def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup:
tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")}
master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml")
minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml")
print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------")
create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace)
ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml")
common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace)
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl)
wait_before_test(2)
def fin():
print("Delete Master Secret:")
if is_secret_present(kube_apis.v1, master_secret_name, test_namespace):
delete_secret(kube_apis.v1, master_secret_name, test_namespace)
print("Delete Minion Secret:")
if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace):
delete_secret(kube_apis.v1, minion_secret_name, test_namespace)
print("Clean up the JWT Auth Mergeable Minions Application:")
delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace)
delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml",
test_namespace)
request.addfinalizer(fin)
return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def test_response_codes_after_secret_remove_and_restore(self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret):
req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2"
delete_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace)
wait_before_test(1)
resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token})
assert resp.status_code == 500
jwt_secret.secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml")
wait_before_test(1)
resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token})
assert resp.status_code == 200
def jwt_secret(request, kube_apis, ingress_controller_endpoint, jwt_secrets_setup, test_namespace) -> JWTSecret:
secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml")
wait_before_test(1)
def fin():
print("Delete Secret:")
if is_secret_present(kube_apis.v1, secret_name, test_namespace):
delete_secret(kube_apis.v1, secret_name, test_namespace)
request.addfinalizer(fin)
return JWTSecret(secret_name)
def test_certificate_subject_updates_after_secret_update(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller,
wildcard_tls_secret_setup):
replace_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/wildcard-tls-secret/gb-wildcard-tls-secret.yaml")
wait_before_test(1)
subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.ingress_host,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
assert subject_dict[b'C'] == b'GB'
assert subject_dict[b'ST'] == b'Cambridgeshire'
assert subject_dict[b'CN'] == b'cafe.example.com'
def test_certificate_subject_remains_with_invalid_secret(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller,
wildcard_tls_secret_setup):
replace_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/wildcard-tls-secret/invalid-wildcard-tls-secret.yaml")
wait_before_test(1)
subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.ingress_host,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
assert subject_dict[b'C'] == b'ES'
assert subject_dict[b'ST'] == b'CanaryIslands'
assert subject_dict[b'CN'] == b'example.com'
def test_response_and_subject_remains_after_secret_delete(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller,
wildcard_tls_secret_setup):
delete_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name,
ingress_controller_prerequisites.namespace)
wait_before_test(1)
req_url = f"https://{wildcard_tls_secret_setup.public_endpoint.public_ip}:{wildcard_tls_secret_setup.public_endpoint.port_ssl}/backend1"
resp = requests.get(req_url, headers={"host": wildcard_tls_secret_setup.ingress_host}, verify=False)
assert resp.status_code == 200
subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.ingress_host,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
assert subject_dict[b'C'] == b'GB'
assert subject_dict[b'ST'] == b'Cambridgeshire'
assert subject_dict[b'CN'] == b'cafe.example.com'
def test_jwt_auth_response_codes_and_location(self, kube_apis, jwt_auth_setup, test_namespace):
print("Step 1: execute check after secrets creation")
execute_checks(jwt_auth_setup, step_1_expected_results)
print("Step 2: replace master secret")
replace_secret(kube_apis.v1, jwt_auth_setup.master_secret_name, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret-updated.yaml")
wait_before_test(1)
execute_checks(jwt_auth_setup, step_2_expected_results)
print("Step 3: now replace minion secret as well")
replace_secret(kube_apis.v1, jwt_auth_setup.minion_secret_name, test_namespace,
f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret-updated.yaml")
wait_before_test(1)
execute_checks(jwt_auth_setup, step_3_expected_results)
print("Step 4: now remove minion secret")
delete_secret(kube_apis.v1, jwt_auth_setup.minion_secret_name, test_namespace)
wait_before_test(1)
execute_checks(jwt_auth_setup, step_4_expected_results)
print("Step 5: finally remove master secret as well")
delete_secret(kube_apis.v1, jwt_auth_setup.master_secret_name, test_namespace)
wait_before_test(1)
execute_checks(jwt_auth_setup, step_5_expected_results)
def test_policy_empty_ingress_class(
self,
kube_apis,
crd_ingress_controller,
virtual_server_setup,
test_namespace,
src,
):
"""
Test if policy with no ingress class is applied to vs
"""
print(f"Create rl policy")
pol_name = create_policy_from_yaml(kube_apis.custom_objects,
policy_src, test_namespace)
wait_before_test()
policy_info = read_custom_resource(kube_apis.custom_objects,
test_namespace, "policies",
pol_name)
assert (policy_info["status"]
and policy_info["status"]["reason"] == "AddedOrUpdated"
and policy_info["status"]["state"] == "Valid")
print(f"Patch vs with policy: {src}")
patch_virtual_server_from_yaml(
kube_apis.custom_objects,
virtual_server_setup.vs_name,
src,
virtual_server_setup.namespace,
)
wait_before_test()
vs_info = read_custom_resource(kube_apis.custom_objects,
virtual_server_setup.namespace,
"virtualservers",
virtual_server_setup.vs_name)
assert (vs_info["status"]
and vs_info["status"]["reason"] == "AddedOrUpdated"
and vs_info["status"]["state"] == "Valid")
delete_policy(kube_apis.custom_objects, pol_name, test_namespace)
self.restore_default_vs(kube_apis, virtual_server_setup)
def test_v_s_overrides_config_map(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup, options,
expected_strings, unexpected_strings):
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace)
initial_count = get_event_count(vs_event_text, events_vs)
print(f"Case 4: key in ConfigMap, option specified in VS")
new_body = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml",
options)
patch_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace, new_body)
config_map_name = ingress_controller_prerequisites.config_map[
"metadata"]["name"]
replace_configmap_from_yaml(
kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-upstream-options/configmap-with-keys.yaml"
)
wait_before_test(1)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_count_increased(vs_event_text, initial_count, vs_events)
for _ in expected_strings:
assert _ in config
for _ in unexpected_strings:
assert _ not in config
assert_response_codes(resp_1, resp_2)
def backend_setup(request, kube_apis, ingress_controller_endpoint,
test_namespace) -> BackendSetup:
"""
Deploy simple application and all the Ingress resources under test in one namespace.
:param request: pytest fixture
:param kube_apis: client apis
:param ingress_controller_endpoint: public endpoint
:param test_namespace:
:return: BackendSetup
"""
print(
"------------------------- Deploy the backend -----------------------------------"
)
create_example_app(kube_apis, "simple", test_namespace)
req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1"
wait_until_all_pods_are_ready(kube_apis.v1, test_namespace)
ensure_connection_to_public_endpoint(
ingress_controller_endpoint.public_ip,
ingress_controller_endpoint.port,
ingress_controller_endpoint.port_ssl,
)
print(
"------------------------- Deploy ingresses under test -----------------------------------"
)
ingress_hosts = {}
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
create_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
ingress_hosts[item] = get_first_ingress_host_from_yaml(src_ing_yaml)
wait_before_test(2)
def fin():
print("Clean up:")
delete_common_app(kube_apis, "simple", test_namespace)
for item in ingresses_under_test:
src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml"
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
request.addfinalizer(fin)
return BackendSetup(req_url, ingress_hosts)
def test_tcp_request_load_balanced(self, kube_apis, crd_ingress_controller,
transport_server_setup,
ingress_controller_prerequisites):
"""
Requests to the load balanced TCP service should result in responses from 3 different endpoints.
"""
wait_before_test()
port = transport_server_setup.public_endpoint.tcp_server_port
host = transport_server_setup.public_endpoint.public_ip
print(f"sending tcp requests to: {host}:{port}")
endpoints = {}
for i in range(20):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
client.sendall(b'connect')
response = client.recv(4096)
endpoint = response.decode()
print(f' req number {i}; response: {endpoint}')
if endpoint not in endpoints:
endpoints[endpoint] = 1
else:
endpoints[endpoint] = endpoints[endpoint] + 1
client.close()
assert len(endpoints) is 3
result_conf = get_ts_nginx_template_conf(
kube_apis.v1, transport_server_setup.namespace,
transport_server_setup.name,
transport_server_setup.ingress_pod_name,
ingress_controller_prerequisites.namespace)
pattern = 'server .*;'
servers = re.findall(pattern, result_conf)
for key in endpoints.keys():
found = False
for server in servers:
if key in server:
found = True
assert found
def test_when_option_in_config_map_only(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
v_s_route_setup, v_s_route_app_setup, restore_configmap,
config_map_file, expected_strings, unexpected_strings):
req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"Configuration for {text_s} was added or updated"
vsr_m_event_text = f"Configuration for {text_m} was added or updated"
print(f"Case 3: key specified in ConfigMap, no option in VS")
patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple.yaml",
v_s_route_setup.route_m.namespace)
patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_s.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-single.yaml",
v_s_route_setup.route_s.namespace)
config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"]
replace_configmap_from_yaml(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
config_map_file)
wait_before_test()
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(kube_apis.v1,
v_s_route_setup.namespace,
v_s_route_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
vsr_s_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
assert_event(vsr_m_event_text, vsr_m_events)
assert_event(vsr_s_event_text, vsr_s_events)
for _ in expected_strings:
assert _ in config
for _ in unexpected_strings:
assert _ not in config
assert_response_codes(resp_1, resp_2)
def test_responses_after_rbac_misconfiguration(self, kube_apis,
crd_ingress_controller,
virtual_server_setup):
print("\nStep 1: rbac misconfiguration from the very start")
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 404
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 404
print("Step 2: configure RBAC and check")
patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
def test_response_and_subject_remains_after_secret_delete(
self, kube_apis, ingress_controller_prerequisites,
wildcard_tls_secret_ingress_controller, wildcard_tls_secret_setup):
delete_secret(kube_apis.v1,
wildcard_tls_secret_ingress_controller.secret_name,
ingress_controller_prerequisites.namespace)
wait_before_test(1)
req_url = f"https://{wildcard_tls_secret_setup.public_endpoint.public_ip}:{wildcard_tls_secret_setup.public_endpoint.port_ssl}/backend1"
resp = requests.get(
req_url,
headers={"host": wildcard_tls_secret_setup.ingress_host},
verify=False)
assert resp.status_code == 200
subject_dict = get_server_certificate_subject(
wildcard_tls_secret_setup.public_endpoint.public_ip,
wildcard_tls_secret_setup.ingress_host,
wildcard_tls_secret_setup.public_endpoint.port_ssl)
assert subject_dict[b'C'] == b'GB'
assert subject_dict[b'ST'] == b'Cambridgeshire'
assert subject_dict[b'CN'] == b'cafe.example.com'
def test_responses_after_backend_service_removal(self, kube_apis, crd_ingress_controller, virtual_server_setup):
print("\nStep 8: remove one backend service and check")
delete_service(kube_apis.v1, "backend1-svc", virtual_server_setup.namespace)
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 502
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
print("\nStep 9: restore backend service and check")
create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, f"{TEST_DATA}/common/backend1-svc.yaml")
wait_before_test(3)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
def test_vsr_without_vs(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup,
test_namespace):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
vsr_name = create_v_s_route_from_yaml(
kube_apis.custom_objects,
f"{TEST_DATA}/virtual-server-route/route-orphan.yaml",
test_namespace)
vsr_paths = get_paths_from_vsr_yaml(
f"{TEST_DATA}/virtual-server-route/route-orphan.yaml")
wait_before_test(1)
new_config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
new_list_ns_3 = get_events(kube_apis.v1, test_namespace)
assert_locations_not_in_config(new_config, vsr_paths)
assert_event_and_count(
f"No VirtualServer references VirtualServerRoute {test_namespace}/{vsr_name}",
1, new_list_ns_3)
def test_response_codes_after_secret_remove_and_restore(
self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret):
req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2"
delete_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace)
wait_before_test(1)
resp = requests.get(
req_url,
headers={"host": jwt_secrets_setup.ingress_host},
cookies={"auth_token": jwt_secrets_setup.jwt_token})
assert resp.status_code == 500
jwt_secret.secret_name = create_secret_from_yaml(
kube_apis.v1, test_namespace,
f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml")
wait_before_test(1)
resp = requests.get(
req_url,
headers={"host": jwt_secrets_setup.ingress_host},
cookies={"auth_token": jwt_secrets_setup.jwt_token})
assert resp.status_code == 200
def patch_valid_vsr(self, kube_apis, v_s_route_setup) -> None:
"""
Function to revert vsr deployments to valid state
"""
patch_src_m = f"{TEST_DATA}/virtual-server-route-status/route-multiple.yaml"
patch_v_s_route_from_yaml(
kube_apis.custom_objects,
v_s_route_setup.route_m.name,
patch_src_m,
v_s_route_setup.route_m.namespace,
)
wait_before_test()
patch_src_s = f"{TEST_DATA}/virtual-server-route-status/route-single.yaml"
patch_v_s_route_from_yaml(
kube_apis.custom_objects,
v_s_route_setup.route_s.name,
patch_src_s,
v_s_route_setup.route_s.namespace,
)
wait_before_test()
def test_validation_flow(self, kube_apis, crd_ingress_controller,
v_s_route_setup):
invalid_fields = [
"spec.subroutes[0].action.return.code",
"spec.subroutes[0].action.return.body"
]
req_host = f"{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
req_url = f"http://{req_host}{v_s_route_setup.route_s.paths[0]}"
text = f"{v_s_route_setup.namespace}/{v_s_route_setup.route_m.name}"
vsr_m_event_text = f"VirtualServerRoute {text} is invalid and was rejected: "
vsr_src = f"{TEST_DATA}/virtual-server-route-canned-responses/route-multiple-invalid.yaml"
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_m.name, vsr_src,
v_s_route_setup.namespace)
wait_before_test(1)
wait_and_assert_status_code(404, req_url, v_s_route_setup.vs_host)
events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
assert_event_starts_with_text_and_contains_errors(
vsr_m_event_text, events, invalid_fields)
def test_ssl_keys(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup, clean_up):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace)
print("Step 1: update ConfigMap with valid ssl keys")
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys.yaml"
)
wait_before_test(1)
step_1_events = get_events(kube_apis.v1,
virtual_server_setup.namespace)
step_1_config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
assert_valid_event_emitted(virtual_server_setup, step_1_events,
initial_list)
assert_ssl_keys(step_1_config)
print("Step 2: update ConfigMap with invalid ssl keys")
replace_configmap_from_yaml(
kube_apis.v1,
ingress_controller_prerequisites.config_map['metadata']['name'],
ingress_controller_prerequisites.namespace,
f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml"
)
wait_before_test(1)
step_2_events = get_events(kube_apis.v1,
virtual_server_setup.namespace)
step_2_config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
assert_valid_event_count_increased(virtual_server_setup, step_2_events,
step_1_events)
assert_defaults_of_ssl_keys(step_2_config)
def test_validation_event_flow(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup):
invalid_fields_m = [
"spec.subroutes[0].errorPages[0].redirect.url: Invalid value",
"spec.subroutes[0].errorPages[0].redirect.code: Invalid value: 101",
"spec.subroutes[1].errorPages[0].return.body: Invalid value: \"status\"",
"spec.subroutes[1].errorPages[0].return.code: Invalid value: 100",
"spec.subroutes[1].errorPages[0].return.headers[0].value: Invalid value: \"schema\""
]
invalid_fields_s = [
"spec.subroutes[0].errorPages[0].redirect.url: Required value: must specify a url"
]
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"VirtualServerRoute {text_s} is invalid and was rejected: "
vsr_m_event_text = f"VirtualServerRoute {text_m} is invalid and was rejected: "
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_s.name,
f"{TEST_DATA}/virtual-server-route-error-pages/route-single-invalid.yaml",
v_s_route_setup.route_s.namespace)
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route-error-pages/route-multiple-invalid.yaml",
v_s_route_setup.route_m.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
vsr_s_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
assert_event_starts_with_text_and_contains_errors(
vsr_s_event_text, vsr_s_events, invalid_fields_s)
assert_event_starts_with_text_and_contains_errors(
vsr_m_event_text, vsr_m_events, invalid_fields_m)
assert "upstream" not in config
def test_prefix_rewrite(self, kube_apis, crd_ingress_controller,
v_s_route_setup, v_s_route_app_setup):
"""
Test VirtualServerRoute URI rewrite using prefix
"""
req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
patch_src_m = f"{TEST_DATA}/virtual-server-route-rewrites/route-multiple-prefix-regex.yaml"
patch_v_s_route_from_yaml(
kube_apis.custom_objects,
v_s_route_setup.route_m.name,
patch_src_m,
v_s_route_setup.route_m.namespace,
)
wait_before_test()
patch_src_s = f"{TEST_DATA}/virtual-server-route-rewrites/route-single-prefix.yaml"
patch_v_s_route_from_yaml(
kube_apis.custom_objects,
v_s_route_setup.route_s.name,
patch_src_s,
v_s_route_setup.route_s.namespace,
)
wait_before_test()
resp1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}/",
headers={"host": v_s_route_setup.vs_host})
resp2 = requests.get(
f"{req_url}{v_s_route_setup.route_m.paths[0]}/abc",
headers={"host": v_s_route_setup.vs_host})
resp3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
headers={"host": v_s_route_setup.vs_host})
resp4 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}/",
headers={"host": v_s_route_setup.vs_host})
resp5 = requests.get(
f"{req_url}{v_s_route_setup.route_s.paths[0]}/abc",
headers={"host": v_s_route_setup.vs_host})
self.patch_standard_vsr(kube_apis, v_s_route_setup)
assert ("URI: /\nRequest" in resp1.text
and "URI: /abc\nRequest" in resp2.text
and "URI: /backend2_1\nRequest" in resp3.text
and "URI: /backend2_1/\nRequest" in resp4.text
and "URI: /backend2_1/abc\nRequest" in resp5.text)
def test_configurble_timeout_directives(
self, kube_apis, crd_ingress_controller, transport_server_setup, ingress_controller_prerequisites
):
"""
Test session and upstream configurable timeouts are present in conf
"""
patch_src = f"{TEST_DATA}/transport-server/transport-server-configurable-timeouts.yaml"
patch_ts_from_yaml(
kube_apis.custom_objects,
transport_server_setup.name,
patch_src,
transport_server_setup.namespace,
)
wait_before_test()
conf = get_ts_nginx_template_conf(
kube_apis.v1,
transport_server_setup.namespace,
transport_server_setup.name,
transport_server_setup.ingress_pod_name,
ingress_controller_prerequisites.namespace
)
print(conf)
std_src = f"{TEST_DATA}/transport-server-status/standard/transport-server.yaml"
patch_ts_from_yaml(
kube_apis.custom_objects,
transport_server_setup.name,
std_src,
transport_server_setup.namespace,
)
assert (
"proxy_timeout 2s;" in conf # sessionParameters
)
assert (
"proxy_connect_timeout 5s;" in conf # upstreamParameters
and "proxy_next_upstream on;" in conf
and "proxy_next_upstream_timeout 4s;" in conf
and "proxy_next_upstream_tries 3;" in conf
)
def test_tls_passthrough_host_collision_ts(
self,
kube_apis,
crd_ingress_controller,
transport_server_tls_passthrough_setup,
test_namespace,
):
"""
Test host collision handling in TransportServer with another TransportServer.
"""
print("Step 1: Create second TS with same host")
ts_src_same_host = (
f"{TEST_DATA}/transport-server-tls-passthrough/transport-server-same-host.yaml"
)
ts_same_host = create_ts_from_yaml(kube_apis.custom_objects,
ts_src_same_host, test_namespace)
wait_before_test()
response = read_ts(kube_apis.custom_objects, test_namespace,
ts_same_host["metadata"]["name"])
assert (response["status"]["reason"] == "Rejected"
and response["status"]["message"]
== "Host is taken by another resource")
print("Step 2: Delete TS taking up the host")
delete_ts(
kube_apis.custom_objects,
transport_server_tls_passthrough_setup.ts_resource,
test_namespace,
)
wait_before_test(1)
response = read_ts(kube_apis.custom_objects, test_namespace,
ts_same_host["metadata"]["name"])
assert (response["status"]["reason"] == "AddedOrUpdated"
and response["status"]["state"] == "Valid")
print("Step 3: Delete second TS and re-create standard one")
delete_ts(kube_apis.custom_objects, ts_same_host, test_namespace)
self.restore_ts(kube_apis, transport_server_tls_passthrough_setup)
response = read_ts(kube_apis.custom_objects, test_namespace,
transport_server_tls_passthrough_setup.name)
assert (response["status"]["reason"] == "AddedOrUpdated"
and response["status"]["state"] == "Valid")
def test_openapi_validation_flow(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup):
ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
invalid_fields = [
"lb-method", "fail-timeout",
"max-fails", "connect-timeout",
"read-timeout", "send-timeout",
"keepalive", "max-conns",
"next-upstream",
"next-upstream-timeout", "next-upstream-tries",
"client-max-body-size",
"buffers.number", "buffers.size", "buffer-size",
"buffering", "tls"
]
config_old = get_vs_nginx_template_conf(kube_apis.v1,
virtual_server_setup.namespace,
virtual_server_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
vs_file = f"{TEST_DATA}/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml"
try:
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name,
vs_file,
virtual_server_setup.namespace)
except ApiException as ex:
assert ex.status == 422
for item in invalid_fields:
assert item in ex.body
except Exception as ex:
pytest.fail(f"An unexpected exception is raised: {ex}")
else:
pytest.fail("Expected an exception but there was none")
wait_before_test(2)
config_new = get_vs_nginx_template_conf(kube_apis.v1,
virtual_server_setup.namespace,
virtual_server_setup.vs_name,
ic_pod_name,
ingress_controller_prerequisites.namespace)
assert config_old == config_new, "Expected: config doesn't change"
def test_simple_ingress_batch_start(
self,
request,
kube_apis,
ingress_controller_prerequisites,
ingress_controller,
test_namespace,
simple_ingress_setup,
):
"""
Pod startup time with simple Ingress
"""
ensure_response_from_backend(
simple_ingress_setup.req_url, simple_ingress_setup.ingress_host, check404=True
)
total_ing = int(request.config.getoption("--batch-resources"))
manifest = f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml"
for i in range(1, total_ing + 1):
with open(manifest) as f:
doc = yaml.safe_load(f)
doc["metadata"]["name"] = f"smoke-ingress-{i}"
doc["spec"]["rules"][0]["host"] = f"smoke-{i}.example.com"
create_ingress(kube_apis.networking_v1, test_namespace, doc)
print(f"Total resources deployed is {total_ing}")
wait_before_test()
ic_ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ic_ns, 0)
while get_pods_amount(kube_apis.v1, ic_ns) is not 0:
print(f"Number of replicas not 0, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ic_ns, 1)
assert (
get_total_ingresses(simple_ingress_setup.metrics_url, "nginx") == str(total_ing + 1)
and get_last_reload_status(simple_ingress_setup.metrics_url, "nginx") == "1"
)
for i in range(1, total_ing + 1):
delete_ingress(kube_apis.networking_v1, f"smoke-ingress-{i}", test_namespace)
assert num is None
def test_rl_override(
self,
kube_apis,
crd_ingress_controller,
virtual_server_setup,
test_namespace,
src,
):
"""
List multiple policies in vs and test if the one with less rps is used
"""
print(f"Create rl policy")
pol_name_pri = create_policy_from_yaml(kube_apis.custom_objects,
rl_pol_pri_src, test_namespace)
pol_name_sec = create_policy_from_yaml(kube_apis.custom_objects,
rl_pol_sec_src, test_namespace)
print(f"Patch vs with policy: {src}")
patch_virtual_server_from_yaml(
kube_apis.custom_objects,
virtual_server_setup.vs_name,
src,
virtual_server_setup.namespace,
)
wait_before_test()
occur = []
t_end = time.perf_counter() + 1
resp = requests.get(
virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host},
)
assert resp.status_code == 200
while time.perf_counter() < t_end:
resp = requests.get(
virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host},
)
occur.append(resp.status_code)
delete_policy(kube_apis.custom_objects, pol_name_pri, test_namespace)
delete_policy(kube_apis.custom_objects, pol_name_sec, test_namespace)
self.restore_default_vs(kube_apis, virtual_server_setup)
assert occur.count(200) <= 1
def test_responses_after_rbac_misconfiguration_on_the_fly(self, kube_apis, crd_ingress_controller,
virtual_server_setup):
print("Step 10: remove virtualservers from the ClusterRole and check")
patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml")
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
print("Step 11: restore ClusterRole and check")
patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml")
wait_before_test(1)
resp = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
resp = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
assert resp.status_code == 200
def test_flow_for_invalid_vs(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup,
v_s_route_app_setup):
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
text_vs = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
vs_event_text = f'VirtualServer {text_vs} was rejected with error: ' \
f'spec.routes[1].path: Duplicate value: "=/exact-match$request"'
vs_src_yaml = f"{TEST_DATA}" \
f"/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects,
v_s_route_setup.vs_name, vs_src_yaml,
v_s_route_setup.namespace)
wait_before_test(2)
vs_events = get_events(kube_apis.v1, v_s_route_setup.namespace)
assert_vs_conf_not_exists(kube_apis, ic_pod_name,
ingress_controller_prerequisites.namespace,
v_s_route_setup)
assert_event(vs_event_text, vs_events)
def test_validation_flow(self, kube_apis, crd_ingress_controller,
virtual_server_setup):
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
event_text = f"VirtualServer {text} was rejected with error:"
invalid_fields = [
"spec.routes[0].action.redirect.code",
"spec.routes[1].action.redirect.url"
]
vs_src = f"{TEST_DATA}/virtual-server-redirects/virtual-server-invalid.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name, vs_src,
virtual_server_setup.namespace)
wait_before_test(2)
wait_and_assert_status_code(404,
virtual_server_setup.backend_1_url,
virtual_server_setup.vs_host,
allow_redirects=False)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_starts_with_text_and_contains_errors(
event_text, vs_events, invalid_fields)
def test_update(self, kube_apis, crd_ingress_controller, virtual_server_setup):
wait_before_test(1)
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace)
initial_count = assert_event_and_get_count(vs_event_text, events_vs)
vs_src = f"{TEST_DATA}/virtual-server-canned-responses/virtual-server-updated.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects, virtual_server_setup.vs_name, vs_src,
virtual_server_setup.namespace)
wait_and_assert_status_code(501, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host)
resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host})
resp_content = resp.content.decode('utf-8')
assert resp.headers['content-type'] == 'some/type' and resp_content == "{}"
wait_and_assert_status_code(201, virtual_server_setup.backend_2_url, virtual_server_setup.vs_host)
resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host})
resp_content = resp.content.decode('utf-8')
assert resp.headers['content-type'] == 'user-type' and resp_content == "line1\nline2"
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_count_increased(vs_event_text, initial_count, vs_events)
def test_ap_pod_startup(
self,
request,
kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller_with_ap,
appprotect_setup,
test_namespace,
):
"""
Log pod startup time while scaling up from 0 to 1
"""
src_syslog_yaml = f"{TEST_DATA}/appprotect/syslog.yaml"
create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
syslog_dst = f"syslog-svc.{test_namespace}"
# FIXME this is not used
# items[-1] because syslog pod is last one to spin-up
# syslog_pod = kube_apis.v1.list_namespaced_pod(test_namespace).items[-1].metadata.name
create_ingress_with_ap_annotations(
kube_apis, src_ing_yaml, test_namespace, ap_policy, "True", "True", f"{syslog_dst}:514"
)
ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml)
print("--------- AppProtect module is enabled with correct policy ---------")
ensure_response_from_backend(appprotect_setup.req_url, ingress_host, check404=True)
ns = ingress_controller_prerequisites.namespace
scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ns, 0)
pods = get_pods_amount(kube_apis.v1, ns)
while pods != 0:
print(f"Number of replicas not 0 but {pods}, retrying...")
wait_before_test()
num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ns, 1)
delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace)
delete_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace)
assert num is None
def test_event_message_and_config(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller,
virtual_server_setup):
invalid_fields = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails", "upstreams[0].connect-timeout",
"upstreams[0].read-timeout", "upstreams[0].send-timeout",
"upstreams[0].keepalive", "upstreams[0].max-conns",
"upstreams[0].next-upstream", "upstreams[0].next-upstream-timeout",
"upstreams[0].next-upstream-tries",
"upstreams[0].client-max-body-size", "upstreams[0].buffers.number",
"upstreams[0].buffers.size", "upstreams[0].buffer-size",
"upstreams[1].lb-method", "upstreams[1].fail-timeout",
"upstreams[1].max-fails", "upstreams[1].connect-timeout",
"upstreams[1].read-timeout", "upstreams[1].send-timeout",
"upstreams[1].keepalive", "upstreams[1].max-conns",
"upstreams[1].next-upstream", "upstreams[1].next-upstream-timeout",
"upstreams[1].next-upstream-tries",
"upstreams[1].client-max-body-size", "upstreams[1].buffers.number",
"upstreams[1].buffers.size", "upstreams[1].buffer-size"
]
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"VirtualServer {text} is invalid and was rejected: "
vs_file = f"{TEST_DATA}/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml"
patch_virtual_server_from_yaml(kube_apis.custom_objects,
virtual_server_setup.vs_name, vs_file,
virtual_server_setup.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
response = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_starts_with_text_and_contains_errors(
vs_event_text, vs_events, invalid_fields)
assert_template_config_does_not_exist(response)
def test_config_and_events(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup,
options, expected_strings):
expected_strings.append(
f"location @hc-vs_"
f"{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}_backend1"
)
expected_strings.append(
f"location @hc-vs_"
f"{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}_backend2"
)
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace)
initial_count = get_event_count(vs_event_text, events_vs)
print(f"Case 1: option specified in VS")
new_body = generate_item_with_upstream_options(
f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml",
options)
patch_virtual_server(kube_apis.custom_objects,
virtual_server_setup.vs_name,
virtual_server_setup.namespace, new_body)
wait_before_test(1)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, virtual_server_setup.namespace,
virtual_server_setup.vs_name, ic_pod_name,
ingress_controller_prerequisites.namespace)
resp_1 = requests.get(virtual_server_setup.backend_1_url,
headers={"host": virtual_server_setup.vs_host})
resp_2 = requests.get(virtual_server_setup.backend_2_url,
headers={"host": virtual_server_setup.vs_host})
vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace)
assert_event_count_increased(vs_event_text, initial_count, vs_events)
for _ in expected_strings:
assert _ in config
assert_response_codes(resp_1, resp_2)
def test_update(self, kube_apis, crd_ingress_controller, v_s_route_setup):
req_host = f"{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
req_url_1 = f"http://{req_host}{v_s_route_setup.route_m.paths[0]}"
req_url_2 = f"http://{req_host}{v_s_route_setup.route_m.paths[1]}"
vs_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
vsr_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.route_m.name}"
vs_event_text = f"Configuration for {vs_name} was added or updated"
vsr_event_text = f"Configuration for {vsr_name} was added or updated"
wait_before_test(1)
events_ns = get_events(kube_apis.v1, v_s_route_setup.namespace)
initial_count_vs = assert_event_and_get_count(vs_event_text, events_ns)
initial_count_vsr = assert_event_and_get_count(vsr_event_text,
events_ns)
vsr_src = f"{TEST_DATA}/virtual-server-route-redirects/route-multiple-updated.yaml"
patch_v_s_route_from_yaml(kube_apis.custom_objects,
v_s_route_setup.route_m.name, vsr_src,
v_s_route_setup.namespace)
wait_and_assert_status_code(301,
req_url_1,
v_s_route_setup.vs_host,
allow_redirects=False)
resp = requests.get(req_url_1,
headers={"host": v_s_route_setup.vs_host},
allow_redirects=False)
assert resp.headers['location'] == "http://demo.nginx.com"
wait_and_assert_status_code(302,
req_url_2,
v_s_route_setup.vs_host,
allow_redirects=False)
resp = requests.get(req_url_2,
headers={"host": v_s_route_setup.vs_host},
allow_redirects=False)
assert resp.headers['location'] == "http://demo.nginx.com"
new_events_ns = get_events(kube_apis.v1, v_s_route_setup.namespace)
assert_event_count_increased(vs_event_text, initial_count_vs,
new_events_ns)
assert_event_count_increased(vsr_event_text, initial_count_vsr,
new_events_ns)
def test_events_flows(self, kube_apis, ingress_controller_prerequisites,
crd_ingress_controller, virtual_server_setup,
vs_externalname_setup):
text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}"
vs_event_text = f"Configuration for {text} was added or updated"
vs_event_update_text = f"Configuration for {text} was updated"
events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace)
initial_count = assert_event_and_get_count(vs_event_text, events_vs)
initial_count_up = assert_event_and_get_count(vs_event_update_text,
events_vs)
print("Step 1: Update external host in externalName service")
external_svc = read_service(kube_apis.v1,
vs_externalname_setup.external_svc,
virtual_server_setup.namespace)
external_svc.spec.external_name = "demo.nginx.com"
replace_service(kube_apis.v1, vs_externalname_setup.external_svc,
virtual_server_setup.namespace, external_svc)
wait_before_test(1)
events_step_1 = get_events(kube_apis.v1,
virtual_server_setup.namespace)
assert_event_and_count(vs_event_text, initial_count + 1, events_step_1)
assert_event_and_count(vs_event_update_text, initial_count_up,
events_step_1)
print("Step 2: Remove resolver from ConfigMap to trigger an error")
config_map_name = ingress_controller_prerequisites.config_map[
"metadata"]["name"]
vs_event_warning_text = f"Configuration for {text} was updated with warning(s):"
replace_configmap(kube_apis.v1, config_map_name,
ingress_controller_prerequisites.namespace,
ingress_controller_prerequisites.config_map)
wait_before_test(1)
events_step_2 = get_events(kube_apis.v1,
virtual_server_setup.namespace)
assert_event_and_count(vs_event_warning_text, 1, events_step_2)
assert_event_and_count(vs_event_update_text, initial_count_up,
events_step_2)
def test_event_message_and_config(self, kube_apis,
ingress_controller_prerequisites,
crd_ingress_controller, v_s_route_setup):
invalid_fields_s = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails"
]
invalid_fields_m = [
"upstreams[0].lb-method", "upstreams[0].fail-timeout",
"upstreams[0].max-fails", "upstreams[1].lb-method",
"upstreams[1].fail-timeout", "upstreams[1].max-fails"
]
text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
vsr_s_event_text = f"VirtualServerRoute {text_s} is invalid and was rejected: "
vsr_m_event_text = f"VirtualServerRoute {text_m} is invalid and was rejected: "
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_s.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-single-invalid-keys.yaml",
v_s_route_setup.route_s.namespace)
patch_v_s_route_from_yaml(
kube_apis.custom_objects, v_s_route_setup.route_m.name,
f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml",
v_s_route_setup.route_m.namespace)
wait_before_test(2)
ic_pod_name = get_first_pod_name(
kube_apis.v1, ingress_controller_prerequisites.namespace)
config = get_vs_nginx_template_conf(
kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name,
ic_pod_name, ingress_controller_prerequisites.namespace)
vsr_s_events = get_events(kube_apis.v1,
v_s_route_setup.route_s.namespace)
vsr_m_events = get_events(kube_apis.v1,
v_s_route_setup.route_m.namespace)
assert_event_starts_with_text_and_contains_errors(
vsr_s_event_text, vsr_s_events, invalid_fields_s)
assert_event_starts_with_text_and_contains_errors(
vsr_m_event_text, vsr_m_events, invalid_fields_m)
assert "upstream" not in config
def test_response_code_500_with_invalid_secret(self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret):
req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2"
replace_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret-invalid.yaml")
wait_before_test(1)
resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token})
assert resp.status_code == 500
