istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/external_ca/reachability_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/external_ca/reachability_test.go (about)

     1  //go:build integ
     2  // +build integ
     3  
     4  // Copyright Istio Authors
     5  //
     6  // Licensed under the Apache License, Version 2.0 (the "License");
     7  // you may not use this file except in compliance with the License.
     8  // You may obtain a copy of the License at
     9  //
    10  //     http://www.apache.org/licenses/LICENSE-2.0
    11  //
    12  // Unless required by applicable law or agreed to in writing, software
    13  // distributed under the License is distributed on an "AS IS" BASIS,
    14  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  // See the License for the specific language governing permissions and
    16  // limitations under the License.
    17  
    18  package externalca
    19  
    20  import (
    21  	"testing"
    22  
    23  	"istio.io/istio/pkg/test/framework"
    24  	"istio.io/istio/pkg/test/framework/components/echo"
    25  	"istio.io/istio/pkg/test/framework/components/echo/check"
    26  	"istio.io/istio/pkg/test/framework/components/echo/echotest"
    27  	"istio.io/istio/pkg/test/framework/components/echo/match"
    28  	"istio.io/istio/pkg/test/framework/components/istio"
    29  	"istio.io/istio/pkg/test/framework/components/namespace"
    30  )
    31  
    32  // TestReachability verifies:
    33  // (a) Different workloads after getting their certificates signed by the K8s CA are successfully able to communicate with each other
    34  func TestReachability(t *testing.T) {
    35  	framework.NewTest(t).
    36  		Run(func(t framework.TestContext) {
    37  			istioCfg := istio.DefaultConfigOrFail(t, t)
    38  			namespace.ClaimOrFail(t, t, istioCfg.SystemNamespace)
    39  
    40  			from := apps.EchoNamespace.A
    41  			to := apps.EchoNamespace.B
    42  			fromAndTo := from.Append(to)
    43  
    44  			echotest.New(t, fromAndTo).
    45  				WithDefaultFilters(1, 1).
    46  				FromMatch(match.ServiceName(from.NamespacedName())).
    47  				ToMatch(match.ServiceName(to.NamespacedName())).
    48  				Run(func(t framework.TestContext, from echo.Instance, to echo.Target) {
    49  					// Verify mTLS works between a and b
    50  					opts := echo.CallOptions{
    51  						To: to,
    52  						Port: echo.Port{
    53  							Name: "http",
    54  						},
    55  					}
    56  					opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
    57  
    58  					from.CallOrFail(t, opts)
    59  				})
    60  		})
    61  }