istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/sds_ingress/quic/ingress_test.go (about) 1 //go:build integ 2 // +build integ 3 4 // Copyright Istio Authors 5 // 6 // Licensed under the Apache License, Version 2.0 (the "License"); 7 // you may not use this file except in compliance with the License. 8 // You may obtain a copy of the License at 9 // 10 // http://www.apache.org/licenses/LICENSE-2.0 11 // 12 // Unless required by applicable law or agreed to in writing, software 13 // distributed under the License is distributed on an "AS IS" BASIS, 14 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 // See the License for the specific language governing permissions and 16 // limitations under the License. 17 18 package quic 19 20 import ( 21 "testing" 22 23 "istio.io/istio/pkg/test/framework" 24 "istio.io/istio/pkg/test/framework/components/echo" 25 "istio.io/istio/pkg/test/framework/components/echo/common/deployment" 26 "istio.io/istio/pkg/test/framework/components/istio" 27 "istio.io/istio/pkg/test/framework/components/namespace" 28 "istio.io/istio/pkg/test/framework/resource" 29 ingressutil "istio.io/istio/tests/integration/security/sds_ingress/util" 30 ) 31 32 var ( 33 inst istio.Instance 34 apps deployment.SingleNamespaceView 35 echo1NS namespace.Instance 36 customConfig []echo.Config 37 ) 38 39 func TestMain(m *testing.M) { 40 // Integration test for the ingress SDS Gateway flow. 41 // nolint: staticcheck 42 framework. 43 NewSuite(m). 44 // Need support for MixedProtocolLBService 45 RequireMinVersion(20). 46 RequireMultiPrimary(). 47 Setup(istio.Setup(&inst, func(_ resource.Context, cfg *istio.Config) { 48 cfg.PrimaryClusterIOPFile = istio.IntegrationTestDefaultsIOPWithQUIC 49 })). 50 Setup(namespace.Setup(&echo1NS, namespace.Config{Prefix: "echo1", Inject: true})). 51 Setup(func(ctx resource.Context) error { 52 // TODO: due to issue https://github.com/istio/istio/issues/25286, 53 // currently VM does not work in this test 54 err := ingressutil.SetupTest(ctx, &customConfig, namespace.Future(&echo1NS)) 55 if err != nil { 56 return err 57 } 58 return nil 59 }). 60 Setup(deployment.SetupSingleNamespace(&apps, deployment.Config{ 61 Namespaces: []namespace.Getter{ 62 namespace.Future(&echo1NS), 63 }, 64 Configs: echo.ConfigFuture(&customConfig), 65 })). 66 Setup(func(ctx resource.Context) error { 67 return ingressutil.CreateCustomInstances(&apps) 68 }). 69 Run() 70 } 71 72 // TestTlsGatewaysWithQUIC deploys multiple TLS gateways with SDS enabled, and creates kubernetes that store 73 // private key and server certificate for each TLS gateway. Verifies that client can communicate by 74 // using both QUIC and TCP/TLS 75 func TestTlsGatewaysWithQUIC(t *testing.T) { 76 // nolint: staticcheck 77 framework. 78 NewTest(t). 79 RequiresSingleCluster(). 80 Run(func(t framework.TestContext) { 81 t.NewSubTest("tcp").Run(func(t framework.TestContext) { 82 ingressutil.RunTestMultiTLSGateways(t, inst, namespace.Future(&echo1NS)) 83 }) 84 t.NewSubTest("quic").Run(func(t framework.TestContext) { 85 ingressutil.RunTestMultiQUICGateways(t, inst, ingressutil.TLS, namespace.Future(&echo1NS)) 86 }) 87 }) 88 } 89 90 // TestMtlsGatewaysWithQUIC deploys multiple mTLS gateways with SDS enabled, and creates kubernetes that store 91 // private key, server certificate and CA certificate for each mTLS gateway. Verifies that client can communicate 92 // by using both QUIC and TCP/mTLS 93 func TestMtlsGatewaysWithQUIC(t *testing.T) { 94 // nolint: staticcheck 95 framework. 96 NewTest(t). 97 RequiresSingleCluster(). 98 Run(func(t framework.TestContext) { 99 t.NewSubTest("tcp").Run(func(t framework.TestContext) { 100 ingressutil.RunTestMultiTLSGateways(t, inst, namespace.Future(&echo1NS)) 101 }) 102 t.NewSubTest("quic").Run(func(t framework.TestContext) { 103 ingressutil.RunTestMultiQUICGateways(t, inst, ingressutil.Mtls, namespace.Future(&echo1NS)) 104 }) 105 }) 106 }