github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_ts_tls_passthrough.py (about) 1 import pytest, ssl 2 import requests 3 from pprint import pprint 4 from suite.fixtures import PublicEndpoint 5 from suite.resources_utils import ( 6 wait_before_test, 7 create_items_from_yaml, 8 delete_items_from_yaml, 9 wait_until_all_pods_are_ready, 10 get_first_pod_name, 11 ) 12 from suite.custom_resources_utils import ( 13 read_vs, 14 read_ts, 15 delete_ts, 16 create_ts_from_yaml, 17 create_virtual_server_from_yaml, 18 delete_virtual_server, 19 ) 20 from suite.yaml_utils import get_first_host_from_yaml 21 from suite.ssl_utils import get_server_certificate_subject, create_sni_session 22 from settings import TEST_DATA 23 24 class TransportServerTlsSetup: 25 """ 26 Encapsulate Transport Server details. 27 28 Attributes: 29 public_endpoint (object): 30 ts_resource (dict): 31 name (str): 32 namespace (str): 33 ts_host (str): 34 """ 35 36 def __init__(self, public_endpoint: PublicEndpoint, ts_resource, name, namespace, ts_host): 37 self.public_endpoint = public_endpoint 38 self.ts_resource = ts_resource 39 self.name = name 40 self.namespace = namespace 41 self.ts_host = ts_host 42 43 44 @pytest.fixture(scope="class") 45 def transport_server_tls_passthrough_setup( 46 request, kube_apis, test_namespace, ingress_controller_endpoint 47 ) -> TransportServerTlsSetup: 48 """ 49 Prepare Transport Server Example. 50 51 :param request: internal pytest fixture to parametrize this method 52 :param kube_apis: client apis 53 :param test_namespace: namespace for test resources 54 :param ingress_controller_endpoint: ip and port information 55 :return TransportServerTlsSetup: 56 """ 57 print( 58 "------------------------- Deploy Transport Server with tls passthrough -----------------------------------" 59 ) 60 # deploy secure_app 61 secure_app_file = f"{TEST_DATA}/{request.param['example']}/standard/secure-app.yaml" 62 create_items_from_yaml(kube_apis, secure_app_file, test_namespace) 63 64 # deploy transport server 65 transport_server_std_src = f"{TEST_DATA}/{request.param['example']}/standard/transport-server.yaml" 66 ts_resource = create_ts_from_yaml( 67 kube_apis.custom_objects, transport_server_std_src, test_namespace 68 ) 69 ts_host = get_first_host_from_yaml(transport_server_std_src) 70 wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) 71 72 def fin(): 73 print("Clean up TransportServer and app:") 74 delete_ts(kube_apis.custom_objects, ts_resource, test_namespace) 75 delete_items_from_yaml(kube_apis, secure_app_file, test_namespace) 76 77 request.addfinalizer(fin) 78 79 return TransportServerTlsSetup( 80 ingress_controller_endpoint, 81 ts_resource, 82 ts_resource["metadata"]["name"], 83 test_namespace, 84 ts_host, 85 ) 86 87 88 @pytest.mark.ts 89 @pytest.mark.parametrize( 90 "crd_ingress_controller, transport_server_tls_passthrough_setup", 91 [ 92 ( 93 { 94 "type": "complete", 95 "extra_args": [ 96 "-enable-leader-election=false", 97 "-enable-tls-passthrough=true", 98 ], 99 }, 100 {"example": "transport-server-tls-passthrough"}, 101 ) 102 ], 103 indirect=True, 104 ) 105 class TestTransportServerTlsPassthrough: 106 def restore_ts(self, kube_apis, transport_server_tls_passthrough_setup) -> None: 107 """ 108 Function to create std TS resource 109 """ 110 ts_std_src = f"{TEST_DATA}/transport-server-tls-passthrough/standard/transport-server.yaml" 111 ts_std_res = create_ts_from_yaml( 112 kube_apis.custom_objects, 113 ts_std_src, 114 transport_server_tls_passthrough_setup.namespace, 115 ) 116 wait_before_test(1) 117 pprint(ts_std_res) 118 119 @pytest.mark.smoke 120 def test_tls_passthrough( 121 self, 122 kube_apis, 123 crd_ingress_controller, 124 transport_server_tls_passthrough_setup, 125 test_namespace, 126 ): 127 """ 128 Test TransportServer TLS passthrough on https port. 129 """ 130 session = create_sni_session() 131 req_url = ( 132 f"https://{transport_server_tls_passthrough_setup.public_endpoint.public_ip}:" 133 f"{transport_server_tls_passthrough_setup.public_endpoint.port_ssl}" 134 ) 135 wait_before_test() 136 resp = session.get( 137 req_url, 138 headers={"host": transport_server_tls_passthrough_setup.ts_host}, 139 verify=False, 140 ) 141 assert resp.status_code == 200 142 assert f"hello from pod {get_first_pod_name(kube_apis.v1, test_namespace)}" in resp.text 143 144 def test_tls_passthrough_host_collision_ts( 145 self, 146 kube_apis, 147 crd_ingress_controller, 148 transport_server_tls_passthrough_setup, 149 test_namespace, 150 ): 151 """ 152 Test host collision handling in TransportServer with another TransportServer. 153 """ 154 print("Step 1: Create second TS with same host") 155 ts_src_same_host = ( 156 f"{TEST_DATA}/transport-server-tls-passthrough/transport-server-same-host.yaml" 157 ) 158 ts_same_host = create_ts_from_yaml( 159 kube_apis.custom_objects, ts_src_same_host, test_namespace 160 ) 161 wait_before_test() 162 response = read_ts( 163 kube_apis.custom_objects, test_namespace, ts_same_host["metadata"]["name"] 164 ) 165 assert ( 166 response["status"]["reason"] == "Rejected" 167 and response["status"]["message"] == "Host is taken by another resource" 168 ) 169 170 print("Step 2: Delete TS taking up the host") 171 delete_ts( 172 kube_apis.custom_objects, 173 transport_server_tls_passthrough_setup.ts_resource, 174 test_namespace, 175 ) 176 wait_before_test(1) 177 response = read_ts( 178 kube_apis.custom_objects, test_namespace, ts_same_host["metadata"]["name"] 179 ) 180 assert ( 181 response["status"]["reason"] == "AddedOrUpdated" 182 and response["status"]["state"] == "Valid" 183 ) 184 print("Step 3: Delete second TS and re-create standard one") 185 delete_ts( 186 kube_apis.custom_objects, 187 ts_same_host, 188 test_namespace 189 ) 190 self.restore_ts(kube_apis, transport_server_tls_passthrough_setup) 191 response = read_ts( 192 kube_apis.custom_objects, test_namespace, transport_server_tls_passthrough_setup.name 193 ) 194 assert ( 195 response["status"]["reason"] == "AddedOrUpdated" 196 and response["status"]["state"] == "Valid" 197 ) 198 199 def test_tls_passthrough_host_collision_vs( 200 self, 201 kube_apis, 202 crd_ingress_controller, 203 transport_server_tls_passthrough_setup, 204 test_namespace, 205 ): 206 """ 207 Test host collision handling in TransportServer with VirtualServer. 208 """ 209 print("Step 1: Create VirtualServer with same host") 210 vs_src_same_host = ( 211 f"{TEST_DATA}/transport-server-tls-passthrough/virtual-server-same-host.yaml" 212 ) 213 vs_same_host_name = create_virtual_server_from_yaml( 214 kube_apis.custom_objects, vs_src_same_host, test_namespace 215 ) 216 wait_before_test(1) 217 response = read_vs(kube_apis.custom_objects, test_namespace, vs_same_host_name) 218 delete_virtual_server(kube_apis.custom_objects, vs_same_host_name, test_namespace) 219 220 assert ( 221 response["status"]["reason"] == "Rejected" 222 and response["status"]["message"] == "Host is taken by another resource" 223 )