github.com/cilium/cilium@v1.16.2/operator/pkg/model/translation/fixture_test.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package translation 5 6 import ( 7 envoy_config_route_v3 "github.com/cilium/proxy/go/envoy/config/route/v3" 8 9 "github.com/cilium/cilium/operator/pkg/model" 10 ) 11 12 // This file contains text fixtures and expected configs for the 13 // TestSharedIngressTranslator_getEnvoyHTTPRouteConfiguration test. 14 // 15 // The format is a model.Model representing the input, and a 16 // []*envoy_config_route_v3.RouteConfiguration representing the output. 17 // 18 // NOTE: For models that have some TLS config - anything with an insecure *and* 19 // secure listener in the resultant RouteConfiguration, you _must_ make sure 20 // you test with enforceHTTPS true and false. 21 22 // Some of these test fixtures are coming from Conformance Suite for Ingress API. 23 // https://github.com/kubernetes-sigs/ingress-controller-conformance/tree/master/features 24 25 var defaultBackendModel = &model.Model{ 26 HTTP: []model.HTTPListener{ 27 { 28 Sources: []model.FullyQualifiedResource{ 29 { 30 Name: "load-balancing", 31 Namespace: "random-namespace", 32 Version: "v1", 33 Kind: "Ingress", 34 }, 35 }, 36 Port: 80, 37 Hostname: "*", 38 Routes: []model.HTTPRoute{ 39 { 40 Backends: []model.Backend{ 41 { 42 Name: "default-backend", 43 Namespace: "random-namespace", 44 Port: &model.BackendPort{ 45 Port: 8080, 46 }, 47 }, 48 }, 49 }, 50 }, 51 }, 52 }, 53 } 54 55 var defaultBackendExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 56 { 57 Name: "listener-insecure", 58 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 59 { 60 Name: "*", 61 Domains: domainsHelper("*"), 62 Routes: []*envoy_config_route_v3.Route{ 63 { 64 Match: envoyRouteMatchRootPath(), 65 Action: envoyRouteAction("random-namespace", "default-backend", "8080"), 66 }, 67 }, 68 }, 69 }, 70 }, 71 } 72 73 var hostRulesModel = &model.Model{ 74 HTTP: []model.HTTPListener{ 75 { 76 Name: "ing-host-rules-random-namespace-*.foo.com", 77 Sources: []model.FullyQualifiedResource{ 78 { 79 Name: "host-rules", 80 Namespace: "random-namespace", 81 Version: "v1", 82 Kind: "Ingress", 83 }, 84 }, 85 Port: 80, 86 Hostname: "*.foo.com", 87 Routes: []model.HTTPRoute{ 88 { 89 PathMatch: model.StringMatch{ 90 Prefix: "/", 91 }, 92 Backends: []model.Backend{ 93 { 94 Name: "wildcard-foo-com", 95 Namespace: "random-namespace", 96 Port: &model.BackendPort{ 97 Port: 8080, 98 }, 99 }, 100 }, 101 }, 102 }, 103 }, 104 { 105 Name: "ing-host-rules-random-namespace-foo.bar.com", 106 Sources: []model.FullyQualifiedResource{ 107 { 108 Name: "host-rules", 109 Namespace: "random-namespace", 110 Version: "v1", 111 Kind: "Ingress", 112 }, 113 }, 114 Port: 80, 115 Hostname: "foo.bar.com", 116 Routes: []model.HTTPRoute{ 117 { 118 PathMatch: model.StringMatch{ 119 Prefix: "/", 120 }, 121 Backends: []model.Backend{ 122 { 123 Name: "foo-bar-com", 124 Namespace: "random-namespace", 125 Port: &model.BackendPort{ 126 Name: "http", 127 }, 128 }, 129 }, 130 }, 131 }, 132 }, 133 { 134 Name: "ing-host-rules-random-namespace-foo.bar.com", 135 Sources: []model.FullyQualifiedResource{ 136 { 137 Name: "host-rules", 138 Namespace: "random-namespace", 139 Version: "v1", 140 Kind: "Ingress", 141 }, 142 }, 143 Port: 443, 144 Hostname: "foo.bar.com", 145 TLS: []model.TLSSecret{ 146 { 147 Name: "conformance-tls", 148 Namespace: "random-namespace", 149 }, 150 }, 151 Routes: []model.HTTPRoute{ 152 { 153 PathMatch: model.StringMatch{ 154 Prefix: "/", 155 }, 156 Backends: []model.Backend{ 157 { 158 Name: "foo-bar-com", 159 Namespace: "random-namespace", 160 Port: &model.BackendPort{ 161 Name: "http", 162 }, 163 }, 164 }, 165 }, 166 }, 167 }, 168 }, 169 } 170 171 var hostRulesExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 172 { 173 Name: "listener-insecure", 174 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 175 { 176 Name: "*.foo.com", 177 Domains: domainsHelper("*.foo.com"), 178 Routes: []*envoy_config_route_v3.Route{ 179 { 180 Match: withAuthority(envoyRouteMatchRootPath(), "^[^.]+[.]foo[.]com$"), 181 Action: envoyRouteAction("random-namespace", "wildcard-foo-com", "8080"), 182 }, 183 }, 184 }, 185 { 186 Name: "foo.bar.com", 187 Domains: domainsHelper("foo.bar.com"), 188 Routes: []*envoy_config_route_v3.Route{ 189 { 190 Match: envoyRouteMatchRootPath(), 191 Action: envoyRouteAction("random-namespace", "foo-bar-com", "http"), 192 }, 193 }, 194 }, 195 }, 196 }, 197 { 198 Name: "listener-secure", 199 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 200 { 201 Name: "foo.bar.com", 202 Domains: domainsHelper("foo.bar.com"), 203 Routes: []*envoy_config_route_v3.Route{ 204 { 205 Match: envoyRouteMatchRootPath(), 206 Action: envoyRouteAction("random-namespace", "foo-bar-com", "http"), 207 }, 208 }, 209 }, 210 }, 211 }, 212 } 213 214 var hostRulesModelEnforcedHTTPS = &model.Model{ 215 HTTP: []model.HTTPListener{ 216 { 217 Name: "ing-host-rules-random-namespace-*.foo.com", 218 Sources: []model.FullyQualifiedResource{ 219 { 220 Name: "host-rules", 221 Namespace: "random-namespace", 222 Version: "v1", 223 Kind: "Ingress", 224 }, 225 }, 226 Port: 80, 227 Hostname: "*.foo.com", 228 Routes: []model.HTTPRoute{ 229 { 230 PathMatch: model.StringMatch{ 231 Prefix: "/", 232 }, 233 Backends: []model.Backend{ 234 { 235 Name: "wildcard-foo-com", 236 Namespace: "random-namespace", 237 Port: &model.BackendPort{ 238 Port: 8080, 239 }, 240 }, 241 }, 242 }, 243 }, 244 }, 245 { 246 Name: "ing-host-rules-random-namespace-foo.bar.com", 247 Sources: []model.FullyQualifiedResource{ 248 { 249 Name: "host-rules", 250 Namespace: "random-namespace", 251 Version: "v1", 252 Kind: "Ingress", 253 }, 254 }, 255 Port: 80, 256 Hostname: "foo.bar.com", 257 Routes: []model.HTTPRoute{ 258 { 259 PathMatch: model.StringMatch{ 260 Prefix: "/", 261 }, 262 Backends: []model.Backend{ 263 { 264 Name: "foo-bar-com", 265 Namespace: "random-namespace", 266 Port: &model.BackendPort{ 267 Name: "http", 268 }, 269 }, 270 }, 271 }, 272 }, 273 }, 274 { 275 Name: "ing-host-rules-random-namespace-foo.bar.com", 276 Sources: []model.FullyQualifiedResource{ 277 { 278 Name: "host-rules", 279 Namespace: "random-namespace", 280 Version: "v1", 281 Kind: "Ingress", 282 }, 283 }, 284 Port: 443, 285 Hostname: "foo.bar.com", 286 TLS: []model.TLSSecret{ 287 { 288 Name: "conformance-tls", 289 Namespace: "random-namespace", 290 }, 291 }, 292 ForceHTTPtoHTTPSRedirect: true, 293 Routes: []model.HTTPRoute{ 294 { 295 PathMatch: model.StringMatch{ 296 Prefix: "/", 297 }, 298 Backends: []model.Backend{ 299 { 300 Name: "foo-bar-com", 301 Namespace: "random-namespace", 302 Port: &model.BackendPort{ 303 Name: "http", 304 }, 305 }, 306 }, 307 }, 308 }, 309 }, 310 }, 311 } 312 313 var hostRulesExpectedConfigEnforceHTTPS = []*envoy_config_route_v3.RouteConfiguration{ 314 { 315 Name: "listener-insecure", 316 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 317 { 318 Name: "*.foo.com", 319 Domains: domainsHelper("*.foo.com"), 320 Routes: []*envoy_config_route_v3.Route{ 321 { 322 Match: withAuthority(envoyRouteMatchRootPath(), "^[^.]+[.]foo[.]com$"), 323 Action: envoyRouteAction("random-namespace", "wildcard-foo-com", "8080"), 324 }, 325 }, 326 }, 327 { 328 Name: "foo.bar.com", 329 Domains: domainsHelper("foo.bar.com"), 330 Routes: []*envoy_config_route_v3.Route{ 331 { 332 Match: envoyRouteMatchRootPath(), 333 Action: envoyHTTPSRouteRedirect(), 334 }, 335 }, 336 }, 337 }, 338 }, 339 { 340 Name: "listener-secure", 341 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 342 { 343 Name: "foo.bar.com", 344 Domains: domainsHelper("foo.bar.com"), 345 Routes: []*envoy_config_route_v3.Route{ 346 { 347 Match: envoyRouteMatchRootPath(), 348 Action: envoyRouteAction("random-namespace", "foo-bar-com", "http"), 349 }, 350 }, 351 }, 352 }, 353 }, 354 } 355 356 var pathRulesModel = &model.Model{ 357 HTTP: []model.HTTPListener{ 358 { 359 Name: "ing-path-rules-random-namespace-exact-path-rules", 360 Sources: []model.FullyQualifiedResource{ 361 { 362 Name: "path-rules", 363 Namespace: "random-namespace", 364 Version: "v1", 365 Kind: "Ingress", 366 }, 367 }, 368 Port: 80, 369 Hostname: "exact-path-rules", 370 Routes: []model.HTTPRoute{ 371 { 372 PathMatch: model.StringMatch{ 373 Exact: "/foo", 374 }, 375 Backends: []model.Backend{ 376 { 377 Name: "foo-exact", 378 Namespace: "random-namespace", 379 Port: &model.BackendPort{ 380 Port: 8080, 381 }, 382 }, 383 }, 384 }, 385 }, 386 }, 387 { 388 Name: "ing-path-rules-random-namespace-mixed-path-rules", 389 Sources: []model.FullyQualifiedResource{ 390 { 391 Name: "path-rules", 392 Namespace: "random-namespace", 393 Version: "v1", 394 Kind: "Ingress", 395 }, 396 }, 397 Port: 80, 398 Hostname: "mixed-path-rules", 399 Routes: []model.HTTPRoute{ 400 { 401 PathMatch: model.StringMatch{ 402 Prefix: "/foo", 403 }, 404 Backends: []model.Backend{ 405 { 406 Name: "foo-prefix", 407 Namespace: "random-namespace", 408 Port: &model.BackendPort{ 409 Port: 8080, 410 }, 411 }, 412 }, 413 }, 414 { 415 PathMatch: model.StringMatch{ 416 Exact: "/foo", 417 }, 418 Backends: []model.Backend{ 419 { 420 Name: "foo-exact", 421 Namespace: "random-namespace", 422 Port: &model.BackendPort{ 423 Port: 8080, 424 }, 425 }, 426 }, 427 }, 428 }, 429 }, 430 { 431 Name: "ing-path-rules-random-namespace-prefix-path-rules", 432 Sources: []model.FullyQualifiedResource{ 433 { 434 Name: "path-rules", 435 Namespace: "random-namespace", 436 Version: "v1", 437 Kind: "Ingress", 438 }, 439 }, 440 Port: 80, 441 Hostname: "prefix-path-rules", 442 Routes: []model.HTTPRoute{ 443 { 444 PathMatch: model.StringMatch{ 445 Prefix: "/foo", 446 }, 447 Backends: []model.Backend{ 448 { 449 Name: "foo-prefix", 450 Namespace: "random-namespace", 451 Port: &model.BackendPort{ 452 Port: 8080, 453 }, 454 }, 455 }, 456 }, 457 { 458 PathMatch: model.StringMatch{ 459 Prefix: "/aaa/bbb", 460 }, 461 Backends: []model.Backend{ 462 { 463 Name: "aaa-slash-bbb-prefix", 464 Namespace: "random-namespace", 465 Port: &model.BackendPort{ 466 Port: 8080, 467 }, 468 }, 469 }, 470 }, 471 { 472 PathMatch: model.StringMatch{ 473 Prefix: "/aaa", 474 }, 475 Backends: []model.Backend{ 476 { 477 Name: "aaa-prefix", 478 Namespace: "random-namespace", 479 Port: &model.BackendPort{ 480 Port: 8080, 481 }, 482 }, 483 }, 484 }, 485 }, 486 }, 487 { 488 Name: "ing-path-rules-random-namespace-trailing-slash-path-rules", 489 Sources: []model.FullyQualifiedResource{ 490 { 491 Name: "path-rules", 492 Namespace: "random-namespace", 493 Version: "v1", 494 Kind: "Ingress", 495 }, 496 }, 497 Port: 80, 498 Hostname: "trailing-slash-path-rules", 499 Routes: []model.HTTPRoute{ 500 { 501 PathMatch: model.StringMatch{ 502 Prefix: "/aaa/bbb/", 503 }, 504 Backends: []model.Backend{ 505 { 506 Name: "aaa-slash-bbb-slash-prefix", 507 Namespace: "random-namespace", 508 Port: &model.BackendPort{ 509 Port: 8080, 510 }, 511 }, 512 }, 513 }, 514 { 515 PathMatch: model.StringMatch{ 516 Exact: "/foo/", 517 }, 518 Backends: []model.Backend{ 519 { 520 Name: "foo-slash-exact", 521 Namespace: "random-namespace", 522 Port: &model.BackendPort{ 523 Port: 8080, 524 }, 525 }, 526 }, 527 }, 528 }, 529 }, 530 }, 531 } 532 533 var pathRulesExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 534 { 535 Name: "listener-insecure", 536 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 537 { 538 Name: "exact-path-rules", 539 Domains: domainsHelper("exact-path-rules"), 540 Routes: []*envoy_config_route_v3.Route{ 541 { 542 Match: envoyRouteMatchExactPath("/foo"), 543 Action: envoyRouteAction("random-namespace", "foo-exact", "8080"), 544 }, 545 }, 546 }, 547 { 548 Name: "mixed-path-rules", 549 Domains: domainsHelper("mixed-path-rules"), 550 Routes: []*envoy_config_route_v3.Route{ 551 { 552 Match: envoyRouteMatchExactPath("/foo"), 553 Action: envoyRouteAction("random-namespace", "foo-exact", "8080"), 554 }, 555 { 556 Match: envoyRouteMatchPrefixPath("/foo"), 557 Action: envoyRouteAction("random-namespace", "foo-prefix", "8080"), 558 }, 559 }, 560 }, 561 { 562 Name: "prefix-path-rules", 563 Domains: domainsHelper("prefix-path-rules"), 564 Routes: []*envoy_config_route_v3.Route{ 565 { 566 Match: envoyRouteMatchPrefixPath("/aaa/bbb"), 567 Action: envoyRouteAction("random-namespace", "aaa-slash-bbb-prefix", "8080"), 568 }, 569 { 570 Match: envoyRouteMatchPrefixPath("/foo"), 571 Action: envoyRouteAction("random-namespace", "foo-prefix", "8080"), 572 }, 573 { 574 Match: envoyRouteMatchPrefixPath("/aaa"), 575 Action: envoyRouteAction("random-namespace", "aaa-prefix", "8080"), 576 }, 577 }, 578 }, 579 { 580 Name: "trailing-slash-path-rules", 581 Domains: domainsHelper("trailing-slash-path-rules"), 582 Routes: []*envoy_config_route_v3.Route{ 583 { 584 Match: envoyRouteMatchExactPath("/foo/"), 585 Action: envoyRouteAction("random-namespace", "foo-slash-exact", "8080"), 586 }, 587 { 588 Match: envoyRouteMatchPrefixPath("/aaa/bbb"), 589 Action: envoyRouteAction("random-namespace", "aaa-slash-bbb-slash-prefix", "8080"), 590 }, 591 }, 592 }, 593 }, 594 }, 595 } 596 597 var complexIngressModel = &model.Model{ 598 HTTP: []model.HTTPListener{ 599 { 600 Sources: []model.FullyQualifiedResource{ 601 { 602 Name: "dummy-ingress", 603 Namespace: "dummy-namespace", 604 Version: "v1", 605 Kind: "Ingress", 606 }, 607 }, 608 Port: 80, 609 Hostname: "*", 610 Routes: []model.HTTPRoute{ 611 { 612 Backends: []model.Backend{ 613 { 614 Name: "default-backend", 615 Namespace: "dummy-namespace", 616 Port: &model.BackendPort{ 617 Port: 8080, 618 }, 619 }, 620 }, 621 }, 622 { 623 PathMatch: model.StringMatch{ 624 Exact: "/dummy-path", 625 }, 626 Backends: []model.Backend{ 627 { 628 Name: "dummy-backend", 629 Namespace: "dummy-namespace", 630 Port: &model.BackendPort{ 631 Port: 8080, 632 }, 633 }, 634 }, 635 }, 636 { 637 PathMatch: model.StringMatch{ 638 Prefix: "/another-dummy-path", 639 }, 640 Backends: []model.Backend{ 641 { 642 Name: "another-dummy-backend", 643 Namespace: "dummy-namespace", 644 Port: &model.BackendPort{ 645 Port: 8081, 646 }, 647 }, 648 }, 649 }, 650 }, 651 }, 652 { 653 Sources: []model.FullyQualifiedResource{ 654 { 655 Name: "dummy-ingress", 656 Namespace: "dummy-namespace", 657 Version: "v1", 658 Kind: "Ingress", 659 }, 660 }, 661 Port: 443, 662 Hostname: "another-very-secure.server.com", 663 TLS: []model.TLSSecret{ 664 { 665 Name: "tls-another-very-secure-server-com", 666 Namespace: "dummy-namespace", 667 }, 668 }, 669 Routes: []model.HTTPRoute{ 670 { 671 Backends: []model.Backend{ 672 { 673 Name: "default-backend", 674 Namespace: "dummy-namespace", 675 Port: &model.BackendPort{ 676 Port: 8080, 677 }, 678 }, 679 }, 680 }, 681 { 682 PathMatch: model.StringMatch{ 683 Exact: "/dummy-path", 684 }, 685 Backends: []model.Backend{ 686 { 687 Name: "dummy-backend", 688 Namespace: "dummy-namespace", 689 Port: &model.BackendPort{ 690 Port: 8080, 691 }, 692 }, 693 }, 694 }, 695 { 696 PathMatch: model.StringMatch{ 697 Prefix: "/another-dummy-path", 698 }, 699 Backends: []model.Backend{ 700 { 701 Name: "another-dummy-backend", 702 Namespace: "dummy-namespace", 703 Port: &model.BackendPort{ 704 Port: 8081, 705 }, 706 }, 707 }, 708 }, 709 }, 710 }, 711 { 712 Sources: []model.FullyQualifiedResource{ 713 { 714 Name: "dummy-ingress", 715 Namespace: "dummy-namespace", 716 Version: "v1", 717 Kind: "Ingress", 718 }, 719 }, 720 Port: 443, 721 Hostname: "very-secure.server.com", 722 TLS: []model.TLSSecret{ 723 { 724 Name: "tls-very-secure-server-com", 725 Namespace: "dummy-namespace", 726 }, 727 }, 728 Routes: []model.HTTPRoute{ 729 { 730 Backends: []model.Backend{ 731 { 732 Name: "default-backend", 733 Namespace: "dummy-namespace", 734 Port: &model.BackendPort{ 735 Port: 8080, 736 }, 737 }, 738 }, 739 }, 740 { 741 PathMatch: model.StringMatch{ 742 Exact: "/dummy-path", 743 }, 744 Backends: []model.Backend{ 745 { 746 Name: "dummy-backend", 747 Namespace: "dummy-namespace", 748 Port: &model.BackendPort{ 749 Port: 8080, 750 }, 751 }, 752 }, 753 }, 754 { 755 PathMatch: model.StringMatch{ 756 Prefix: "/another-dummy-path", 757 }, 758 Backends: []model.Backend{ 759 { 760 Name: "another-dummy-backend", 761 Namespace: "dummy-namespace", 762 Port: &model.BackendPort{ 763 Port: 8081, 764 }, 765 }, 766 }, 767 }, 768 }, 769 }, 770 }, 771 } 772 773 var complexIngressModelwithRedirects = &model.Model{ 774 HTTP: []model.HTTPListener{ 775 { 776 Sources: []model.FullyQualifiedResource{ 777 { 778 Name: "dummy-ingress", 779 Namespace: "dummy-namespace", 780 Version: "v1", 781 Kind: "Ingress", 782 }, 783 }, 784 Port: 80, 785 Hostname: "*", 786 Routes: []model.HTTPRoute{ 787 { 788 Backends: []model.Backend{ 789 { 790 Name: "default-backend", 791 Namespace: "dummy-namespace", 792 Port: &model.BackendPort{ 793 Port: 8080, 794 }, 795 }, 796 }, 797 }, 798 { 799 PathMatch: model.StringMatch{ 800 Exact: "/dummy-path", 801 }, 802 Backends: []model.Backend{ 803 { 804 Name: "dummy-backend", 805 Namespace: "dummy-namespace", 806 Port: &model.BackendPort{ 807 Port: 8080, 808 }, 809 }, 810 }, 811 }, 812 { 813 PathMatch: model.StringMatch{ 814 Prefix: "/another-dummy-path", 815 }, 816 Backends: []model.Backend{ 817 { 818 Name: "another-dummy-backend", 819 Namespace: "dummy-namespace", 820 Port: &model.BackendPort{ 821 Port: 8081, 822 }, 823 }, 824 }, 825 }, 826 }, 827 }, 828 { 829 Sources: []model.FullyQualifiedResource{ 830 { 831 Name: "dummy-ingress", 832 Namespace: "dummy-namespace", 833 Version: "v1", 834 Kind: "Ingress", 835 }, 836 }, 837 Port: 443, 838 Hostname: "another-very-secure.server.com", 839 TLS: []model.TLSSecret{ 840 { 841 Name: "tls-another-very-secure-server-com", 842 Namespace: "dummy-namespace", 843 }, 844 }, 845 ForceHTTPtoHTTPSRedirect: true, 846 Routes: []model.HTTPRoute{ 847 { 848 Backends: []model.Backend{ 849 { 850 Name: "default-backend", 851 Namespace: "dummy-namespace", 852 Port: &model.BackendPort{ 853 Port: 8080, 854 }, 855 }, 856 }, 857 }, 858 { 859 PathMatch: model.StringMatch{ 860 Exact: "/dummy-path", 861 }, 862 Backends: []model.Backend{ 863 { 864 Name: "dummy-backend", 865 Namespace: "dummy-namespace", 866 Port: &model.BackendPort{ 867 Port: 8080, 868 }, 869 }, 870 }, 871 }, 872 { 873 PathMatch: model.StringMatch{ 874 Prefix: "/another-dummy-path", 875 }, 876 Backends: []model.Backend{ 877 { 878 Name: "another-dummy-backend", 879 Namespace: "dummy-namespace", 880 Port: &model.BackendPort{ 881 Port: 8081, 882 }, 883 }, 884 }, 885 }, 886 }, 887 }, 888 { 889 Sources: []model.FullyQualifiedResource{ 890 { 891 Name: "dummy-ingress", 892 Namespace: "dummy-namespace", 893 Version: "v1", 894 Kind: "Ingress", 895 }, 896 }, 897 Port: 443, 898 Hostname: "very-secure.server.com", 899 TLS: []model.TLSSecret{ 900 { 901 Name: "tls-very-secure-server-com", 902 Namespace: "dummy-namespace", 903 }, 904 }, 905 ForceHTTPtoHTTPSRedirect: true, 906 Routes: []model.HTTPRoute{ 907 { 908 Backends: []model.Backend{ 909 { 910 Name: "default-backend", 911 Namespace: "dummy-namespace", 912 Port: &model.BackendPort{ 913 Port: 8080, 914 }, 915 }, 916 }, 917 }, 918 { 919 PathMatch: model.StringMatch{ 920 Exact: "/dummy-path", 921 }, 922 Backends: []model.Backend{ 923 { 924 Name: "dummy-backend", 925 Namespace: "dummy-namespace", 926 Port: &model.BackendPort{ 927 Port: 8080, 928 }, 929 }, 930 }, 931 }, 932 { 933 PathMatch: model.StringMatch{ 934 Prefix: "/another-dummy-path", 935 }, 936 Backends: []model.Backend{ 937 { 938 Name: "another-dummy-backend", 939 Namespace: "dummy-namespace", 940 Port: &model.BackendPort{ 941 Port: 8081, 942 }, 943 }, 944 }, 945 }, 946 }, 947 }, 948 }, 949 } 950 951 var complexIngressExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 952 { 953 Name: "listener-insecure", 954 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 955 { 956 Name: "*", 957 Domains: domainsHelper("*"), 958 Routes: []*envoy_config_route_v3.Route{ 959 { 960 Match: envoyRouteMatchExactPath("/dummy-path"), 961 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 962 }, 963 { 964 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 965 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 966 }, 967 { 968 Match: envoyRouteMatchRootPath(), 969 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 970 }, 971 }, 972 }, 973 }, 974 }, 975 { 976 Name: "listener-secure", 977 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 978 { 979 Name: "another-very-secure.server.com", 980 Domains: domainsHelper("another-very-secure.server.com"), 981 Routes: []*envoy_config_route_v3.Route{ 982 { 983 Match: envoyRouteMatchExactPath("/dummy-path"), 984 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 985 }, 986 { 987 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 988 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 989 }, 990 { 991 Match: envoyRouteMatchRootPath(), 992 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 993 }, 994 }, 995 }, 996 { 997 Name: "very-secure.server.com", 998 Domains: domainsHelper("very-secure.server.com"), 999 Routes: []*envoy_config_route_v3.Route{ 1000 { 1001 Match: envoyRouteMatchExactPath("/dummy-path"), 1002 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1003 }, 1004 { 1005 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1006 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1007 }, 1008 { 1009 Match: envoyRouteMatchRootPath(), 1010 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 1011 }, 1012 }, 1013 }, 1014 }, 1015 }, 1016 } 1017 1018 var complexIngressExpectedConfigEnforceHTTPS = []*envoy_config_route_v3.RouteConfiguration{ 1019 { 1020 Name: "listener-insecure", 1021 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 1022 { 1023 Name: "*", 1024 Domains: domainsHelper("*"), 1025 Routes: []*envoy_config_route_v3.Route{ 1026 { 1027 Match: envoyRouteMatchExactPath("/dummy-path"), 1028 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1029 }, 1030 { 1031 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1032 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1033 }, 1034 { 1035 Match: envoyRouteMatchRootPath(), 1036 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 1037 }, 1038 }, 1039 }, 1040 { 1041 Name: "another-very-secure.server.com", 1042 Domains: domainsHelper("another-very-secure.server.com"), 1043 Routes: []*envoy_config_route_v3.Route{ 1044 { 1045 Match: envoyRouteMatchExactPath("/dummy-path"), 1046 Action: envoyHTTPSRouteRedirect(), 1047 }, 1048 { 1049 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1050 Action: envoyHTTPSRouteRedirect(), 1051 }, 1052 { 1053 Match: envoyRouteMatchRootPath(), 1054 Action: envoyHTTPSRouteRedirect(), 1055 }, 1056 }, 1057 }, 1058 { 1059 Name: "very-secure.server.com", 1060 Domains: domainsHelper("very-secure.server.com"), 1061 Routes: []*envoy_config_route_v3.Route{ 1062 { 1063 Match: envoyRouteMatchExactPath("/dummy-path"), 1064 Action: envoyHTTPSRouteRedirect(), 1065 }, 1066 { 1067 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1068 Action: envoyHTTPSRouteRedirect(), 1069 }, 1070 { 1071 Match: envoyRouteMatchRootPath(), 1072 Action: envoyHTTPSRouteRedirect(), 1073 }, 1074 }, 1075 }, 1076 }, 1077 }, 1078 { 1079 Name: "listener-secure", 1080 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 1081 { 1082 Name: "another-very-secure.server.com", 1083 Domains: domainsHelper("another-very-secure.server.com"), 1084 Routes: []*envoy_config_route_v3.Route{ 1085 { 1086 Match: envoyRouteMatchExactPath("/dummy-path"), 1087 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1088 }, 1089 { 1090 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1091 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1092 }, 1093 { 1094 Match: envoyRouteMatchRootPath(), 1095 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 1096 }, 1097 }, 1098 }, 1099 { 1100 Name: "very-secure.server.com", 1101 Domains: domainsHelper("very-secure.server.com"), 1102 Routes: []*envoy_config_route_v3.Route{ 1103 { 1104 Match: envoyRouteMatchExactPath("/dummy-path"), 1105 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1106 }, 1107 { 1108 Match: envoyRouteMatchPrefixPath("/another-dummy-path"), 1109 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1110 }, 1111 { 1112 Match: envoyRouteMatchRootPath(), 1113 Action: envoyRouteAction("dummy-namespace", "default-backend", "8080"), 1114 }, 1115 }, 1116 }, 1117 }, 1118 }, 1119 } 1120 1121 // multiplePathTypesModel is used to test that sorting of different path 1122 // types works correctly. 1123 // 1124 // It's based off of the output of the multiplePathTypes Ingress check in 1125 // operator/pkg/model/ingestion/ingress_test.go. 1126 var multiplePathTypesModel = &model.Model{ 1127 HTTP: []model.HTTPListener{ 1128 { 1129 Sources: []model.FullyQualifiedResource{ 1130 { 1131 Name: "dummy-ingress", 1132 Namespace: "dummy-namespace", 1133 Version: "v1", 1134 Kind: "Ingress", 1135 UID: "d4bd3dc3-2ac5-4ab4-9dca-89c62c60177e", 1136 }, 1137 }, 1138 Port: 80, 1139 Hostname: "*", 1140 Routes: []model.HTTPRoute{ 1141 { 1142 PathMatch: model.StringMatch{ 1143 Regex: "/impl", 1144 }, 1145 Backends: []model.Backend{ 1146 { 1147 Name: "dummy-backend", 1148 Namespace: "dummy-namespace", 1149 Port: &model.BackendPort{ 1150 Port: 8080, 1151 }, 1152 }, 1153 }, 1154 }, 1155 { 1156 PathMatch: model.StringMatch{ 1157 Prefix: "/", 1158 }, 1159 Backends: []model.Backend{ 1160 { 1161 Name: "another-dummy-backend", 1162 Namespace: "dummy-namespace", 1163 Port: &model.BackendPort{ 1164 Port: 8081, 1165 }, 1166 }, 1167 }, 1168 }, 1169 { 1170 PathMatch: model.StringMatch{ 1171 Exact: "/exact", 1172 }, 1173 Backends: []model.Backend{ 1174 { 1175 Name: "another-dummy-backend", 1176 Namespace: "dummy-namespace", 1177 Port: &model.BackendPort{ 1178 Port: 8081, 1179 }, 1180 }, 1181 }, 1182 }, 1183 }, 1184 }, 1185 }, 1186 } 1187 1188 var multiplePathTypesExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 1189 { 1190 Name: "listener-insecure", 1191 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 1192 { 1193 Name: "*", 1194 Domains: domainsHelper("*"), 1195 Routes: []*envoy_config_route_v3.Route{ 1196 { 1197 Match: envoyRouteMatchExactPath("/exact"), 1198 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1199 }, 1200 { 1201 Match: envoyRouteMatchImplementationSpecific("/impl"), 1202 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1203 }, 1204 { 1205 Match: envoyRouteMatchRootPath(), 1206 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1207 }, 1208 }, 1209 }, 1210 }, 1211 }, 1212 } 1213 1214 // multiplePathTypesModel is used to test that sorting of different path 1215 // types works correctly. 1216 // 1217 // It's based off of the output of the multiplePathTypes Ingress check in 1218 // operator/pkg/model/ingestion/ingress_test.go. 1219 var multipleRouteHostnamesModel = &model.Model{ 1220 HTTP: []model.HTTPListener{ 1221 { 1222 Sources: []model.FullyQualifiedResource{ 1223 { 1224 Name: "dummy-ingress", 1225 Namespace: "dummy-namespace", 1226 Version: "v1", 1227 Kind: "Ingress", 1228 UID: "d4bd3dc3-2ac5-4ab4-9dca-89c62c60177e", 1229 }, 1230 }, 1231 Port: 80, 1232 Hostname: "*", 1233 Routes: []model.HTTPRoute{ 1234 { 1235 Hostnames: []string{ 1236 "foo.example.com", 1237 "bar.example.com", 1238 }, 1239 Backends: []model.Backend{ 1240 { 1241 Name: "dummy-backend", 1242 Namespace: "dummy-namespace", 1243 Port: &model.BackendPort{ 1244 Port: 8080, 1245 }, 1246 }, 1247 }, 1248 }, 1249 { 1250 Hostnames: []string{ 1251 "baz.example.com", 1252 "quux.example.com", 1253 }, 1254 Backends: []model.Backend{ 1255 { 1256 Name: "another-dummy-backend", 1257 Namespace: "dummy-namespace", 1258 Port: &model.BackendPort{ 1259 Port: 8081, 1260 }, 1261 }, 1262 }, 1263 }, 1264 }, 1265 }, 1266 }, 1267 } 1268 1269 var multipleRouteHostnamesExpectedConfig = []*envoy_config_route_v3.RouteConfiguration{ 1270 { 1271 Name: "listener-insecure", 1272 VirtualHosts: []*envoy_config_route_v3.VirtualHost{ 1273 { 1274 Name: "bar.example.com", 1275 Domains: domainsHelper("bar.example.com"), 1276 Routes: []*envoy_config_route_v3.Route{ 1277 { 1278 Match: envoyRouteMatchRootPath(), 1279 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1280 }, 1281 }, 1282 }, 1283 { 1284 Name: "baz.example.com", 1285 Domains: domainsHelper("baz.example.com"), 1286 Routes: []*envoy_config_route_v3.Route{ 1287 { 1288 Match: envoyRouteMatchRootPath(), 1289 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1290 }, 1291 }, 1292 }, 1293 { 1294 Name: "foo.example.com", 1295 Domains: domainsHelper("foo.example.com"), 1296 Routes: []*envoy_config_route_v3.Route{ 1297 { 1298 Match: envoyRouteMatchRootPath(), 1299 Action: envoyRouteAction("dummy-namespace", "dummy-backend", "8080"), 1300 }, 1301 }, 1302 }, 1303 { 1304 Name: "quux.example.com", 1305 Domains: domainsHelper("quux.example.com"), 1306 Routes: []*envoy_config_route_v3.Route{ 1307 { 1308 Match: envoyRouteMatchRootPath(), 1309 Action: envoyRouteAction("dummy-namespace", "another-dummy-backend", "8081"), 1310 }, 1311 }, 1312 }, 1313 }, 1314 }, 1315 }