istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/ca_custom_root/multi_root_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/ca_custom_root/multi_root_test.go (about)

     1  //go:build integ
     2  // +build integ
     3  
     4  // Copyright Istio Authors
     5  //
     6  // Licensed under the Apache License, Version 2.0 (the "License");
     7  // you may not use this file except in compliance with the License.
     8  // You may obtain a copy of the License at
     9  //
    10  //     http://www.apache.org/licenses/LICENSE-2.0
    11  //
    12  // Unless required by applicable law or agreed to in writing, software
    13  // distributed under the License is distributed on an "AS IS" BASIS,
    14  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  // See the License for the specific language governing permissions and
    16  // limitations under the License.
    17  
    18  package cacustomroot
    19  
    20  import (
    21  	"fmt"
    22  	"testing"
    23  
    24  	"istio.io/istio/pkg/test/echo/common/scheme"
    25  	"istio.io/istio/pkg/test/framework"
    26  	"istio.io/istio/pkg/test/framework/components/echo"
    27  	"istio.io/istio/pkg/test/framework/components/echo/check"
    28  	"istio.io/istio/pkg/test/framework/components/echo/match"
    29  )
    30  
    31  func TestMultiRootSetup(t *testing.T) {
    32  	framework.NewTest(t).
    33  		Run(func(t framework.TestContext) {
    34  			testNS := apps.EchoNamespace.Namespace
    35  
    36  			t.ConfigIstio().YAML(testNS.Name(), POLICY).ApplyOrFail(t)
    37  
    38  			for _, cluster := range t.Clusters() {
    39  				t.NewSubTest(fmt.Sprintf("From %s", cluster.StableName())).Run(func(t framework.TestContext) {
    40  					verify := func(ctx framework.TestContext, from echo.Instance, to echo.Instances, s scheme.Instance, success bool) {
    41  						want := "success"
    42  						if !success {
    43  							want = "fail"
    44  						}
    45  						name := fmt.Sprintf("server:%s[%s]", to[0].Config().Service, want)
    46  						ctx.NewSubTest(name).Run(func(t framework.TestContext) {
    47  							t.Helper()
    48  							opts := echo.CallOptions{
    49  								To:    to,
    50  								Count: 1,
    51  								Port: echo.Port{
    52  									Name: "https",
    53  								},
    54  								Address: to.Config().Service,
    55  								Scheme:  s,
    56  							}
    57  							opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
    58  
    59  							from.CallOrFail(t, opts)
    60  						})
    61  					}
    62  
    63  					client := match.Cluster(cluster).FirstOrFail(t, client)
    64  					cases := []struct {
    65  						from   echo.Instance
    66  						to     echo.Instances
    67  						expect bool
    68  					}{
    69  						{
    70  							from:   client,
    71  							to:     serverNakedFooAlt,
    72  							expect: true,
    73  						},
    74  					}
    75  
    76  					for _, tc := range cases {
    77  						verify(t, tc.from, tc.to, scheme.HTTP, tc.expect)
    78  					}
    79  				})
    80  			}
    81  		})
    82  }