Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
77 changed files
with
588 additions
and
6,757 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
// +build e2e | ||
|
||
package e2e | ||
|
||
import ( | ||
"context" | ||
"testing" | ||
"time" | ||
|
||
configv1 "github.com/openshift/api/config/v1" | ||
operatorv1 "github.com/openshift/api/operator/v1" | ||
"github.com/openshift/cluster-ingress-operator/pkg/operator/controller" | ||
appsv1 "k8s.io/api/apps/v1" | ||
corev1 "k8s.io/api/core/v1" | ||
"k8s.io/apimachinery/pkg/types" | ||
) | ||
|
||
// Helper function for int32 pointers | ||
func intPtr(s int32) *int32 { | ||
return &s | ||
} | ||
|
||
func TestHstsPolicyWorks(t *testing.T) { | ||
icName := types.NamespacedName{Namespace: operatorNamespace, Name: "hsts-policy"} | ||
domain := icName.Name + "." + dnsConfig.Spec.BaseDomain | ||
|
||
maxAgePolicy := configv1.MaxAgePolicy{LargestMaxAge: intPtr(99999), SmallestMaxAge: intPtr(1)} | ||
hstsPolicy := []configv1.RequiredHSTSPolicy{ | ||
{ | ||
PreloadPolicy: configv1.RequirePreloadPolicy, | ||
IncludeSubDomainsPolicy: configv1.RequireIncludeSubDomains, | ||
MaxAge: maxAgePolicy, | ||
}, | ||
} | ||
ic := newPrivateIngress(icName, domain, hstsPolicy) | ||
if err := kclient.Create(context.TODO(), ic); err != nil { | ||
t.Fatalf("failed to create ingress config %s: %v", icName, err) | ||
} | ||
defer assertIngressConfigDeleted(t, kclient, ic) | ||
|
||
conditions := []operatorv1.OperatorCondition{ | ||
{Type: operatorv1.IngressControllerAvailableConditionType, Status: operatorv1.ConditionTrue}, | ||
{Type: operatorv1.LoadBalancerManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
{Type: operatorv1.DNSManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
} | ||
io := newPrivateController(icName, domain) | ||
if err := kclient.Create(context.TODO(), io); err != nil { | ||
t.Fatalf("failed to create ingresscontroller %s: %v", icName, err) | ||
} | ||
defer assertIngressControllerDeleted(t, kclient, io) | ||
if err := waitForIngressControllerCondition(t, kclient, 5*time.Minute, icName, conditions...); err != nil { | ||
t.Fatalf("failed to observe expected conditions: %v", err) | ||
} | ||
|
||
deployment := &appsv1.Deployment{} | ||
if err := kclient.Get(context.TODO(), controller.RouterDeploymentName(io), deployment); err != nil { | ||
t.Fatalf("failed to get ingresscontroller deployment: %v", err) | ||
} | ||
|
||
service := &corev1.Service{} | ||
if err := kclient.Get(context.TODO(), controller.InternalIngressControllerServiceName(io), service); err != nil { | ||
t.Fatalf("failed to get ingresscontroller service: %v", err) | ||
} | ||
|
||
echoPod := buildEchoPod("hsts-policy-echo", deployment.Namespace) | ||
if err := kclient.Create(context.TODO(), echoPod); err != nil { | ||
t.Fatalf("failed to create pod %s/%s: %v", echoPod.Namespace, echoPod.Name, err) | ||
} | ||
defer func() { | ||
if err := kclient.Delete(context.TODO(), echoPod); err != nil { | ||
t.Fatalf("failed to delete pod %s/%s: %v", echoPod.Namespace, echoPod.Name, err) | ||
} | ||
}() | ||
|
||
echoService := buildEchoService(echoPod.Name, echoPod.Namespace, echoPod.ObjectMeta.Labels) | ||
if err := kclient.Create(context.TODO(), echoService); err != nil { | ||
t.Fatalf("failed to create service %s/%s: %v", echoService.Namespace, echoService.Name, err) | ||
} | ||
defer func() { | ||
if err := kclient.Delete(context.TODO(), echoService); err != nil { | ||
t.Fatalf("failed to delete service %s/%s: %v", echoService.Namespace, echoService.Name, err) | ||
} | ||
}() | ||
|
||
echoRoute := buildRoute(echoPod.Name, echoPod.Namespace, echoService.Name) | ||
|
||
// this should work | ||
echoRoute.Annotations = map[string]string{ | ||
"haproxy.router.openshift.io/hsts_header": "max-age=99999", | ||
} | ||
if err := kclient.Create(context.TODO(), echoRoute); err != nil { | ||
t.Fatalf("failed to create route %s/%s: %v", echoRoute.Namespace, echoRoute.Name, err) | ||
} | ||
|
||
// this should fail | ||
echoRoute.Annotations = map[string]string{ | ||
"haproxy.router.openshift.io/hsts_header": "max-age=99999999", | ||
} | ||
if err := kclient.Create(context.TODO(), echoRoute); err == nil { | ||
t.Fatalf("failed to reject route %s/%s, max-age 99999999", echoRoute.Namespace, echoRoute.Name) | ||
} | ||
|
||
defer func() { | ||
if err := kclient.Delete(context.TODO(), echoRoute); err != nil { | ||
t.Fatalf("failed to delete route %s/%s: %v", echoRoute.Namespace, echoRoute.Name, err) | ||
} | ||
}() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.