github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_virtual_server_tls.py

github.com/nginxinc/kubernetes-ingress@v1.12.5/tests/suite/test_virtual_server_tls.py (about)

     1  import pytest
     2  
     3  from _ssl import SSLError
     4  
     5  from settings import TEST_DATA
     6  from suite.resources_utils import create_secret_from_yaml, wait_before_test, delete_secret, is_secret_present, \
     7      replace_secret
     8  from suite.ssl_utils import get_server_certificate_subject
     9  from suite.yaml_utils import get_name_from_yaml
    10  
    11  
    12  @pytest.fixture(scope="class")
    13  def clean_up(request, kube_apis, test_namespace) -> None:
    14      """
    15      Clean up test data.
    16  
    17      :param request: internal pytest fixture
    18      :param kube_apis: client apis
    19      :param test_namespace: str
    20      :return:
    21      """
    22      secret_name = get_name_from_yaml(f"{TEST_DATA}/virtual-server-tls/tls-secret.yaml")
    23  
    24      def fin():
    25          print("Clean up after test:")
    26          if is_secret_present(kube_apis.v1, secret_name, test_namespace):
    27              delete_secret(kube_apis.v1, secret_name, test_namespace)
    28  
    29      request.addfinalizer(fin)
    30  
    31  
    32  def assert_unrecognized_name_error(virtual_server_setup):
    33      try:
    34          get_server_certificate_subject(virtual_server_setup.public_endpoint.public_ip,
    35                                         virtual_server_setup.vs_host,
    36                                         virtual_server_setup.public_endpoint.port_ssl)
    37          pytest.fail("We expected an SSLError here, but didn't get it or got another error. Exiting...")
    38      except SSLError as e:
    39          assert "SSL" in e.library
    40          assert "TLSV1_UNRECOGNIZED_NAME" in e.reason
    41  
    42  
    43  def assert_us_subject(virtual_server_setup):
    44      subject_dict = get_server_certificate_subject(virtual_server_setup.public_endpoint.public_ip,
    45                                                    virtual_server_setup.vs_host,
    46                                                    virtual_server_setup.public_endpoint.port_ssl)
    47      assert subject_dict[b'C'] == b'US'
    48      assert subject_dict[b'ST'] == b'CA'
    49      assert subject_dict[b'O'] == b'Internet Widgits Pty Ltd'
    50      assert subject_dict[b'CN'] == b'cafe.example.com'
    51  
    52  
    53  def assert_gb_subject(virtual_server_setup):
    54      subject_dict = get_server_certificate_subject(virtual_server_setup.public_endpoint.public_ip,
    55                                                    virtual_server_setup.vs_host,
    56                                                    virtual_server_setup.public_endpoint.port_ssl)
    57      assert subject_dict[b'C'] == b'GB'
    58      assert subject_dict[b'ST'] == b'Cambridgeshire'
    59      assert subject_dict[b'O'] == b'nginx'
    60      assert subject_dict[b'CN'] == b'cafe.example.com'
    61  
    62  
    63  @pytest.mark.vs
    64  @pytest.mark.smoke
    65  @pytest.mark.parametrize('crd_ingress_controller, virtual_server_setup',
    66                           [({"type": "complete", "extra_args": [f"-enable-custom-resources"]},
    67                             {"example": "virtual-server-tls", "app_type": "simple"})],
    68                           indirect=True)
    69  class TestVirtualServerTLS:
    70      def test_tls_termination(self, kube_apis, crd_ingress_controller, virtual_server_setup, clean_up):
    71          print("\nStep 1: no secret")
    72          assert_unrecognized_name_error(virtual_server_setup)
    73  
    74          print("\nStep 2: deploy secret and check")
    75          secret_name = create_secret_from_yaml(kube_apis.v1, virtual_server_setup.namespace,
    76                                                f"{TEST_DATA}/virtual-server-tls/tls-secret.yaml")
    77          wait_before_test(1)
    78          assert_us_subject(virtual_server_setup)
    79  
    80          print("\nStep 3: remove secret and check")
    81          delete_secret(kube_apis.v1, secret_name, virtual_server_setup.namespace)
    82          wait_before_test(1)
    83          assert_unrecognized_name_error(virtual_server_setup)
    84  
    85          print("\nStep 4: restore secret and check")
    86          create_secret_from_yaml(kube_apis.v1, virtual_server_setup.namespace,
    87                                  f"{TEST_DATA}/virtual-server-tls/tls-secret.yaml")
    88          wait_before_test(1)
    89          assert_us_subject(virtual_server_setup)
    90  
    91          print("\nStep 5: deploy invalid secret and check")
    92          delete_secret(kube_apis.v1, secret_name, virtual_server_setup.namespace)
    93          create_secret_from_yaml(kube_apis.v1, virtual_server_setup.namespace,
    94                         f"{TEST_DATA}/virtual-server-tls/invalid-tls-secret.yaml")
    95          wait_before_test(1)
    96          assert_unrecognized_name_error(virtual_server_setup)
    97  
    98          print("\nStep 6: restore secret and check")
    99          delete_secret(kube_apis.v1, secret_name, virtual_server_setup.namespace)
   100          create_secret_from_yaml(kube_apis.v1, virtual_server_setup.namespace,
   101                                  f"{TEST_DATA}/virtual-server-tls/tls-secret.yaml")
   102          wait_before_test(1)
   103          assert_us_subject(virtual_server_setup)
   104  
   105          print("\nStep 7: update secret and check")
   106          replace_secret(kube_apis.v1, secret_name, virtual_server_setup.namespace,
   107                         f"{TEST_DATA}/virtual-server-tls/new-tls-secret.yaml")
   108          wait_before_test(1)
   109          assert_gb_subject(virtual_server_setup)