,
v_s_route_setup.route_m.namespace, new_body_m)
patch_v_s_route(kube_apis.custom_objects, v_s_route_setup.route_s.name,
v_s_route_setup.route_s.namespace, new_body_s)
config_map_name = ingress_controller_prerequisites.config_map[
"metadata"]["name"]
replace_configmap_from_yaml(
kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-route-upstream-options/configmap-with-keys.yaml"
)
wait_before_test(1)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
vsr_s_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
assert_event_count_increased(vsr_m_event_text, initial_count_vsr_m,
vsr_m_events)
assert_event_count_increased(vsr_s_event_text, initial_count_vsr_s,
vsr_s_events)
for _ in expected_strings:
assert _ in config
for _ in unexpected_strings:
assert _ not in config
assert_response_codes(resp_1, resp_2)
def test_event_message_and_config(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup):
invalid_fields_s = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails", "upstreams[0].connect-timeout",
"upstreams[0].read-timeout", "upstreams[0].send-timeout",
"upstreams[0].keepalive", "upstreams[0].max-conns",
"upstreams[0].next-upstream", "upstreams[0].next-upstream-timeout",
"upstreams[0].next-upstream-tries",
"upstreams[0].client-max-body-size", "upstreams[0].buffers.number",
"upstreams[0].buffers.size", "upstreams[0].buffer-size"
]
invalid_fields_m = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails", "upstreams[0].connect-timeout",
"upstreams[0].read-timeout", "upstreams[0].send-timeout",
"upstreams[0].keepalive", "upstreams[0].max-conns",
"upstreams[0].next-upstream", "upstreams[0].next-upstream-timeout",
"upstreams[0].next-upstream-tries",
"upstreams[0].client-max-body-size", "upstreams[0].buffers.number",
"upstreams[0].buffers.size", "upstreams[0].buffer-size",
"upstreams[1].lb-method", "upstreams[1].fail-timeout",
"upstreams[1].max-fails", "upstreams[1].connect-timeout",
"upstreams[1].read-timeout", "upstreams[1].send-timeout",
"upstreams[1].keepalive", "upstreams[1].max-conns",
"upstreams[1].next-upstream", "upstreams[1].next-upstream-timeout",
"upstreams[1].next-upstream-tries",
"upstreams[1].client-max-body-size", "upstreams[1].buffers.number",
"upstreams[1].buffers.size", "upstreams[1].buffer-size"
]
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"VirtualServerRoute {text_s} is invalid and was rejected: "
vsr_m_event_text = f"VirtualServerRoute {text_m} is invalid and was rejected: "
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_s.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-single-invalid-keys.yaml",
v_s_route_setup.route_s.namespace)
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml",
v_s_route_setup.route_m.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
vsr_s_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
assert_event_starts_with_text_and_contains_errors(
vsr_s_event_text, vsr_s_events, invalid_fields_s)
assert_event_starts_with_text_and_contains_errors(
vsr_m_event_text, vsr_m_events, invalid_fields_m)
assert "upstream" not in config