def jwt_auth_setup(request, kube_apis, ingress_controller_endpoint, ingress_controller, test_namespace) -> JWTAuthMergeableSetup: tokens = {"master": get_token_from_file("master"), "minion": get_token_from_file("minion")} master_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret.yaml") minion_secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret.yaml") print("------------------------- Deploy JWT Auth Mergeable Minions Example -----------------------------------") create_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) ingress_host = get_ingress_host_from_yaml(f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml") common_app = create_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint(ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl) wait_before_test(2) def fin(): print("Delete Master Secret:") if is_secret_present(kube_apis.v1, master_secret_name, test_namespace): delete_secret(kube_apis.v1, master_secret_name, test_namespace) print("Delete Minion Secret:") if is_secret_present(kube_apis.v1, minion_secret_name, test_namespace): delete_secret(kube_apis.v1, minion_secret_name, test_namespace) print("Clean up the JWT Auth Mergeable Minions Application:") delete_common_app(kube_apis.v1, kube_apis.extensions_v1_beta1, common_app, test_namespace) delete_items_from_yaml(kube_apis.extensions_v1_beta1, f"{TEST_DATA}/jwt-auth-mergeable/mergeable/jwt-auth-ingress.yaml", test_namespace) request.addfinalizer(fin) return JWTAuthMergeableSetup(ingress_controller_endpoint, ingress_host, master_secret_name, minion_secret_name, tokens)
def test_response_codes_after_secret_remove_and_restore(self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret): req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2" delete_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace) wait_before_test(1) resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token}) assert resp.status_code == 500 jwt_secret.secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml") wait_before_test(1) resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token}) assert resp.status_code == 200
def jwt_secret(request, kube_apis, ingress_controller_endpoint, jwt_secrets_setup, test_namespace) -> JWTSecret: secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml") wait_before_test(1) def fin(): print("Delete Secret:") if is_secret_present(kube_apis.v1, secret_name, test_namespace): delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) return JWTSecret(secret_name)
def test_certificate_subject_updates_after_secret_update(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller, wildcard_tls_secret_setup): replace_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/wildcard-tls-secret/gb-wildcard-tls-secret.yaml") wait_before_test(1) subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.ingress_host, wildcard_tls_secret_setup.public_endpoint.port_ssl) assert subject_dict[b'C'] == b'GB' assert subject_dict[b'ST'] == b'Cambridgeshire' assert subject_dict[b'CN'] == b'cafe.example.com'
def test_certificate_subject_remains_with_invalid_secret(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller, wildcard_tls_secret_setup): replace_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/wildcard-tls-secret/invalid-wildcard-tls-secret.yaml") wait_before_test(1) subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.ingress_host, wildcard_tls_secret_setup.public_endpoint.port_ssl) assert subject_dict[b'C'] == b'ES' assert subject_dict[b'ST'] == b'CanaryIslands' assert subject_dict[b'CN'] == b'example.com'
def test_response_and_subject_remains_after_secret_delete(self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller, wildcard_tls_secret_setup): delete_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name, ingress_controller_prerequisites.namespace) wait_before_test(1) req_url = f"https://{wildcard_tls_secret_setup.public_endpoint.public_ip}:{wildcard_tls_secret_setup.public_endpoint.port_ssl}/backend1" resp = requests.get(req_url, headers={"host": wildcard_tls_secret_setup.ingress_host}, verify=False) assert resp.status_code == 200 subject_dict = get_server_certificate_subject(wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.ingress_host, wildcard_tls_secret_setup.public_endpoint.port_ssl) assert subject_dict[b'C'] == b'GB' assert subject_dict[b'ST'] == b'Cambridgeshire' assert subject_dict[b'CN'] == b'cafe.example.com'
def test_jwt_auth_response_codes_and_location(self, kube_apis, jwt_auth_setup, test_namespace): print("Step 1: execute check after secrets creation") execute_checks(jwt_auth_setup, step_1_expected_results) print("Step 2: replace master secret") replace_secret(kube_apis.v1, jwt_auth_setup.master_secret_name, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-master-secret-updated.yaml") wait_before_test(1) execute_checks(jwt_auth_setup, step_2_expected_results) print("Step 3: now replace minion secret as well") replace_secret(kube_apis.v1, jwt_auth_setup.minion_secret_name, test_namespace, f"{TEST_DATA}/jwt-auth-mergeable/jwt-minion-secret-updated.yaml") wait_before_test(1) execute_checks(jwt_auth_setup, step_3_expected_results) print("Step 4: now remove minion secret") delete_secret(kube_apis.v1, jwt_auth_setup.minion_secret_name, test_namespace) wait_before_test(1) execute_checks(jwt_auth_setup, step_4_expected_results) print("Step 5: finally remove master secret as well") delete_secret(kube_apis.v1, jwt_auth_setup.master_secret_name, test_namespace) wait_before_test(1) execute_checks(jwt_auth_setup, step_5_expected_results)
def test_policy_empty_ingress_class( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, src, ): """ Test if policy with no ingress class is applied to vs """ print(f"Create rl policy") pol_name = create_policy_from_yaml(kube_apis.custom_objects, policy_src, test_namespace) wait_before_test() policy_info = read_custom_resource(kube_apis.custom_objects, test_namespace, "policies", pol_name) assert (policy_info["status"] and policy_info["status"]["reason"] == "AddedOrUpdated" and policy_info["status"]["state"] == "Valid") print(f"Patch vs with policy: {src}") patch_virtual_server_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, src, virtual_server_setup.namespace, ) wait_before_test() vs_info = read_custom_resource(kube_apis.custom_objects, virtual_server_setup.namespace, "virtualservers", virtual_server_setup.vs_name) assert (vs_info["status"] and vs_info["status"]["reason"] == "AddedOrUpdated" and vs_info["status"]["state"] == "Valid") delete_policy(kube_apis.custom_objects, pol_name, test_namespace) self.restore_default_vs(kube_apis, virtual_server_setup)
def test_v_s_overrides_config_map(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup, options, expected_strings, unexpected_strings): text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" vs_event_text = f"Configuration for {text} was added or updated" events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace) initial_count = get_event_count(vs_event_text, events_vs) print(f"Case 4: key in ConfigMap, option specified in VS") new_body = generate_item_with_upstream_options( f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml", options) patch_virtual_server(kube_apis.custom_objects, virtual_server_setup.vs_name, virtual_server_setup.namespace, new_body) config_map_name = ingress_controller_prerequisites.config_map[ "metadata"]["name"] replace_configmap_from_yaml( kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, f"{TEST_DATA}/virtual-server-upstream-options/configmap-with-keys.yaml" ) wait_before_test(1) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) config = get_vs_nginx_template_conf( kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) resp_1 = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) resp_2 = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_count_increased(vs_event_text, initial_count, vs_events) for _ in expected_strings: assert _ in config for _ in unexpected_strings: assert _ not in config assert_response_codes(resp_1, resp_2)
def backend_setup(request, kube_apis, ingress_controller_endpoint, test_namespace) -> BackendSetup: """ Deploy simple application and all the Ingress resources under test in one namespace. :param request: pytest fixture :param kube_apis: client apis :param ingress_controller_endpoint: public endpoint :param test_namespace: :return: BackendSetup """ print( "------------------------- Deploy the backend -----------------------------------" ) create_example_app(kube_apis, "simple", test_namespace) req_url = f"http://{ingress_controller_endpoint.public_ip}:{ingress_controller_endpoint.port}/backend1" wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) print( "------------------------- Deploy ingresses under test -----------------------------------" ) ingress_hosts = {} for item in ingresses_under_test: src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml" create_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) ingress_hosts[item] = get_first_ingress_host_from_yaml(src_ing_yaml) wait_before_test(2) def fin(): print("Clean up:") delete_common_app(kube_apis, "simple", test_namespace) for item in ingresses_under_test: src_ing_yaml = f"{TEST_DATA}/ingress-class/{item}-ingress.yaml" delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) request.addfinalizer(fin) return BackendSetup(req_url, ingress_hosts)
def test_tcp_request_load_balanced(self, kube_apis, crd_ingress_controller, transport_server_setup, ingress_controller_prerequisites): """ Requests to the load balanced TCP service should result in responses from 3 different endpoints. """ wait_before_test() port = transport_server_setup.public_endpoint.tcp_server_port host = transport_server_setup.public_endpoint.public_ip print(f"sending tcp requests to: {host}:{port}") endpoints = {} for i in range(20): client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() print(f' req number {i}; response: {endpoint}') if endpoint not in endpoints: endpoints[endpoint] = 1 else: endpoints[endpoint] = endpoints[endpoint] + 1 client.close() assert len(endpoints) is 3 result_conf = get_ts_nginx_template_conf( kube_apis.v1, transport_server_setup.namespace, transport_server_setup.name, transport_server_setup.ingress_pod_name, ingress_controller_prerequisites.namespace) pattern = 'server .*;' servers = re.findall(pattern, result_conf) for key in endpoints.keys(): found = False for server in servers: if key in server: found = True assert found
def test_when_option_in_config_map_only(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, v_s_route_setup, v_s_route_app_setup, restore_configmap, config_map_file, expected_strings, unexpected_strings): req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}" text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}" vsr_s_event_text = f"Configuration for {text_s} was added or updated" vsr_m_event_text = f"Configuration for {text_m} was added or updated" print(f"Case 3: key specified in ConfigMap, no option in VS") patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_m.name, f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple.yaml", v_s_route_setup.route_m.namespace) patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_s.name, f"{TEST_DATA}/virtual-server-route-upstream-options/route-single.yaml", v_s_route_setup.route_s.namespace) config_map_name = ingress_controller_prerequisites.config_map["metadata"]["name"] replace_configmap_from_yaml(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, config_map_file) wait_before_test() ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) config = get_vs_nginx_template_conf(kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}", headers={"host": v_s_route_setup.vs_host}) resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}", headers={"host": v_s_route_setup.vs_host}) vsr_s_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace) vsr_m_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace) assert_event(vsr_m_event_text, vsr_m_events) assert_event(vsr_s_event_text, vsr_s_events) for _ in expected_strings: assert _ in config for _ in unexpected_strings: assert _ not in config assert_response_codes(resp_1, resp_2)
def test_responses_after_rbac_misconfiguration(self, kube_apis, crd_ingress_controller, virtual_server_setup): print("\nStep 1: rbac misconfiguration from the very start") resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 404 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 404 print("Step 2: configure RBAC and check") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200
def test_response_and_subject_remains_after_secret_delete( self, kube_apis, ingress_controller_prerequisites, wildcard_tls_secret_ingress_controller, wildcard_tls_secret_setup): delete_secret(kube_apis.v1, wildcard_tls_secret_ingress_controller.secret_name, ingress_controller_prerequisites.namespace) wait_before_test(1) req_url = f"https://{wildcard_tls_secret_setup.public_endpoint.public_ip}:{wildcard_tls_secret_setup.public_endpoint.port_ssl}/backend1" resp = requests.get( req_url, headers={"host": wildcard_tls_secret_setup.ingress_host}, verify=False) assert resp.status_code == 200 subject_dict = get_server_certificate_subject( wildcard_tls_secret_setup.public_endpoint.public_ip, wildcard_tls_secret_setup.ingress_host, wildcard_tls_secret_setup.public_endpoint.port_ssl) assert subject_dict[b'C'] == b'GB' assert subject_dict[b'ST'] == b'Cambridgeshire' assert subject_dict[b'CN'] == b'cafe.example.com'
def test_responses_after_backend_service_removal(self, kube_apis, crd_ingress_controller, virtual_server_setup): print("\nStep 8: remove one backend service and check") delete_service(kube_apis.v1, "backend1-svc", virtual_server_setup.namespace) wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 502 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 print("\nStep 9: restore backend service and check") create_service_from_yaml(kube_apis.v1, virtual_server_setup.namespace, f"{TEST_DATA}/common/backend1-svc.yaml") wait_before_test(3) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200
def test_vsr_without_vs(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, v_s_route_setup, test_namespace): ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) vsr_name = create_v_s_route_from_yaml( kube_apis.custom_objects, f"{TEST_DATA}/virtual-server-route/route-orphan.yaml", test_namespace) vsr_paths = get_paths_from_vsr_yaml( f"{TEST_DATA}/virtual-server-route/route-orphan.yaml") wait_before_test(1) new_config = get_vs_nginx_template_conf( kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) new_list_ns_3 = get_events(kube_apis.v1, test_namespace) assert_locations_not_in_config(new_config, vsr_paths) assert_event_and_count( f"No VirtualServer references VirtualServerRoute {test_namespace}/{vsr_name}", 1, new_list_ns_3)
def test_response_codes_after_secret_remove_and_restore( self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret): req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2" delete_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace) wait_before_test(1) resp = requests.get( req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token}) assert resp.status_code == 500 jwt_secret.secret_name = create_secret_from_yaml( kube_apis.v1, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret.yaml") wait_before_test(1) resp = requests.get( req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token}) assert resp.status_code == 200
def patch_valid_vsr(self, kube_apis, v_s_route_setup) -> None: """ Function to revert vsr deployments to valid state """ patch_src_m = f"{TEST_DATA}/virtual-server-route-status/route-multiple.yaml" patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_m.name, patch_src_m, v_s_route_setup.route_m.namespace, ) wait_before_test() patch_src_s = f"{TEST_DATA}/virtual-server-route-status/route-single.yaml" patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_s.name, patch_src_s, v_s_route_setup.route_s.namespace, ) wait_before_test()
def test_validation_flow(self, kube_apis, crd_ingress_controller, v_s_route_setup): invalid_fields = [ "spec.subroutes[0].action.return.code", "spec.subroutes[0].action.return.body" ] req_host = f"{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" req_url = f"http://{req_host}{v_s_route_setup.route_s.paths[0]}" text = f"{v_s_route_setup.namespace}/{v_s_route_setup.route_m.name}" vsr_m_event_text = f"VirtualServerRoute {text} is invalid and was rejected: " vsr_src = f"{TEST_DATA}/virtual-server-route-canned-responses/route-multiple-invalid.yaml" patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_m.name, vsr_src, v_s_route_setup.namespace) wait_before_test(1) wait_and_assert_status_code(404, req_url, v_s_route_setup.vs_host) events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace) assert_event_starts_with_text_and_contains_errors( vsr_m_event_text, events, invalid_fields)
def test_ssl_keys(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup, clean_up): ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace) print("Step 1: update ConfigMap with valid ssl keys") replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys.yaml" ) wait_before_test(1) step_1_events = get_events(kube_apis.v1, virtual_server_setup.namespace) step_1_config = get_vs_nginx_template_conf( kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) assert_valid_event_emitted(virtual_server_setup, step_1_events, initial_list) assert_ssl_keys(step_1_config) print("Step 2: update ConfigMap with invalid ssl keys") replace_configmap_from_yaml( kube_apis.v1, ingress_controller_prerequisites.config_map['metadata']['name'], ingress_controller_prerequisites.namespace, f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml" ) wait_before_test(1) step_2_events = get_events(kube_apis.v1, virtual_server_setup.namespace) step_2_config = get_vs_nginx_template_conf( kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) assert_valid_event_count_increased(virtual_server_setup, step_2_events, step_1_events) assert_defaults_of_ssl_keys(step_2_config)
def test_validation_event_flow(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, v_s_route_setup): invalid_fields_m = [ "spec.subroutes[0].errorPages[0].redirect.url: Invalid value", "spec.subroutes[0].errorPages[0].redirect.code: Invalid value: 101", "spec.subroutes[1].errorPages[0].return.body: Invalid value: \"status\"", "spec.subroutes[1].errorPages[0].return.code: Invalid value: 100", "spec.subroutes[1].errorPages[0].return.headers[0].value: Invalid value: \"schema\"" ] invalid_fields_s = [ "spec.subroutes[0].errorPages[0].redirect.url: Required value: must specify a url" ] text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}" text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}" vsr_s_event_text = f"VirtualServerRoute {text_s} is invalid and was rejected: " vsr_m_event_text = f"VirtualServerRoute {text_m} is invalid and was rejected: " patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_s.name, f"{TEST_DATA}/virtual-server-route-error-pages/route-single-invalid.yaml", v_s_route_setup.route_s.namespace) patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_m.name, f"{TEST_DATA}/virtual-server-route-error-pages/route-multiple-invalid.yaml", v_s_route_setup.route_m.namespace) wait_before_test(2) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) config = get_vs_nginx_template_conf( kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) vsr_s_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace) vsr_m_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace) assert_event_starts_with_text_and_contains_errors( vsr_s_event_text, vsr_s_events, invalid_fields_s) assert_event_starts_with_text_and_contains_errors( vsr_m_event_text, vsr_m_events, invalid_fields_m) assert "upstream" not in config
def test_prefix_rewrite(self, kube_apis, crd_ingress_controller, v_s_route_setup, v_s_route_app_setup): """ Test VirtualServerRoute URI rewrite using prefix """ req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" patch_src_m = f"{TEST_DATA}/virtual-server-route-rewrites/route-multiple-prefix-regex.yaml" patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_m.name, patch_src_m, v_s_route_setup.route_m.namespace, ) wait_before_test() patch_src_s = f"{TEST_DATA}/virtual-server-route-rewrites/route-single-prefix.yaml" patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_s.name, patch_src_s, v_s_route_setup.route_s.namespace, ) wait_before_test() resp1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}/", headers={"host": v_s_route_setup.vs_host}) resp2 = requests.get( f"{req_url}{v_s_route_setup.route_m.paths[0]}/abc", headers={"host": v_s_route_setup.vs_host}) resp3 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}", headers={"host": v_s_route_setup.vs_host}) resp4 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}/", headers={"host": v_s_route_setup.vs_host}) resp5 = requests.get( f"{req_url}{v_s_route_setup.route_s.paths[0]}/abc", headers={"host": v_s_route_setup.vs_host}) self.patch_standard_vsr(kube_apis, v_s_route_setup) assert ("URI: /\nRequest" in resp1.text and "URI: /abc\nRequest" in resp2.text and "URI: /backend2_1\nRequest" in resp3.text and "URI: /backend2_1/\nRequest" in resp4.text and "URI: /backend2_1/abc\nRequest" in resp5.text)
def test_configurble_timeout_directives( self, kube_apis, crd_ingress_controller, transport_server_setup, ingress_controller_prerequisites ): """ Test session and upstream configurable timeouts are present in conf """ patch_src = f"{TEST_DATA}/transport-server/transport-server-configurable-timeouts.yaml" patch_ts_from_yaml( kube_apis.custom_objects, transport_server_setup.name, patch_src, transport_server_setup.namespace, ) wait_before_test() conf = get_ts_nginx_template_conf( kube_apis.v1, transport_server_setup.namespace, transport_server_setup.name, transport_server_setup.ingress_pod_name, ingress_controller_prerequisites.namespace ) print(conf) std_src = f"{TEST_DATA}/transport-server-status/standard/transport-server.yaml" patch_ts_from_yaml( kube_apis.custom_objects, transport_server_setup.name, std_src, transport_server_setup.namespace, ) assert ( "proxy_timeout 2s;" in conf # sessionParameters ) assert ( "proxy_connect_timeout 5s;" in conf # upstreamParameters and "proxy_next_upstream on;" in conf and "proxy_next_upstream_timeout 4s;" in conf and "proxy_next_upstream_tries 3;" in conf )
def test_tls_passthrough_host_collision_ts( self, kube_apis, crd_ingress_controller, transport_server_tls_passthrough_setup, test_namespace, ): """ Test host collision handling in TransportServer with another TransportServer. """ print("Step 1: Create second TS with same host") ts_src_same_host = ( f"{TEST_DATA}/transport-server-tls-passthrough/transport-server-same-host.yaml" ) ts_same_host = create_ts_from_yaml(kube_apis.custom_objects, ts_src_same_host, test_namespace) wait_before_test() response = read_ts(kube_apis.custom_objects, test_namespace, ts_same_host["metadata"]["name"]) assert (response["status"]["reason"] == "Rejected" and response["status"]["message"] == "Host is taken by another resource") print("Step 2: Delete TS taking up the host") delete_ts( kube_apis.custom_objects, transport_server_tls_passthrough_setup.ts_resource, test_namespace, ) wait_before_test(1) response = read_ts(kube_apis.custom_objects, test_namespace, ts_same_host["metadata"]["name"]) assert (response["status"]["reason"] == "AddedOrUpdated" and response["status"]["state"] == "Valid") print("Step 3: Delete second TS and re-create standard one") delete_ts(kube_apis.custom_objects, ts_same_host, test_namespace) self.restore_ts(kube_apis, transport_server_tls_passthrough_setup) response = read_ts(kube_apis.custom_objects, test_namespace, transport_server_tls_passthrough_setup.name) assert (response["status"]["reason"] == "AddedOrUpdated" and response["status"]["state"] == "Valid")
def test_openapi_validation_flow(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup): ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) invalid_fields = [ "lb-method", "fail-timeout", "max-fails", "connect-timeout", "read-timeout", "send-timeout", "keepalive", "max-conns", "next-upstream", "next-upstream-timeout", "next-upstream-tries", "client-max-body-size", "buffers.number", "buffers.size", "buffer-size", "buffering", "tls" ] config_old = get_vs_nginx_template_conf(kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) vs_file = f"{TEST_DATA}/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml" try: patch_virtual_server_from_yaml(kube_apis.custom_objects, virtual_server_setup.vs_name, vs_file, virtual_server_setup.namespace) except ApiException as ex: assert ex.status == 422 for item in invalid_fields: assert item in ex.body except Exception as ex: pytest.fail(f"An unexpected exception is raised: {ex}") else: pytest.fail("Expected an exception but there was none") wait_before_test(2) config_new = get_vs_nginx_template_conf(kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) assert config_old == config_new, "Expected: config doesn't change"
def test_simple_ingress_batch_start( self, request, kube_apis, ingress_controller_prerequisites, ingress_controller, test_namespace, simple_ingress_setup, ): """ Pod startup time with simple Ingress """ ensure_response_from_backend( simple_ingress_setup.req_url, simple_ingress_setup.ingress_host, check404=True ) total_ing = int(request.config.getoption("--batch-resources")) manifest = f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml" for i in range(1, total_ing + 1): with open(manifest) as f: doc = yaml.safe_load(f) doc["metadata"]["name"] = f"smoke-ingress-{i}" doc["spec"]["rules"][0]["host"] = f"smoke-{i}.example.com" create_ingress(kube_apis.networking_v1, test_namespace, doc) print(f"Total resources deployed is {total_ing}") wait_before_test() ic_ns = ingress_controller_prerequisites.namespace scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ic_ns, 0) while get_pods_amount(kube_apis.v1, ic_ns) is not 0: print(f"Number of replicas not 0, retrying...") wait_before_test() num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ic_ns, 1) assert ( get_total_ingresses(simple_ingress_setup.metrics_url, "nginx") == str(total_ing + 1) and get_last_reload_status(simple_ingress_setup.metrics_url, "nginx") == "1" ) for i in range(1, total_ing + 1): delete_ingress(kube_apis.networking_v1, f"smoke-ingress-{i}", test_namespace) assert num is None
def test_rl_override( self, kube_apis, crd_ingress_controller, virtual_server_setup, test_namespace, src, ): """ List multiple policies in vs and test if the one with less rps is used """ print(f"Create rl policy") pol_name_pri = create_policy_from_yaml(kube_apis.custom_objects, rl_pol_pri_src, test_namespace) pol_name_sec = create_policy_from_yaml(kube_apis.custom_objects, rl_pol_sec_src, test_namespace) print(f"Patch vs with policy: {src}") patch_virtual_server_from_yaml( kube_apis.custom_objects, virtual_server_setup.vs_name, src, virtual_server_setup.namespace, ) wait_before_test() occur = [] t_end = time.perf_counter() + 1 resp = requests.get( virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}, ) assert resp.status_code == 200 while time.perf_counter() < t_end: resp = requests.get( virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}, ) occur.append(resp.status_code) delete_policy(kube_apis.custom_objects, pol_name_pri, test_namespace) delete_policy(kube_apis.custom_objects, pol_name_sec, test_namespace) self.restore_default_vs(kube_apis, virtual_server_setup) assert occur.count(200) <= 1
def test_responses_after_rbac_misconfiguration_on_the_fly(self, kube_apis, crd_ingress_controller, virtual_server_setup): print("Step 10: remove virtualservers from the ClusterRole and check") patch_rbac(kube_apis.rbac_v1_beta1, f"{TEST_DATA}/virtual-server/rbac-without-vs.yaml") wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 print("Step 11: restore ClusterRole and check") patch_rbac(kube_apis.rbac_v1_beta1, f"{DEPLOYMENTS}/rbac/rbac.yaml") wait_before_test(1) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200 resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) assert resp.status_code == 200
def test_flow_for_invalid_vs(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, v_s_route_setup, v_s_route_app_setup): ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) text_vs = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}" vs_event_text = f'VirtualServer {text_vs} was rejected with error: ' \ f'spec.routes[1].path: Duplicate value: "=/exact-match$request"' vs_src_yaml = f"{TEST_DATA}" \ f"/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml" patch_virtual_server_from_yaml(kube_apis.custom_objects, v_s_route_setup.vs_name, vs_src_yaml, v_s_route_setup.namespace) wait_before_test(2) vs_events = get_events(kube_apis.v1, v_s_route_setup.namespace) assert_vs_conf_not_exists(kube_apis, ic_pod_name, ingress_controller_prerequisites.namespace, v_s_route_setup) assert_event(vs_event_text, vs_events)
def test_validation_flow(self, kube_apis, crd_ingress_controller, virtual_server_setup): text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" event_text = f"VirtualServer {text} was rejected with error:" invalid_fields = [ "spec.routes[0].action.redirect.code", "spec.routes[1].action.redirect.url" ] vs_src = f"{TEST_DATA}/virtual-server-redirects/virtual-server-invalid.yaml" patch_virtual_server_from_yaml(kube_apis.custom_objects, virtual_server_setup.vs_name, vs_src, virtual_server_setup.namespace) wait_before_test(2) wait_and_assert_status_code(404, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host, allow_redirects=False) vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_starts_with_text_and_contains_errors( event_text, vs_events, invalid_fields)
def test_update(self, kube_apis, crd_ingress_controller, virtual_server_setup): wait_before_test(1) text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" vs_event_text = f"Configuration for {text} was added or updated" events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace) initial_count = assert_event_and_get_count(vs_event_text, events_vs) vs_src = f"{TEST_DATA}/virtual-server-canned-responses/virtual-server-updated.yaml" patch_virtual_server_from_yaml(kube_apis.custom_objects, virtual_server_setup.vs_name, vs_src, virtual_server_setup.namespace) wait_and_assert_status_code(501, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host) resp = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) resp_content = resp.content.decode('utf-8') assert resp.headers['content-type'] == 'some/type' and resp_content == "{}" wait_and_assert_status_code(201, virtual_server_setup.backend_2_url, virtual_server_setup.vs_host) resp = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) resp_content = resp.content.decode('utf-8') assert resp.headers['content-type'] == 'user-type' and resp_content == "line1\nline2" vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_count_increased(vs_event_text, initial_count, vs_events)
def test_ap_pod_startup( self, request, kube_apis, ingress_controller_prerequisites, crd_ingress_controller_with_ap, appprotect_setup, test_namespace, ): """ Log pod startup time while scaling up from 0 to 1 """ src_syslog_yaml = f"{TEST_DATA}/appprotect/syslog.yaml" create_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace) syslog_dst = f"syslog-svc.{test_namespace}" # FIXME this is not used # items[-1] because syslog pod is last one to spin-up # syslog_pod = kube_apis.v1.list_namespaced_pod(test_namespace).items[-1].metadata.name create_ingress_with_ap_annotations( kube_apis, src_ing_yaml, test_namespace, ap_policy, "True", "True", f"{syslog_dst}:514" ) ingress_host = get_first_ingress_host_from_yaml(src_ing_yaml) print("--------- AppProtect module is enabled with correct policy ---------") ensure_response_from_backend(appprotect_setup.req_url, ingress_host, check404=True) ns = ingress_controller_prerequisites.namespace scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ns, 0) pods = get_pods_amount(kube_apis.v1, ns) while pods != 0: print(f"Number of replicas not 0 but {pods}, retrying...") wait_before_test() num = scale_deployment(kube_apis.v1, kube_apis.apps_v1_api, "nginx-ingress", ns, 1) delete_items_from_yaml(kube_apis, src_ing_yaml, test_namespace) delete_items_from_yaml(kube_apis, src_syslog_yaml, test_namespace) assert num is None
def test_event_message_and_config(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup): invalid_fields = [ "upstreams[0].lb-method", "upstreams[0].fail-timeout", "upstreams[0].max-fails", "upstreams[0].connect-timeout", "upstreams[0].read-timeout", "upstreams[0].send-timeout", "upstreams[0].keepalive", "upstreams[0].max-conns", "upstreams[0].next-upstream", "upstreams[0].next-upstream-timeout", "upstreams[0].next-upstream-tries", "upstreams[0].client-max-body-size", "upstreams[0].buffers.number", "upstreams[0].buffers.size", "upstreams[0].buffer-size", "upstreams[1].lb-method", "upstreams[1].fail-timeout", "upstreams[1].max-fails", "upstreams[1].connect-timeout", "upstreams[1].read-timeout", "upstreams[1].send-timeout", "upstreams[1].keepalive", "upstreams[1].max-conns", "upstreams[1].next-upstream", "upstreams[1].next-upstream-timeout", "upstreams[1].next-upstream-tries", "upstreams[1].client-max-body-size", "upstreams[1].buffers.number", "upstreams[1].buffers.size", "upstreams[1].buffer-size" ] text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" vs_event_text = f"VirtualServer {text} is invalid and was rejected: " vs_file = f"{TEST_DATA}/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml" patch_virtual_server_from_yaml(kube_apis.custom_objects, virtual_server_setup.vs_name, vs_file, virtual_server_setup.namespace) wait_before_test(2) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) response = get_vs_nginx_template_conf( kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_starts_with_text_and_contains_errors( vs_event_text, vs_events, invalid_fields) assert_template_config_does_not_exist(response)
def test_config_and_events(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup, options, expected_strings): expected_strings.append( f"location @hc-vs_" f"{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}_backend1" ) expected_strings.append( f"location @hc-vs_" f"{virtual_server_setup.namespace}_{virtual_server_setup.vs_name}_backend2" ) text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" vs_event_text = f"Configuration for {text} was added or updated" events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace) initial_count = get_event_count(vs_event_text, events_vs) print(f"Case 1: option specified in VS") new_body = generate_item_with_upstream_options( f"{TEST_DATA}/virtual-server-upstream-options/standard/virtual-server.yaml", options) patch_virtual_server(kube_apis.custom_objects, virtual_server_setup.vs_name, virtual_server_setup.namespace, new_body) wait_before_test(1) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) config = get_vs_nginx_template_conf( kube_apis.v1, virtual_server_setup.namespace, virtual_server_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) resp_1 = requests.get(virtual_server_setup.backend_1_url, headers={"host": virtual_server_setup.vs_host}) resp_2 = requests.get(virtual_server_setup.backend_2_url, headers={"host": virtual_server_setup.vs_host}) vs_events = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_count_increased(vs_event_text, initial_count, vs_events) for _ in expected_strings: assert _ in config assert_response_codes(resp_1, resp_2)
def test_update(self, kube_apis, crd_ingress_controller, v_s_route_setup): req_host = f"{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}" req_url_1 = f"http://{req_host}{v_s_route_setup.route_m.paths[0]}" req_url_2 = f"http://{req_host}{v_s_route_setup.route_m.paths[1]}" vs_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}" vsr_name = f"{v_s_route_setup.namespace}/{v_s_route_setup.route_m.name}" vs_event_text = f"Configuration for {vs_name} was added or updated" vsr_event_text = f"Configuration for {vsr_name} was added or updated" wait_before_test(1) events_ns = get_events(kube_apis.v1, v_s_route_setup.namespace) initial_count_vs = assert_event_and_get_count(vs_event_text, events_ns) initial_count_vsr = assert_event_and_get_count(vsr_event_text, events_ns) vsr_src = f"{TEST_DATA}/virtual-server-route-redirects/route-multiple-updated.yaml" patch_v_s_route_from_yaml(kube_apis.custom_objects, v_s_route_setup.route_m.name, vsr_src, v_s_route_setup.namespace) wait_and_assert_status_code(301, req_url_1, v_s_route_setup.vs_host, allow_redirects=False) resp = requests.get(req_url_1, headers={"host": v_s_route_setup.vs_host}, allow_redirects=False) assert resp.headers['location'] == "http://demo.nginx.com" wait_and_assert_status_code(302, req_url_2, v_s_route_setup.vs_host, allow_redirects=False) resp = requests.get(req_url_2, headers={"host": v_s_route_setup.vs_host}, allow_redirects=False) assert resp.headers['location'] == "http://demo.nginx.com" new_events_ns = get_events(kube_apis.v1, v_s_route_setup.namespace) assert_event_count_increased(vs_event_text, initial_count_vs, new_events_ns) assert_event_count_increased(vsr_event_text, initial_count_vsr, new_events_ns)
def test_events_flows(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, virtual_server_setup, vs_externalname_setup): text = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" vs_event_text = f"Configuration for {text} was added or updated" vs_event_update_text = f"Configuration for {text} was updated" events_vs = get_events(kube_apis.v1, virtual_server_setup.namespace) initial_count = assert_event_and_get_count(vs_event_text, events_vs) initial_count_up = assert_event_and_get_count(vs_event_update_text, events_vs) print("Step 1: Update external host in externalName service") external_svc = read_service(kube_apis.v1, vs_externalname_setup.external_svc, virtual_server_setup.namespace) external_svc.spec.external_name = "demo.nginx.com" replace_service(kube_apis.v1, vs_externalname_setup.external_svc, virtual_server_setup.namespace, external_svc) wait_before_test(1) events_step_1 = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_and_count(vs_event_text, initial_count + 1, events_step_1) assert_event_and_count(vs_event_update_text, initial_count_up, events_step_1) print("Step 2: Remove resolver from ConfigMap to trigger an error") config_map_name = ingress_controller_prerequisites.config_map[ "metadata"]["name"] vs_event_warning_text = f"Configuration for {text} was updated with warning(s):" replace_configmap(kube_apis.v1, config_map_name, ingress_controller_prerequisites.namespace, ingress_controller_prerequisites.config_map) wait_before_test(1) events_step_2 = get_events(kube_apis.v1, virtual_server_setup.namespace) assert_event_and_count(vs_event_warning_text, 1, events_step_2) assert_event_and_count(vs_event_update_text, initial_count_up, events_step_2)
def test_event_message_and_config(self, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, v_s_route_setup): invalid_fields_s = [ "upstreams[0].lb-method", "upstreams[0].fail-timeout", "upstreams[0].max-fails" ] invalid_fields_m = [ "upstreams[0].lb-method", "upstreams[0].fail-timeout", "upstreams[0].max-fails", "upstreams[1].lb-method", "upstreams[1].fail-timeout", "upstreams[1].max-fails" ] text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}" text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}" vsr_s_event_text = f"VirtualServerRoute {text_s} is invalid and was rejected: " vsr_m_event_text = f"VirtualServerRoute {text_m} is invalid and was rejected: " patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_s.name, f"{TEST_DATA}/virtual-server-route-upstream-options/route-single-invalid-keys.yaml", v_s_route_setup.route_s.namespace) patch_v_s_route_from_yaml( kube_apis.custom_objects, v_s_route_setup.route_m.name, f"{TEST_DATA}/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml", v_s_route_setup.route_m.namespace) wait_before_test(2) ic_pod_name = get_first_pod_name( kube_apis.v1, ingress_controller_prerequisites.namespace) config = get_vs_nginx_template_conf( kube_apis.v1, v_s_route_setup.namespace, v_s_route_setup.vs_name, ic_pod_name, ingress_controller_prerequisites.namespace) vsr_s_events = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace) vsr_m_events = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace) assert_event_starts_with_text_and_contains_errors( vsr_s_event_text, vsr_s_events, invalid_fields_s) assert_event_starts_with_text_and_contains_errors( vsr_m_event_text, vsr_m_events, invalid_fields_m) assert "upstream" not in config
def test_response_code_500_with_invalid_secret(self, kube_apis, jwt_secrets_setup, test_namespace, jwt_secret): req_url = f"http://{jwt_secrets_setup.public_endpoint.public_ip}:{jwt_secrets_setup.public_endpoint.port}/backend2" replace_secret(kube_apis.v1, jwt_secret.secret_name, test_namespace, f"{TEST_DATA}/jwt-secrets/jwt-secret-invalid.yaml") wait_before_test(1) resp = requests.get(req_url, headers={"host": jwt_secrets_setup.ingress_host}, cookies={"auth_token": jwt_secrets_setup.jwt_token}) assert resp.status_code == 500