Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingress MTLS tests #1555

Merged
merged 14 commits into from
Apr 27, 2021
Merged

Ingress MTLS tests #1555

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
eff37fc
add ingress mtls test
vepatel Apr 14, 2021
250e46c
add std vs
vepatel Apr 14, 2021
c9172c7
change vs host
vepatel Apr 14, 2021
47eb8dd
Update tls secret
vepatel Apr 14, 2021
fbe59c8
update certs with host
vepatel Apr 14, 2021
bbc72f1
modify get_cert
vepatel Apr 14, 2021
f9f1656
Addind encoded cert
vepatel Apr 14, 2021
167d406
Update secrets
vepatel Apr 16, 2021
198b0ff
Add correct cert and SNI module
vepatel Apr 20, 2021
f68b555
Merge branch 'master' into ingress-mtls-tests
vepatel Apr 22, 2021
986091c
Add VirtualServer spec test cases
vepatel Apr 23, 2021
f55aac7
Add all ingress-mtls test changes
vepatel Apr 26, 2021
8cf06e4
Update comment and revert SSL asserts
vepatel Apr 26, 2021
6da2fed
replce if-elif with mock resp and parameterization
vepatel Apr 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions tests/.flake8
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[flake8]
format = pylint
max-complexity = 10
max-line-length = 170
exclude = .git,__pycache__,data,.idea.pytest_cache
max-line-length = 100
exclude = .git,__pycache__,data,.idea.pytest_cache
15 changes: 15 additions & 0 deletions tests/data/ingress-mtls/client-auth/invalid/client-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCAQEwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEOMAwGA1UECgwFTkdJTlgx
DDAKBgNVBAsMA0tJQzEWMBQGA1UEAwwNa2ljLm5naW54LmNvbTEjMCEGCSqGSIb3
DQEJARYUa3ViZXJuZXRlc0BuZ2lueC5jb20wHhcNMjAwOTE4MjAyNzE1WhcNMzAw
OTE2MjAyNzE1WjBCMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xDjAMBgNVBAoMBU5HSU5YMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAskZK0jdmXZdjOngrtX07p7Z8xO8KiS2nGyxMMePSrjwC
btNWXBj3E/fWTVZFzyZOzbmtCXH/7/u/pmz8pLxN/uYzGFMY3/Pes6DS655n2sud
w+UUZAXAFY3w/y6bO35YY+KM3WmV7e26t09IRFafpQJ8cOK2t1U6qKnAMR32Fcd1
UqGZbUWUmKs3idMvQKokCPuJX0UE91diz4nKPmhpTbTxfnQ8IsKzhUCmZtY5/eTq
lB/2FHKPGpjGnUcuBC28Erew3xk8dL554XI++oAxjrnQbNQBu0/LXCbsvdf3IAJA
7KxFbP5Ky66BVEZTnRl6ZAFOfQ/x5TisvmKpKGnWQwIDAQABMA0GCSqGSIb3DQEB
swgtas
-----END CERTIFICATE-----
25 changes: 25 additions & 0 deletions tests/data/ingress-mtls/client-auth/invalid/client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyRkrSN2Zdl2M6
eCu1fTuntnzE7wqJLacbLEwx49KuPAJu01ZcGPcT99ZNVkXPJk7Nua0Jcf/v+7+m
bPykvE3+5jMYUxjf896zoNLrnmfay53D5RRkBcAVjfD/Lps7flhj4ozdaZXt7bq3
T0hEVp+lAnxw4ra3VTqoqcAxHfYVx3VSoZltRZSYqzeJ0y9AqiQI+4lfRQT3V2LP
ico+aGlNtPF+dDwiwrOFQKZm1jn95OqUH/YUco8amMadRy4ELbwSt7DfGTx0vnnh
cj76gDGOudBs1AG7T8tcJuy91/cgAkDsrEVs/krLroFURlOdGXpkAU59D/HlOKy+
YqkoadZDAgMBAAECggEBAIqyvYuHppCyM3VOAVOWN09oXvIouB258wTlFfLKuSLt
dUccDVhh4/kZHRXWRUHBIBZWmxV6KBFh391vdbAFAPmLx7zpCbVTWrSOLws5lrtX
J0s9cvvOrX8Xi6Q9cnB6//HWVJn+h7Mw/c+YUzU338TVhlOdT2KbYKPQTcLo+Ig/
9VbN6f8PBnORXATbNLBXL9fZY77UVBsz0ZuUrknL3psGG/W7ys/hEKNUAvvjamm9
m4JIp4Be2VjrrygnlbMnVqWpak2ZKoc/vly0Mb1Be/jO79sY8ztTM16MbxKV8wXX
6hvuwnvBLIroVPV3m0Z3DTZnNROs4UEdXGz/nFOj7EECgYEA4WE7jbSPs5ZEcssf
pU18E5Xw7BZU6f1rOhwWJnPOPaAgynFXm+SzwqAmWGtXEChaXfAH2f6pi9MEtcFR
lrRH3IrZ0VlJgI2hoNjhn5Es11/kCZ91wLMP8Zjtx4hUSblJSitc4yNIHOAB6cqp
0sQ22UVdv2NvpPsTx30hBreUYxsCgYEAyn66QB0UuV9OnE5wvAoit2Kq4UkO26gL
OTuA7Ov9W/vMjRgy74MlIVqGlNYXACfhze6Py94pw8xDOxMnd+NnTNF4nTFnlQUL
lpiby/f664NkAI0ZGJVXaiv6W3VkzSyBvEYTUrsfeU/3D5sPjlUrEikUfTtQ3ezS
d22o+c5mY/kCgYBBPoCa+RZQisOt55d1pwSwNsvTzHMweag83jybTRL7TAuyDzWp
b3+KbAottoUxrDzczMu5E7vJOoE2jIwt8GqNMbT0ocBhcp7DjYVjSAePIbdGAd94
tV18NyU+ify8iuLokb0GFASgN0jWgVDALwUhyK7m5MZBIF4Nde/Fngda2QKBgEje
kefAj1SmF4PoNml0vEmCGDw6Lj6dmmxeHWclBWe0lUexDaNjblkyWnv1DxHfSELz
NowGxsDPIOKBYhKiounh96WZwcy+pAztniMoegOGpNYN8JoIJAzxBocjF8M94PH/
xsdfgb4567gb
-----END PRIVATE KEY-----
20 changes: 20 additions & 0 deletions tests/data/ingress-mtls/client-auth/valid/client-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCAQEwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEOMAwGA1UECgwFTkdJTlgx
DDAKBgNVBAsMA0tJQzEWMBQGA1UEAwwNa2ljLm5naW54LmNvbTEjMCEGCSqGSIb3
DQEJARYUa3ViZXJuZXRlc0BuZ2lueC5jb20wHhcNMjAwOTE4MjAyNzE1WhcNMzAw
OTE2MjAyNzE1WjBCMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xDjAMBgNVBAoMBU5HSU5YMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAskZK0jdmXZdjOngrtX07p7Z8xO8KiS2nGyxMMePSrjwC
btNWXBj3E/fWTVZFzyZOzbmtCXH/7/u/pmz8pLxN/uYzGFMY3/Pes6DS655n2sud
w+UUZAXAFY3w/y6bO35YY+KM3WmV7e26t09IRFafpQJ8cOK2t1U6qKnAMR32Fcd1
UqGZbUWUmKs3idMvQKokCPuJX0UE91diz4nKPmhpTbTxfnQ8IsKzhUCmZtY5/eTq
lB/2FHKPGpjGnUcuBC28Erew3xk8dL554XI++oAxjrnQbNQBu0/LXCbsvdf3IAJA
7KxFbP5Ky66BVEZTnRl6ZAFOfQ/x5TisvmKpKGnWQwIDAQABMA0GCSqGSIb3DQEB
CwUAA4IBAQAPIizrylHuoo/lQS6wJvw5J2F+2j308W/wIcCdaPUE7BMwKV/rwDbL
eYWXdmp/9Str2JbrRpggh9/PFsOTGVWrX7jNYK/VCAwoPmczxPmmbPHgu90MPEMa
iGLcTo3NG4IU6bMTFoDR9qkTte4cD9mexyFhEPDU5/uj02+kxU0IpGLhniXrRXbh
I8iSAW6F2x1/pQcQSgsIkvef5t1RYOAapj/y9PLOE4dv7QMhgQpaKu0ASM9IeHz8
uNSxlAvZeoQvJrFKGVLZlmM7SHC2p5rpJkMfjecpr6yHVGkkTnLXwOB2EFtcL0K+
Sp83Sm5XIgP5KeC9F4H5JWI5vPQIYCPj
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions tests/data/ingress-mtls/client-auth/valid/client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyRkrSN2Zdl2M6
eCu1fTuntnzE7wqJLacbLEwx49KuPAJu01ZcGPcT99ZNVkXPJk7Nua0Jcf/v+7+m
bPykvE3+5jMYUxjf896zoNLrnmfay53D5RRkBcAVjfD/Lps7flhj4ozdaZXt7bq3
T0hEVp+lAnxw4ra3VTqoqcAxHfYVx3VSoZltRZSYqzeJ0y9AqiQI+4lfRQT3V2LP
ico+aGlNtPF+dDwiwrOFQKZm1jn95OqUH/YUco8amMadRy4ELbwSt7DfGTx0vnnh
cj76gDGOudBs1AG7T8tcJuy91/cgAkDsrEVs/krLroFURlOdGXpkAU59D/HlOKy+
YqkoadZDAgMBAAECggEBAIqyvYuHppCyM3VOAVOWN09oXvIouB258wTlFfLKuSLt
dUccDVhh4/kZHRXWRUHBIBZWmxV6KBFh391vdbAFAPmLx7zpCbVTWrSOLws5lrtX
J0s9cvvOrX8Xi6Q9cnB6//HWVJn+h7Mw/c+YUzU338TVhlOdT2KbYKPQTcLo+Ig/
9VbN6f8PBnORXATbNLBXL9fZY77UVBsz0ZuUrknL3psGG/W7ys/hEKNUAvvjamm9
m4JIp4Be2VjrrygnlbMnVqWpak2ZKoc/vly0Mb1Be/jO79sY8ztTM16MbxKV8wXX
6hvuwnvBLIroVPV3m0Z3DTZnNROs4UEdXGz/nFOj7EECgYEA4WE7jbSPs5ZEcssf
pU18E5Xw7BZU6f1rOhwWJnPOPaAgynFXm+SzwqAmWGtXEChaXfAH2f6pi9MEtcFR
lrRH3IrZ0VlJgI2hoNjhn5Es11/kCZ91wLMP8Zjtx4hUSblJSitc4yNIHOAB6cqp
0sQ22UVdv2NvpPsTx30hBreUYxsCgYEAyn66QB0UuV9OnE5wvAoit2Kq4UkO26gL
OTuA7Ov9W/vMjRgy74MlIVqGlNYXACfhze6Py94pw8xDOxMnd+NnTNF4nTFnlQUL
lpiby/f664NkAI0ZGJVXaiv6W3VkzSyBvEYTUrsfeU/3D5sPjlUrEikUfTtQ3ezS
d22o+c5mY/kCgYBBPoCa+RZQisOt55d1pwSwNsvTzHMweag83jybTRL7TAuyDzWp
b3+KbAottoUxrDzczMu5E7vJOoE2jIwt8GqNMbT0ocBhcp7DjYVjSAePIbdGAd94
tV18NyU+ify8iuLokb0GFASgN0jWgVDALwUhyK7m5MZBIF4Nde/Fngda2QKBgEje
kefAj1SmF4PoNml0vEmCGDw6Lj6dmmxeHWclBWe0lUexDaNjblkyWnv1DxHfSELz
NowGxsDPIOKBYhKiounh96WZwcy+pAztniMoegOGpNYN8JoIJAzxBocjF8M94PH/
xbRf4lOlkyLqig6OV5GRdu4aCl/SeWrA6635uJ8BAoGAWDX26ve1vlX8frKtcdfP
JZue3RdqfmD1uK6XQ2D+MtQc9M6WTD+vYZZRweFZ0W308fFHnIDli3qwWHUAX2HF
LM7BW2EapaZ7NBkQvBo/fMUedrTOUIE867hgb8ujGYZPBKHIBwf2fVdsliMiyrpI
n2TgZVY82cjWxA8olS8QcRA=
-----END PRIVATE KEY-----
9 changes: 9 additions & 0 deletions tests/data/ingress-mtls/policies/ingress-mtls-invalid.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
name: ingress-mtls-policy
spec:
ingredsssMTLS: # invalid/mis-spelled yaml keys
clientCertSecrettt: ingress-mtls-secret
verifyadClient: "on"
verifyDeaerpth: 1
vepatel marked this conversation as resolved.
Show resolved Hide resolved
9 changes: 9 additions & 0 deletions tests/data/ingress-mtls/policies/ingress-mtls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
name: ingress-mtls-policy
spec:
ingressMTLS:
clientCertSecret: ingress-mtls-secret
verifyClient: "on"
verifyDepth: 1
24 changes: 24 additions & 0 deletions tests/data/ingress-mtls/route-subroute/virtual-server-mtls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: virtual-server
spec:
host: virtual-server.example.com
tls:
secret: tls-secret
upstreams:
- name: backend2
service: backend2-svc
port: 80
- name: backend1
service: backend1-svc
port: 80
routes:
- path: "/backend1"
policies:
- name: ingress-mtls-policy
action:
pass: backend1
- path: "/backend2"
action:
pass: backend2
22 changes: 22 additions & 0 deletions tests/data/ingress-mtls/route-subroute/virtual-server-route-mtls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: k8s.nginx.org/v1
kind: VirtualServerRoute
metadata:
name: backends
spec:
host: virtual-server-route.example.com
upstreams:
- name: backend1
service: backend1-svc
port: 80
- name: backend3
service: backend3-svc
port: 80
subroutes:
- path: "/backends/backend1"
policies:
- name: ingress-mtls-policy
action:
pass: backend1
- path: "/backends/backend3"
action:
pass: backend3
13 changes: 13 additions & 0 deletions tests/data/ingress-mtls/route-subroute/virtual-server-vsr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: virtual-server-route
spec:
host: virtual-server-route.example.com
tls:
secret: tls-secret
routes:
- path: "/backends"
route: backends # implicit namespace
- path: "/backend2"
route: backend2-namespace/backend2
7 changes: 7 additions & 0 deletions tests/data/ingress-mtls/secret/ingress-mtls-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
kind: Secret
metadata:
name: ingress-mtls-secret
apiVersion: v1
type: nginx.org/ca
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQvVENDQXVXZ0F3SUJBZ0lVSzdhbU14OFlLWG1BVG51SkZETDlWS2ZUR2ZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZMHhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeQpZVzVqYVhOamJ6RU9NQXdHQTFVRUNnd0ZUa2RKVGxneEREQUtCZ05WQkFzTUEwdEpRekVXTUJRR0ExVUVBd3dOCmEybGpMbTVuYVc1NExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWoKYjIwd0hoY05NakF3T1RFNE1qQXlOVEkyV2hjTk16QXdPVEUyTWpBeU5USTJXakNCalRFTE1Ba0dBMVVFQmhNQwpWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVE0d0RBWURWUVFLCkRBVk9SMGxPV0RFTU1Bb0dBMVVFQ3d3RFMwbERNUll3RkFZRFZRUUREQTFyYVdNdWJtZHBibmd1WTI5dE1TTXcKSVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmFINVRzaTZzaUFsU085dEJnYmY3VVRwcWowMUhRTlQ2UjhtQy9pCjhLYXFaSW9XSUdvN2xhTW9xTDYydTc4ay9WOHM2Z0FJaU1DSzBjekFvTFhNSnlJQkxQeTg4Yzdtc2xwZXgxTkEKVmRtMkVTVkN6bVlERE1TT3FpVmszWmpYeC9URmo2QzhNRFhhRkZUWFg1dWdtbWdscnFCWlh0OVI5VVBwVTJMNwo1bEZ0NlJ2R3VGczgvbVZORVR5c1A0SFhCWlh2ZE9mdG1YWUkvK01hOW5CMzIzNjdmcTI0L0RKZ2YvK2xRbUsxCkJLR3poSTZSc1pSSmdWOXdpK1VuZTBYNjlaS2lLOFdXU3lZS252YnRrcHZuTDA2dGNJaXJZNi80UzZ4Sm1HRVQKZEJUNmVxc0NoSUpQUStWSEp5dTROdnV6WmVCUXpGdmMwNytnUGZkVWZra1FXODhDQXdFQUFhTlRNRkV3SFFZRApWUjBPQkJZRUZKUGdhcnFYa00rdEJ0djVhdndTUWhUQmpTU2VNQjhHQTFVZEl3UVlNQmFBRkpQZ2FycVhrTSt0CkJ0djVhdndTUWhUQmpTU2VNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUIKQUl3WXpoY0s4OWtRL0xGWjZFRHgrQWp2bnJTVSs1cmdwQkgrRjVTNUUyY3pXOE5rNXhySnl0Y0ZUbUtlKzZScwpENHlxeTZSVVFEeWNYaDlPelBjbzgzYTBoeFlCZ1M5MWtJa25wYWF4dndLRDJleWc3UGNnK1lkS1FhZFlMcUY0CmI3cWVtc1FVVkpOWHdkZS9VanRBejlEOTh4dngwM2hQY2Qwb2dzUUhWZ21BZVpFd2l3UzFmTy9WNUE4dTl3MEkKcHlJRTVReXlHcHNpS2dpalpiMmhrS05RVHVJcEhiVnFydVA4eEV6TlFnamhkdS9uUW5OYy9lRUltVUlrQkFUVQpiSHdQc2xwYzVhdVV1TXJxR3lEQ0p2QUJpV3J2SmE3Yi9XcmtDT3FUWVhtR2NGM0w1ZU9FeTBhYkp0M2NNcSs5CnJLTUNVQWlkNG0yNEthWnc3OUk2anNBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
8 changes: 8 additions & 0 deletions tests/data/ingress-mtls/secret/tls-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: tls-secret
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4akNDQWE0Q0NRREZadlNlYVF3b3dEQU5CZ2txaGtpRzl3MEJBUXNGQURBbE1TTXdJUVlEVlFRRERCcDIKYVhKMGRXRnNMWE5sY25abGNpNWxlR0Z0Y0d4bExtTnZiVEFlRncweU1UQTBNVFl4TkRNeU5EZGFGdzB6TVRBMApNVFF4TkRNeU5EZGFNQ1V4SXpBaEJnTlZCQU1NR25acGNuUjFZV3d0YzJWeWRtVnlMbVY0WVcxd2JHVXVZMjl0Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcUROMmRjamdRaWd2UmpGODFSbWcKck9kNEdHbzhUdEx6WmU2RDVLUXdEYjFneXhHVEI5TUNEM0trMHg1YW8zUjRHSnFJSkdjL1hHbVQvQzdlZzc0agprYUVIOHFtbFdUREU3Vm0zcDhuc053aGtMYXBReGtXbHVsMDFjSlBrcmpRNEN4QW1VZ0w2L0FPUWhjSEtlUUsxCmhjUEJSOFJKbkJTNDlJb0lEOEpFdXhVeFp4TW1MMFRBSlhBQzNVNW50dXVPTGtYaGhsNVNhSnQzRkhUUjR1WXIKMHZpYndNbTBKMmkwUitkanZzYnRwT0FFbW5ZN2xjc3cyMU1rY1o4UkZSRVhiOHlsRVo2UUNIOEdFcEF0Nkh0OApWMUJBblpuZFJXWlNhUWRlOEd0WUUydFk1ZFVZMkdFemNTT014VHRueWEzc3puWEJOV0k1WjluV1RtMFQ2SERrCmN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBeDZ0TThObmRXVlhBdlBEWWw4VUg0ZHlqZEg3S3YKMnhueCtRRXR6eDd2VEV0aVBEd04wbmFkTWZSbjRTZjl0U0huTmZSZUhWcXNxZVVRNklGbUdrdERDR0ZCUWtscQp4V1p0aTUzd2c3blJxZncrWnltOW1nWDEyUTdpaGM3Y3d1cUVBSzRWYWVVNXZIcEhvcktFSjBYTkFFM1M2N0d0CmlpdWk4VTIxdHkraUNBd3ZnTUZiSnI2bEEwdlM0VUY0cTl4aTNHZ1JHSFdDdjlsNTFZY2JRSWVnVXQxVXVUNlUKNTRaZ0lBSGJJUENzQ2Z5NTkreEc3Q1VQOUwvb09Vc1IzZWxYVTJES2F4MFJCT29PalJXY3QyVGZlQWx0V0hTOApBNnJ6SUl0VThTK2w1dWNiZVhiVzh0djBRUE5vMU1UMEVvN0lDQ0tqSkZuVlA2eGNtWFV1dkRoVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
vepatel marked this conversation as resolved.
Show resolved Hide resolved
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcUROMmRjamdRaWd2UmpGODFSbWdyT2Q0R0dvOFR0THpaZTZENUtRd0RiMWd5eEdUCkI5TUNEM0trMHg1YW8zUjRHSnFJSkdjL1hHbVQvQzdlZzc0amthRUg4cW1sV1RERTdWbTNwOG5zTndoa0xhcFEKeGtXbHVsMDFjSlBrcmpRNEN4QW1VZ0w2L0FPUWhjSEtlUUsxaGNQQlI4UkpuQlM0OUlvSUQ4SkV1eFV4WnhNbQpMMFRBSlhBQzNVNW50dXVPTGtYaGhsNVNhSnQzRkhUUjR1WXIwdmlid01tMEoyaTBSK2RqdnNidHBPQUVtblk3Cmxjc3cyMU1rY1o4UkZSRVhiOHlsRVo2UUNIOEdFcEF0Nkh0OFYxQkFuWm5kUldaU2FRZGU4R3RZRTJ0WTVkVVkKMkdFemNTT014VHRueWEzc3puWEJOV0k1WjluV1RtMFQ2SERrY3dJREFRQUJBb0lCQUNtTFJIZ0ZISGJhckFwLwpVS0RseW96S1F4eHNxT2FqTGVFQVQyMWFyRS9JZGE3U2NXbGVVY1QxQVFid0dWMEQrR0hEVVZzRWNWN202TmxCCnprM2wyYTB2ZytJSXlzRkR6Vy8rVitGR2UyU0FXeFg0V2lrT3JNZGlIRC9wRjNON2pGZ1hMZy9Wa3A1S1Z4amkKYTVzRjgwWE51dUI1OStCb01lS2NjUzlMUVdTZmliUFUzSDlidm8vWXZRem41ZTc1Y2pVcFA3V2FmY2Y4UzZVKwo0VkJwaC9mQmtCL2lOQk9rOHdZWTJMWkJaTkNaTmVsMy9kVldzNEJwdjY5ODNRU3BLVTdUam9OQ2N4eU9ReFZpCnI0YW9mbmRTQ2ZVN3d1L05oczZGOWQxYmVJVHhmR3RpWTFWYURlQ3BVZGZId0dCSGNjRGlEK1V3UklPZzJQN2YKY0ZSTzZERUNnWUVBM1RqZFZlTU4yZ0tUQVB5aHlETm5IdzEyL0RRRmd5MWc0aExQZmNCUEtxdjBZendhaU9IVQpSZXUyS3dBdWVKeEF1T09vSWVTZjFYYzdUSTZLUlBRVEc1SVNJa294NHVwSHBFeVZXN0JIeWlENmpYa0R5MTh6CmQ0MGRWc1JlMkZXd0pFOTNubkFIVWdvTk11dWdaaE8wa2x0M0EybGViR1JuY1N4TUg3NW94SHNDZ1lFQXdxVEEKY2JRcDVuRnhyL0hsMkVyTVU3SHZ5eG83UnNsVHE3VmNhWE1IT1EzdzZZL2NRampWRnJZMjFzeXpjOWtBblRzQgphbkJsMkE5aUdBdWZaTGlYNmM0dk5KK1dNM093L1lyZHlUTVB5elFBZjhWZUdPMlR0by85UWN3bi9Oa3JwVDJsCktDeERYek55bTlBLzFHNTUva29CVHBTc3ptd3paTFh5TjM1S2lta0NnWUJId0JISnNZTGttc0VqS00wd0tidmcKam5WeEIwNWlaVzF1NWJyMmhsRW0vZTZkNFBpYVBPU2thUGNFcTJKbkxBYXg4T1N2V1grZHRMWSs5bHhTVVBlQgprYmJmK0VDRjRJYXIrMHJXR2k2dW1GT3JYdnlrRVpTWHllVWlKejY3Mjg3dGQvak1Jbm05V2hVOTFyNkhYUXpNCkMyNW1aTjZET1cxemYzS1JPU2l4MFFLQmdHQmJwMW1pMDB0ZHhlWlFYblRoTXA0TWJLV2phc3owUmhPdlNQeDcKRVl4Uk5uNnAxV1NETmhwMFFsbThKT3FvOXdEZmdTZnNWTDdOZnNaZ21wd0dOazVzNERtdzkyNnBTMmw1SWFyRgpPSUJrVWdydTdsSnc2cnRxTlBvcDAzSDlJUHBBdGs1WSsxRlo2dGJ3RldsWTk5UEhWelpMcS9EVTUreG5sbTJhCmU5UmhBb0dCQU1STlFzYk00OGNVTlNQRnh1Y3ZnY3QySFVjRkoweXl1Z3V0cnhvUmZXUEtzWnZwZjA5NnlBS1UKMURLbXdpRStOS0F0S2VHVjlqdHNIZWdocVp5MHkzbkIzc0pkNlZxdnoxSFNGQzNCNStodGMraG4xdU4wOTlDRwpVSElXNnM3ZGI0eW1ULzFCaEJDd1RCYkIxRTQ0Y2FYQzdUa0xmVlJFSjRWbXBkUEpTcFh4Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
24 changes: 24 additions & 0 deletions tests/data/ingress-mtls/spec/virtual-server-mtls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: virtual-server
spec:
host: virtual-server.example.com
tls:
secret: tls-secret
policies:
- name: ingress-mtls-policy
upstreams:
- name: backend2
service: backend2-svc
port: 80
- name: backend1
service: backend1-svc
port: 80
routes:
- path: "/backend1"
action:
pass: backend1
- path: "/backend2"
action:
pass: backend2
22 changes: 22 additions & 0 deletions tests/data/ingress-mtls/standard/virtual-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: virtual-server
spec:
host: virtual-server.example.com
tls:
secret: tls-secret
upstreams:
- name: backend2
service: backend2-svc
port: 80
- name: backend1
service: backend1-svc
port: 80
routes:
- path: "/backend1"
action:
pass: backend1
- path: "/backend2"
action:
pass: backend2
1 change: 1 addition & 0 deletions tests/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ urllib3==1.26.4
pytest-html==3.1.1
pytest-profiling==1.7.0
more-itertools==8.7.0
mock==4.0.3
2 changes: 0 additions & 2 deletions tests/suite/ssl_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
def get_certificate(ip_address, host, port, timeout=10) -> str:
"""
Get tls certificate.

:param ip_address:
:param host:
:param port:
Expand All @@ -35,7 +34,6 @@ def get_certificate(ip_address, host, port, timeout=10) -> str:
def get_server_certificate_subject(ip_address, host, port=443) -> dict:
"""
Get tls certificate subject object.

:param port: default is 443
:param ip_address:
:param host:
Expand Down