github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_v_s_route_upstream_tls.py

github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_v_s_route_upstream_tls.py (about)

     1  import requests
     2  import pytest
     3  from kubernetes.client.rest import ApiException
     4  
     5  from settings import TEST_DATA
     6  from suite.custom_assertions import assert_event_and_get_count, assert_event_count_increased, assert_response_codes, \
     7      assert_event, assert_no_new_events
     8  from suite.custom_resources_utils import get_vs_nginx_template_conf, patch_v_s_route_from_yaml
     9  from suite.resources_utils import create_items_from_yaml, get_first_pod_name, \
    10      delete_items_from_yaml, wait_until_all_pods_are_ready, wait_before_test, get_events
    11  
    12  
    13  @pytest.fixture(scope="class")
    14  def v_s_route_secure_app_setup(request, kube_apis, v_s_route_setup) -> None:
    15      """
    16      Prepare a secure example app for Virtual Server Route.
    17  
    18      1st namespace with backend1-svc and backend3-svc and deployment
    19      and 2nd namespace with https backend2-svc and deployment.
    20  
    21      :param request: internal pytest fixture
    22      :param kube_apis: client apis
    23      :param v_s_route_setup:
    24      :return:
    25      """
    26      print("---------------------- Deploy a VS Route Example Application ----------------------------")
    27      create_items_from_yaml(kube_apis,
    28                             f"{TEST_DATA}/common/app/vsr/secure/multiple.yaml", v_s_route_setup.route_m.namespace)
    29  
    30      create_items_from_yaml(kube_apis,
    31                             f"{TEST_DATA}/common/app/vsr/secure/single.yaml", v_s_route_setup.route_s.namespace)
    32  
    33      wait_until_all_pods_are_ready(kube_apis.v1, v_s_route_setup.route_m.namespace)
    34      wait_until_all_pods_are_ready(kube_apis.v1, v_s_route_setup.route_s.namespace)
    35  
    36      def fin():
    37          print("Clean up the Application:")
    38          delete_items_from_yaml(kube_apis,
    39                                 f"{TEST_DATA}/common/app/vsr/secure/multiple.yaml",
    40                                 v_s_route_setup.route_m.namespace)
    41          delete_items_from_yaml(kube_apis,
    42                                 f"{TEST_DATA}/common/app/vsr/secure/single.yaml",
    43                                 v_s_route_setup.route_s.namespace)
    44  
    45      request.addfinalizer(fin)
    46  
    47  
    48  @pytest.mark.vsr
    49  @pytest.mark.parametrize('crd_ingress_controller, v_s_route_setup',
    50                           [({"type": "complete", "extra_args": [f"-enable-custom-resources"]},
    51                             {"example": "virtual-server-route-upstream-tls"})],
    52                           indirect=True)
    53  class TestVSRouteUpstreamTls:
    54      def test_responses_and_config_after_setup(self, kube_apis, ingress_controller_prerequisites,
    55                                                crd_ingress_controller, v_s_route_setup, v_s_route_secure_app_setup):
    56          ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
    57          config = get_vs_nginx_template_conf(kube_apis.v1,
    58                                              v_s_route_setup.namespace,
    59                                              v_s_route_setup.vs_name,
    60                                              ic_pod_name,
    61                                              ingress_controller_prerequisites.namespace)
    62          req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
    63          resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
    64                                headers={"host": v_s_route_setup.vs_host})
    65          resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
    66                                headers={"host": v_s_route_setup.vs_host})
    67          vs_line = f"vs_{v_s_route_setup.namespace}_{v_s_route_setup.vs_name}"
    68          proxy_host_s = f"{vs_line}_vsr_{v_s_route_setup.route_s.namespace}_{v_s_route_setup.route_s.name}"
    69          proxy_host_m = f"{vs_line}_vsr_{v_s_route_setup.route_m.namespace}_{v_s_route_setup.route_m.name}"
    70          assert f'proxy_pass https://{proxy_host_m}' not in config
    71          assert f'proxy_pass https://{proxy_host_s}' in config
    72          assert_response_codes(resp_1, resp_2)
    73  
    74      def test_events_after_setup(self, kube_apis, ingress_controller_prerequisites,
    75                                  crd_ingress_controller, v_s_route_setup, v_s_route_secure_app_setup):
    76          text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
    77          text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
    78          text_vs = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
    79          vsr_s_event_text = f"Configuration for {text_s} was added or updated"
    80          vsr_m_event_text = f"Configuration for {text_m} was added or updated"
    81          vs_event_text = f"Configuration for {text_vs} was added or updated"
    82          events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
    83          events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
    84          assert_event(vsr_s_event_text, events_ns_s)
    85          assert_event(vsr_m_event_text, events_ns_m)
    86          assert_event(vs_event_text, events_ns_m)
    87  
    88      def test_validation_flow(self, kube_apis, ingress_controller_prerequisites,
    89                               crd_ingress_controller,
    90                               v_s_route_setup, v_s_route_secure_app_setup):
    91          ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
    92          initial_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
    93          initial_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
    94          try:
    95              patch_v_s_route_from_yaml(kube_apis.custom_objects,
    96                                        v_s_route_setup.route_s.name,
    97                                        f"{TEST_DATA}/virtual-server-route-upstream-tls/route-single-invalid.yaml",
    98                                        v_s_route_setup.route_s.namespace)
    99          except ApiException as ex:
   100              assert ex.status == 422 and "spec.upstreams.tls.enable" in ex.body
   101          except Exception as ex:
   102              pytest.fail(f"An unexpected exception is raised: {ex}")
   103          else:
   104              pytest.fail("Expected an exception but there was none")
   105  
   106          wait_before_test(1)
   107          config = get_vs_nginx_template_conf(kube_apis.v1,
   108                                              v_s_route_setup.namespace,
   109                                              v_s_route_setup.vs_name,
   110                                              ic_pod_name,
   111                                              ingress_controller_prerequisites.namespace)
   112          req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
   113          resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
   114                                headers={"host": v_s_route_setup.vs_host})
   115          resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
   116                                headers={"host": v_s_route_setup.vs_host})
   117          new_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
   118          new_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
   119  
   120          vs_line = f"vs_{v_s_route_setup.namespace}_{v_s_route_setup.vs_name}"
   121          proxy_host_s = f"{vs_line}_vsr_{v_s_route_setup.route_s.namespace}_{v_s_route_setup.route_s.name}"
   122          proxy_host_m = f"{vs_line}_vsr_{v_s_route_setup.route_m.namespace}_{v_s_route_setup.route_m.name}"
   123          assert f'proxy_pass https://{proxy_host_m}' not in config
   124          assert f'proxy_pass https://{proxy_host_s}' in config
   125          assert_response_codes(resp_1, resp_2)
   126          assert_no_new_events(initial_events_ns_m, new_events_ns_m)
   127          assert_no_new_events(initial_events_ns_s, new_events_ns_s)
   128  
   129      def test_responses_and_config_after_disable_tls(self, kube_apis, ingress_controller_prerequisites,
   130                                                      crd_ingress_controller,
   131                                                      v_s_route_setup, v_s_route_secure_app_setup):
   132          ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace)
   133          text_s = f"{v_s_route_setup.route_s.namespace}/{v_s_route_setup.route_s.name}"
   134          text_m = f"{v_s_route_setup.route_m.namespace}/{v_s_route_setup.route_m.name}"
   135          text_vs = f"{v_s_route_setup.namespace}/{v_s_route_setup.vs_name}"
   136          vsr_s_event_text = f"Configuration for {text_s} was added or updated"
   137          vsr_m_event_text = f"Configuration for {text_m} was added or updated"
   138          vs_event_text = f"Configuration for {text_vs} was added or updated"
   139          initial_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
   140          initial_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
   141          initial_count_vsr_m = assert_event_and_get_count(vsr_m_event_text, initial_events_ns_m)
   142          initial_count_vsr_s = assert_event_and_get_count(vsr_s_event_text, initial_events_ns_s)
   143          initial_count_vs = assert_event_and_get_count(vs_event_text, initial_events_ns_m)
   144          patch_v_s_route_from_yaml(kube_apis.custom_objects,
   145                                    v_s_route_setup.route_s.name,
   146                                    f"{TEST_DATA}/virtual-server-route-upstream-tls/route-single-disable-tls.yaml",
   147                                    v_s_route_setup.route_s.namespace)
   148          wait_before_test(1)
   149          config = get_vs_nginx_template_conf(kube_apis.v1,
   150                                              v_s_route_setup.namespace,
   151                                              v_s_route_setup.vs_name,
   152                                              ic_pod_name,
   153                                              ingress_controller_prerequisites.namespace)
   154          req_url = f"http://{v_s_route_setup.public_endpoint.public_ip}:{v_s_route_setup.public_endpoint.port}"
   155          resp_1 = requests.get(f"{req_url}{v_s_route_setup.route_m.paths[0]}",
   156                                headers={"host": v_s_route_setup.vs_host})
   157          resp_2 = requests.get(f"{req_url}{v_s_route_setup.route_s.paths[0]}",
   158                                headers={"host": v_s_route_setup.vs_host})
   159          new_events_ns_m = get_events(kube_apis.v1, v_s_route_setup.route_m.namespace)
   160          new_events_ns_s = get_events(kube_apis.v1, v_s_route_setup.route_s.namespace)
   161  
   162          assert 'proxy_pass https://' not in config
   163          assert_response_codes(resp_1, resp_2, 200, 400)
   164          assert_event_count_increased(vsr_m_event_text, initial_count_vsr_m, new_events_ns_m)
   165          assert_event_count_increased(vs_event_text, initial_count_vs, new_events_ns_m)
   166          assert_event_count_increased(vsr_s_event_text, initial_count_vsr_s, new_events_ns_s)