github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_virtual_server_configmap_keys.py (about) 1 import pytest 2 3 from settings import TEST_DATA, DEPLOYMENTS 4 from suite.resources_utils import wait_before_test, replace_configmap_from_yaml, get_events, get_first_pod_name, \ 5 get_file_contents, get_pods_amount 6 from suite.custom_resources_utils import get_vs_nginx_template_conf 7 from suite.yaml_utils import get_configmap_fields_from_yaml 8 9 10 def assert_update_events_emitted(virtual_server_setup, new_list, previous_list, expected_amount): 11 item_name = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" 12 text_valid = f"Configuration for {item_name} was added or updated" 13 text_invalid = "but was not applied" 14 new_event = new_list[len(new_list) - 1] 15 assert len(new_list) - len(previous_list) == expected_amount 16 assert text_valid in new_event.message and text_invalid not in new_event.message 17 18 19 def assert_not_applied_events_emitted(virtual_server_setup, new_list, previous_list, expected_amount): 20 item_name = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" 21 text_invalid = f"Configuration for {item_name} was added or updated ; but was not applied" 22 new_event = new_list[len(new_list) - 1] 23 assert len(new_list) - len(previous_list) == expected_amount 24 assert text_invalid in new_event.message 25 26 27 def assert_update_event_count_increased(virtual_server_setup, new_list, previous_list): 28 item_name = f"{virtual_server_setup.namespace}/{virtual_server_setup.vs_name}" 29 text_valid = f"Configuration for {item_name} was added or updated" 30 text_invalid = "but was not applied" 31 for i in range(len(previous_list)-1, 0, -1): 32 if text_valid in previous_list[i].message and text_invalid not in previous_list[i].message: 33 assert new_list[i].count - previous_list[i].count == 1, "We expect the counter to increase" 34 35 36 def assert_keys_without_validation(config, expected_values): 37 assert f"proxy_connect_timeout {expected_values['proxy-connect-timeout']};" in config 38 assert f"proxy_read_timeout {expected_values['proxy-read-timeout']};" in config 39 assert f"client_max_body_size {expected_values['client-max-body-size']};" in config 40 assert f"proxy_buffers {expected_values['proxy-buffers']};" in config 41 assert f"proxy_buffer_size {expected_values['proxy-buffer-size']};" in config 42 assert f"proxy_max_temp_file_size {expected_values['proxy-max-temp-file-size']};" in config 43 assert f"set_real_ip_from {expected_values['set-real-ip-from']};" in config 44 assert f"real_ip_header {expected_values['real-ip-header']};" in config 45 assert f"{expected_values['location-snippets']}" in config 46 assert f"{expected_values['server-snippets']}" in config 47 assert f"fail_timeout={expected_values['fail-timeout']}" in config 48 assert f"proxy_send_timeout {expected_values['proxy-send-timeout']};" in config 49 assert f" {expected_values['upstream-zone-size']};" in config 50 51 52 def assert_keys_with_validation(config, expected_values): 53 # based on f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys.yaml" 54 assert "proxy_buffering off;" in config 55 assert "real_ip_recursive on;" in config 56 assert f"max_fails={expected_values['max-fails']}" in config 57 assert f"keepalive {expected_values['keepalive']};" in config 58 assert "listen 80 proxy_protocol;" in config 59 60 61 def assert_keys_with_validation_in_main_config(config, expected_values): 62 # based on f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys.yaml" 63 assert f"variables_hash_bucket_size {expected_values['variables-hash-bucket-size']};" in config 64 assert f"variables_hash_max_size {expected_values['variables-hash-max-size']};" in config 65 66 67 def assert_specific_keys_for_nginx_plus(config, expected_values): 68 # based on f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys.yaml" 69 assert f"server_tokens \"{expected_values['server-tokens']}\";" in config 70 assert "random two least_conn;" not in config \ 71 and expected_values['lb-method'] in config 72 assert "zone " in config and " 256k;" in config 73 74 75 def assert_specific_keys_for_nginx_oss(config, expected_values): 76 # based on f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml" 77 assert "server_tokens \"off\"" in config 78 assert "random two least_conn;" not in config \ 79 and expected_values['lb-method'] in config 80 assert "zone " not in config and " 256k;" not in config 81 82 83 def assert_defaults_of_keys_with_validation(config, unexpected_values): 84 assert "proxy_buffering on;" in config 85 assert "real_ip_recursive" not in config 86 assert "max_fails=1" in config 87 assert "keepalive" not in config 88 assert "listen 80;" in config 89 assert "server_tokens \"on\"" in config 90 assert "random two least_conn;" in config and unexpected_values['lb-method'] not in config 91 assert f"proxy_send_timeout 60s;" in config 92 assert "zone " in config and " 256k;" in config 93 94 95 def assert_defaults_of_keys_with_validation_in_main_config(config, unexpected_values): 96 assert "variables_hash_bucket_size 256;" in config 97 assert "variables_hash_max_size 1024;" in config 98 assert f"variables_hash_bucket_size {unexpected_values['variables-hash-bucket-size']};" not in config 99 assert f"variables_hash_max_size {unexpected_values['variables-hash-max-size']};" not in config 100 101 102 def assert_ssl_keys(config): 103 # based on f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys.yaml" 104 assert "if ($schema = 'http') {" not in config 105 assert "listen 443 ssl http2 proxy_protocol;" in config 106 107 108 def assert_defaults_of_ssl_keys(config): 109 assert "if ($schema = 'http') {" not in config 110 assert "listen 443 ssl;" in config 111 assert "http2" not in config 112 113 114 @pytest.fixture(scope="function") 115 def clean_up(request, kube_apis, ingress_controller_prerequisites, test_namespace) -> None: 116 """ 117 Return ConfigMap to the initial state after the test. 118 119 :param request: internal pytest fixture 120 :param kube_apis: client apis 121 :param ingress_controller_prerequisites: 122 :param test_namespace: str 123 :return: 124 """ 125 126 def fin(): 127 replace_configmap_from_yaml(kube_apis.v1, 128 ingress_controller_prerequisites.config_map['metadata']['name'], 129 ingress_controller_prerequisites.namespace, 130 f"{DEPLOYMENTS}/common/nginx-config.yaml") 131 132 request.addfinalizer(fin) 133 134 135 @pytest.mark.vs 136 @pytest.mark.parametrize('crd_ingress_controller, virtual_server_setup', 137 [({"type": "complete", "extra_args": [f"-enable-custom-resources"]}, 138 {"example": "virtual-server-configmap-keys", "app_type": "simple"})], 139 indirect=True) 140 class TestVirtualServerConfigMapNoTls: 141 def test_keys(self, cli_arguments, kube_apis, ingress_controller_prerequisites, 142 crd_ingress_controller, virtual_server_setup, clean_up): 143 ic_pods_amount = get_pods_amount(kube_apis.v1, ingress_controller_prerequisites.namespace) 144 ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) 145 initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace) 146 147 print("Step 1: update ConfigMap with valid keys without validation rules") 148 replace_configmap_from_yaml(kube_apis.v1, 149 ingress_controller_prerequisites.config_map['metadata']['name'], 150 ingress_controller_prerequisites.namespace, 151 f"{TEST_DATA}/virtual-server-configmap-keys/configmap-no-validation-keys.yaml") 152 expected_values = get_configmap_fields_from_yaml( 153 f"{TEST_DATA}/virtual-server-configmap-keys/configmap-no-validation-keys.yaml") 154 wait_before_test(1) 155 step_1_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 156 step_1_config = get_vs_nginx_template_conf(kube_apis.v1, 157 virtual_server_setup.namespace, 158 virtual_server_setup.vs_name, 159 ic_pod_name, 160 ingress_controller_prerequisites.namespace) 161 assert_update_event_count_increased(virtual_server_setup, step_1_events, initial_list) 162 assert_keys_without_validation(step_1_config, expected_values) 163 164 print("Step 2: update ConfigMap with invalid keys without validation rules") 165 cm_src = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml" 166 replace_configmap_from_yaml(kube_apis.v1, 167 ingress_controller_prerequisites.config_map['metadata']['name'], 168 ingress_controller_prerequisites.namespace, 169 cm_src) 170 expected_values = get_configmap_fields_from_yaml( 171 f"{TEST_DATA}/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml") 172 wait_before_test(1) 173 step_2_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 174 step_2_config = get_vs_nginx_template_conf(kube_apis.v1, 175 virtual_server_setup.namespace, 176 virtual_server_setup.vs_name, 177 ic_pod_name, 178 ingress_controller_prerequisites.namespace) 179 assert_not_applied_events_emitted(virtual_server_setup, step_2_events, step_1_events, ic_pods_amount) 180 assert_keys_without_validation(step_2_config, expected_values) 181 182 # to cover the OSS case, this will be changed in the future 183 if cli_arguments['ic-type'] == "nginx-ingress": 184 data_file = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml" 185 data_file_invalid = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys-invalid-oss.yaml" 186 else: 187 data_file = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys.yaml" 188 data_file_invalid = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml" 189 190 print("Step 3: update ConfigMap with valid keys with validation rules") 191 replace_configmap_from_yaml(kube_apis.v1, 192 ingress_controller_prerequisites.config_map['metadata']['name'], 193 ingress_controller_prerequisites.namespace, 194 data_file) 195 expected_values = get_configmap_fields_from_yaml(data_file) 196 wait_before_test(1) 197 step_3_config = get_vs_nginx_template_conf(kube_apis.v1, 198 virtual_server_setup.namespace, 199 virtual_server_setup.vs_name, 200 ic_pod_name, 201 ingress_controller_prerequisites.namespace) 202 step_3_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 203 assert_update_event_count_increased(virtual_server_setup, step_3_events, step_2_events) 204 assert_keys_with_validation(step_3_config, expected_values) 205 # to cover the OSS case, this will be changed in the future 206 if cli_arguments['ic-type'] == "nginx-ingress": 207 assert_specific_keys_for_nginx_oss(step_3_config, expected_values) 208 else: 209 assert_specific_keys_for_nginx_plus(step_3_config, expected_values) 210 211 print("Step 4: update ConfigMap with invalid keys") 212 replace_configmap_from_yaml(kube_apis.v1, 213 ingress_controller_prerequisites.config_map['metadata']['name'], 214 ingress_controller_prerequisites.namespace, 215 data_file_invalid) 216 expected_values = get_configmap_fields_from_yaml(data_file_invalid) 217 wait_before_test(1) 218 step_4_config = get_vs_nginx_template_conf(kube_apis.v1, 219 virtual_server_setup.namespace, 220 virtual_server_setup.vs_name, 221 ic_pod_name, 222 ingress_controller_prerequisites.namespace) 223 step_4_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 224 assert_update_event_count_increased(virtual_server_setup, step_4_events, step_3_events) 225 assert_defaults_of_keys_with_validation(step_4_config, expected_values) 226 227 def test_keys_in_main_config(self, cli_arguments, kube_apis, ingress_controller_prerequisites, 228 crd_ingress_controller, virtual_server_setup, clean_up): 229 wait_before_test(1) 230 ic_pods_amount = get_pods_amount(kube_apis.v1, ingress_controller_prerequisites.namespace) 231 ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) 232 initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace) 233 data_file = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys.yaml" 234 data_file_invalid = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml" 235 config_path = "/etc/nginx/nginx.conf" 236 237 print("Step 5: main config: update ConfigMap with valid keys with validation rules") 238 replace_configmap_from_yaml(kube_apis.v1, 239 ingress_controller_prerequisites.config_map['metadata']['name'], 240 ingress_controller_prerequisites.namespace, 241 data_file) 242 expected_values = get_configmap_fields_from_yaml(data_file) 243 wait_before_test(1) 244 step_5_config = get_file_contents(kube_apis.v1, 245 config_path, ic_pod_name, ingress_controller_prerequisites.namespace) 246 step_5_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 247 assert_update_event_count_increased(virtual_server_setup, step_5_events, initial_list) 248 assert_keys_with_validation_in_main_config(step_5_config, expected_values) 249 250 print("Step 6: main config: update ConfigMap with invalid keys") 251 replace_configmap_from_yaml(kube_apis.v1, 252 ingress_controller_prerequisites.config_map['metadata']['name'], 253 ingress_controller_prerequisites.namespace, 254 data_file_invalid) 255 unexpected_values = get_configmap_fields_from_yaml(data_file_invalid) 256 wait_before_test(1) 257 step_6_config = get_file_contents(kube_apis.v1, 258 config_path, ic_pod_name, ingress_controller_prerequisites.namespace) 259 step_6_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 260 assert_update_event_count_increased(virtual_server_setup, step_6_events, step_5_events) 261 assert_defaults_of_keys_with_validation_in_main_config(step_6_config, unexpected_values) 262 263 print("Step 7: main config: special case for hash variables") 264 data_file = f"{TEST_DATA}/virtual-server-configmap-keys/configmap-global-variables.yaml" 265 expected_values = get_configmap_fields_from_yaml(data_file) 266 replace_configmap_from_yaml(kube_apis.v1, 267 ingress_controller_prerequisites.config_map['metadata']['name'], 268 ingress_controller_prerequisites.namespace, 269 data_file) 270 wait_before_test(1) 271 step_7_config = get_file_contents(kube_apis.v1, 272 config_path, ic_pod_name, ingress_controller_prerequisites.namespace) 273 step_7_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 274 assert_not_applied_events_emitted(virtual_server_setup, step_7_events, step_6_events, ic_pods_amount) 275 assert_keys_with_validation_in_main_config(step_7_config, expected_values) 276 277 278 @pytest.mark.vs 279 @pytest.mark.parametrize('crd_ingress_controller, virtual_server_setup', 280 [({"type": "complete", "extra_args": [f"-enable-custom-resources"]}, 281 {"example": "virtual-server-tls", "app_type": "simple"})], 282 indirect=True) 283 class TestVirtualServerConfigMapWithTls: 284 def test_ssl_keys(self, cli_arguments, kube_apis, ingress_controller_prerequisites, crd_ingress_controller, 285 virtual_server_setup, clean_up): 286 ic_pods_amount = get_pods_amount(kube_apis.v1, ingress_controller_prerequisites.namespace) 287 ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) 288 initial_list = get_events(kube_apis.v1, virtual_server_setup.namespace) 289 290 print("Step 1: update ConfigMap with valid ssl keys") 291 replace_configmap_from_yaml(kube_apis.v1, 292 ingress_controller_prerequisites.config_map['metadata']['name'], 293 ingress_controller_prerequisites.namespace, 294 f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys.yaml") 295 wait_before_test(1) 296 step_1_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 297 step_1_config = get_vs_nginx_template_conf(kube_apis.v1, 298 virtual_server_setup.namespace, 299 virtual_server_setup.vs_name, 300 ic_pod_name, 301 ingress_controller_prerequisites.namespace) 302 assert_update_event_count_increased(virtual_server_setup, step_1_events, initial_list) 303 assert_ssl_keys(step_1_config) 304 305 print("Step 2: update ConfigMap with invalid ssl keys") 306 replace_configmap_from_yaml(kube_apis.v1, 307 ingress_controller_prerequisites.config_map['metadata']['name'], 308 ingress_controller_prerequisites.namespace, 309 f"{TEST_DATA}/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml") 310 wait_before_test(1) 311 step_2_events = get_events(kube_apis.v1, virtual_server_setup.namespace) 312 step_2_config = get_vs_nginx_template_conf(kube_apis.v1, 313 virtual_server_setup.namespace, 314 virtual_server_setup.vs_name, 315 ic_pod_name, 316 ingress_controller_prerequisites.namespace) 317 assert_update_event_count_increased(virtual_server_setup, step_2_events, step_1_events) 318 assert_defaults_of_ssl_keys(step_2_config)