github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/version2/templates_test.go (about) 1 package version2 2 3 import ( 4 "testing" 5 ) 6 7 const nginxPlusVirtualServerTmpl = "nginx-plus.virtualserver.tmpl" 8 const nginxVirtualServerTmpl = "nginx.virtualserver.tmpl" 9 const nginxPlusTransportServerTmpl = "nginx-plus.transportserver.tmpl" 10 const nginxTransportServerTmpl = "nginx.transportserver.tmpl" 11 12 var virtualServerCfg = VirtualServerConfig{ 13 LimitReqZones: []LimitReqZone{ 14 { 15 ZoneName: "pol_rl_test_test_test", Rate: "10r/s", ZoneSize: "10m", Key: "$url", 16 }, 17 }, 18 Upstreams: []Upstream{ 19 { 20 Name: "test-upstream", 21 Servers: []UpstreamServer{ 22 { 23 Address: "10.0.0.20:8001", 24 }, 25 }, 26 LBMethod: "random", 27 Keepalive: 32, 28 MaxFails: 4, 29 FailTimeout: "10s", 30 MaxConns: 31, 31 SlowStart: "10s", 32 UpstreamZoneSize: "256k", 33 Queue: &Queue{Size: 10, Timeout: "60s"}, 34 SessionCookie: &SessionCookie{Enable: true, Name: "test", Path: "/tea", Expires: "25s"}, 35 }, 36 { 37 Name: "coffee-v1", 38 Servers: []UpstreamServer{ 39 { 40 Address: "10.0.0.31:8001", 41 }, 42 }, 43 MaxFails: 8, 44 FailTimeout: "15s", 45 MaxConns: 2, 46 UpstreamZoneSize: "256k", 47 }, 48 { 49 Name: "coffee-v2", 50 Servers: []UpstreamServer{ 51 { 52 Address: "10.0.0.32:8001", 53 }, 54 }, 55 MaxFails: 12, 56 FailTimeout: "20s", 57 MaxConns: 4, 58 UpstreamZoneSize: "256k", 59 }, 60 }, 61 SplitClients: []SplitClient{ 62 { 63 Source: "$request_id", 64 Variable: "$split_0", 65 Distributions: []Distribution{ 66 { 67 Weight: "50%", 68 Value: "@loc0", 69 }, 70 { 71 Weight: "50%", 72 Value: "@loc1", 73 }, 74 }, 75 }, 76 }, 77 Maps: []Map{ 78 { 79 Source: "$match_0_0", 80 Variable: "$match", 81 Parameters: []Parameter{ 82 { 83 Value: "~^1", 84 Result: "@match_loc_0", 85 }, 86 { 87 Value: "default", 88 Result: "@match_loc_default", 89 }, 90 }, 91 }, 92 { 93 Source: "$http_x_version", 94 Variable: "$match_0_0", 95 Parameters: []Parameter{ 96 { 97 Value: "v2", 98 Result: "1", 99 }, 100 { 101 Value: "default", 102 Result: "0", 103 }, 104 }, 105 }, 106 }, 107 HTTPSnippets: []string{"# HTTP snippet"}, 108 Server: Server{ 109 ServerName: "example.com", 110 StatusZone: "example.com", 111 ProxyProtocol: true, 112 SSL: &SSL{ 113 HTTP2: true, 114 Certificate: "cafe-secret.pem", 115 CertificateKey: "cafe-secret.pem", 116 }, 117 TLSRedirect: &TLSRedirect{ 118 BasedOn: "$scheme", 119 Code: 301, 120 }, 121 ServerTokens: "off", 122 SetRealIPFrom: []string{"0.0.0.0/0"}, 123 RealIPHeader: "X-Real-IP", 124 RealIPRecursive: true, 125 Allow: []string{"127.0.0.1"}, 126 Deny: []string{"127.0.0.1"}, 127 LimitReqs: []LimitReq{ 128 { 129 ZoneName: "pol_rl_test_test_test", 130 Delay: 10, 131 Burst: 5, 132 }, 133 }, 134 LimitReqOptions: LimitReqOptions{ 135 LogLevel: "error", 136 RejectCode: 503, 137 }, 138 JWTAuth: &JWTAuth{ 139 Realm: "My Api", 140 Secret: "jwk-secret", 141 }, 142 IngressMTLS: &IngressMTLS{ 143 ClientCert: "ingress-mtls-secret", 144 VerifyClient: "on", 145 VerifyDepth: 2, 146 }, 147 WAF: &WAF{ 148 ApPolicy: "/etc/nginx/waf/nac-policies/default-dataguard-alarm", 149 ApSecurityLogEnable: true, 150 ApLogConf: "/etc/nginx/waf/nac-logconfs/default-logconf", 151 }, 152 Snippets: []string{"# server snippet"}, 153 InternalRedirectLocations: []InternalRedirectLocation{ 154 { 155 Path: "/split", 156 Destination: "@split_0", 157 }, 158 { 159 Path: "/coffee", 160 Destination: "@match", 161 }, 162 }, 163 Locations: []Location{ 164 { 165 Path: "/", 166 Snippets: []string{"# location snippet"}, 167 Allow: []string{"127.0.0.1"}, 168 Deny: []string{"127.0.0.1"}, 169 LimitReqs: []LimitReq{ 170 { 171 ZoneName: "loc_pol_rl_test_test_test", 172 }, 173 }, 174 ProxyConnectTimeout: "30s", 175 ProxyReadTimeout: "31s", 176 ProxySendTimeout: "32s", 177 ClientMaxBodySize: "1m", 178 ProxyBuffering: true, 179 ProxyBuffers: "8 4k", 180 ProxyBufferSize: "4k", 181 ProxyMaxTempFileSize: "1024m", 182 ProxyPass: "http://test-upstream", 183 ProxyNextUpstream: "error timeout", 184 ProxyNextUpstreamTimeout: "5s", 185 Internal: true, 186 ProxyPassRequestHeaders: false, 187 ProxyPassHeaders: []string{"Host"}, 188 ProxyPassRewrite: "$request_uri", 189 ProxyHideHeaders: []string{"Header"}, 190 ProxyIgnoreHeaders: "Cache", 191 Rewrites: []string{"$request_uri $request_uri", "$request_uri $request_uri"}, 192 AddHeaders: []AddHeader{ 193 { 194 Header: Header{ 195 Name: "Header-Name", 196 Value: "Header Value", 197 }, 198 Always: true, 199 }, 200 }, 201 EgressMTLS: &EgressMTLS{ 202 Certificate: "egress-mtls-secret.pem", 203 CertificateKey: "egress-mtls-secret.pem", 204 VerifyServer: true, 205 VerifyDepth: 1, 206 Ciphers: "DEFAULT", 207 Protocols: "TLSv1.3", 208 TrustedCert: "trusted-cert.pem", 209 SessionReuse: true, 210 ServerName: true, 211 }, 212 }, 213 { 214 Path: "@loc0", 215 ProxyConnectTimeout: "30s", 216 ProxyReadTimeout: "31s", 217 ProxySendTimeout: "32s", 218 ClientMaxBodySize: "1m", 219 ProxyPass: "http://coffee-v1", 220 ProxyNextUpstream: "error timeout", 221 ProxyNextUpstreamTimeout: "5s", 222 ProxyInterceptErrors: true, 223 ErrorPages: []ErrorPage{ 224 { 225 Name: "@error_page_1", 226 Codes: "400 500", 227 ResponseCode: 200, 228 }, 229 { 230 Name: "@error_page_2", 231 Codes: "500", 232 ResponseCode: 0, 233 }, 234 }, 235 }, 236 { 237 Path: "@loc1", 238 ProxyConnectTimeout: "30s", 239 ProxyReadTimeout: "31s", 240 ProxySendTimeout: "32s", 241 ClientMaxBodySize: "1m", 242 ProxyPass: "http://coffee-v2", 243 ProxyNextUpstream: "error timeout", 244 ProxyNextUpstreamTimeout: "5s", 245 }, 246 { 247 Path: "@match_loc_0", 248 ProxyConnectTimeout: "30s", 249 ProxyReadTimeout: "31s", 250 ProxySendTimeout: "32s", 251 ClientMaxBodySize: "1m", 252 ProxyPass: "http://coffee-v2", 253 ProxyNextUpstream: "error timeout", 254 ProxyNextUpstreamTimeout: "5s", 255 }, 256 { 257 Path: "@match_loc_default", 258 ProxyConnectTimeout: "30s", 259 ProxyReadTimeout: "31s", 260 ProxySendTimeout: "32s", 261 ClientMaxBodySize: "1m", 262 ProxyPass: "http://coffee-v1", 263 ProxyNextUpstream: "error timeout", 264 ProxyNextUpstreamTimeout: "5s", 265 }, 266 { 267 Path: "/return", 268 ProxyInterceptErrors: true, 269 ErrorPages: []ErrorPage{ 270 { 271 Name: "@return_0", 272 Codes: "418", 273 ResponseCode: 200, 274 }, 275 }, 276 InternalProxyPass: "http://unix:/var/lib/nginx/nginx-418-server.sock", 277 }, 278 }, 279 ErrorPageLocations: []ErrorPageLocation{ 280 { 281 Name: "@vs_cafe_cafe_vsr_tea_tea_tea__tea_error_page_0", 282 DefaultType: "application/json", 283 Return: &Return{ 284 Code: 200, 285 Text: "Hello World", 286 }, 287 Headers: nil, 288 }, 289 { 290 Name: "@vs_cafe_cafe_vsr_tea_tea_tea__tea_error_page_1", 291 DefaultType: "", 292 Return: &Return{ 293 Code: 200, 294 Text: "Hello World", 295 }, 296 Headers: []Header{ 297 { 298 Name: "Set-Cookie", 299 Value: "cookie1=test", 300 }, 301 { 302 Name: "Set-Cookie", 303 Value: "cookie2=test; Secure", 304 }, 305 }, 306 }, 307 }, 308 ReturnLocations: []ReturnLocation{ 309 { 310 Name: "@return_0", 311 DefaultType: "text/html", 312 Return: Return{ 313 Code: 200, 314 Text: "Hello!", 315 }, 316 }, 317 }, 318 }, 319 } 320 321 var transportServerCfg = TransportServerConfig{ 322 Upstreams: []StreamUpstream{ 323 { 324 Name: "udp-upstream", 325 Servers: []StreamUpstreamServer{ 326 { 327 Address: "10.0.0.20:5001", 328 }, 329 }, 330 }, 331 }, 332 Match: &Match{ 333 Name: "match_udp-upstream", 334 Send: `GET / HTTP/1.0\r\nHost: localhost\r\n\r\n`, 335 ExpectRegexModifier: "~*", 336 Expect: "200 OK", 337 }, 338 Server: StreamServer{ 339 Port: 1234, 340 UDP: true, 341 StatusZone: "udp-app", 342 ProxyRequests: createPointerFromInt(1), 343 ProxyResponses: createPointerFromInt(2), 344 ProxyPass: "udp-upstream", 345 ProxyTimeout: "10s", 346 ProxyConnectTimeout: "10s", 347 ProxyNextUpstream: true, 348 ProxyNextUpstreamTimeout: "10s", 349 ProxyNextUpstreamTries: 5, 350 HealthCheck: &StreamHealthCheck{ 351 Enabled: false, 352 Timeout: "5s", 353 Jitter: "0", 354 Port: 8080, 355 Interval: "5s", 356 Passes: 1, 357 Fails: 1, 358 Match: "match_udp-upstream", 359 }, 360 }, 361 } 362 363 func createPointerFromInt(n int) *int { 364 return &n 365 } 366 367 func TestVirtualServerForNginxPlus(t *testing.T) { 368 executor, err := NewTemplateExecutor(nginxPlusVirtualServerTmpl, nginxPlusTransportServerTmpl) 369 if err != nil { 370 t.Fatalf("Failed to create template executor: %v", err) 371 } 372 373 data, err := executor.ExecuteVirtualServerTemplate(&virtualServerCfg) 374 if err != nil { 375 t.Fatalf("Failed to execute template: %v", err) 376 } 377 378 t.Log(string(data)) 379 } 380 381 func TestVirtualServerForNginx(t *testing.T) { 382 executor, err := NewTemplateExecutor(nginxVirtualServerTmpl, nginxTransportServerTmpl) 383 if err != nil { 384 t.Fatalf("Failed to create template executor: %v", err) 385 } 386 387 data, err := executor.ExecuteVirtualServerTemplate(&virtualServerCfg) 388 if err != nil { 389 t.Fatalf("Failed to execute template: %v", err) 390 } 391 392 t.Log(string(data)) 393 } 394 395 func TestTransportServerForNginxPlus(t *testing.T) { 396 executor, err := NewTemplateExecutor(nginxPlusVirtualServerTmpl, nginxPlusTransportServerTmpl) 397 if err != nil { 398 t.Fatalf("Failed to create template executor: %v", err) 399 } 400 401 data, err := executor.ExecuteTransportServerTemplate(&transportServerCfg) 402 if err != nil { 403 t.Fatalf("Failed to execute template: %v", err) 404 } 405 406 t.Log(string(data)) 407 } 408 409 func TestTransportServerForNginx(t *testing.T) { 410 executor, err := NewTemplateExecutor(nginxVirtualServerTmpl, nginxTransportServerTmpl) 411 if err != nil { 412 t.Fatalf("Failed to create template executor: %v", err) 413 } 414 415 data, err := executor.ExecuteTransportServerTemplate(&transportServerCfg) 416 if err != nil { 417 t.Fatalf("Failed to execute template: %v", err) 418 } 419 420 t.Log(string(data)) 421 } 422 423 func TestTLSPassthroughHosts(t *testing.T) { 424 executor, err := NewTemplateExecutor(nginxVirtualServerTmpl, nginxTransportServerTmpl) 425 if err != nil { 426 t.Fatalf("Failed to create template executor: %v", err) 427 } 428 429 unixSocketsCfg := TLSPassthroughHostsConfig{ 430 "app.example.com": "unix:/var/lib/nginx/passthrough-default_secure-app.sock", 431 } 432 433 data, err := executor.ExecuteTLSPassthroughHostsTemplate(&unixSocketsCfg) 434 if err != nil { 435 t.Fatalf("Failed to execute template: %v", err) 436 } 437 438 t.Log(string(data)) 439 }