Fix lua config assessment

kubernetes · Aug 31, 2024 · d049b2e · d049b2e
1 parent 3b12461
commit d049b2e
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 1 deletion.
diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go
@@ -16,6 +16,7 @@ package framework
 import (
 	"context"
 	"crypto/tls"
+	"encoding/json"
 	"fmt"
 	"net"
 	"net/http"
@@ -283,6 +284,15 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) {
 	Sleep(1 * time.Second)
 }
 
+// WaitForLuaConfiguration waits until the nginx configuration contains a particular configuration
+// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space.
+func (f *Framework) WaitForLuaConfiguration(matcher func(jsonCfg map[string]interface{}) bool) {
+	//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
+	err := wait.Poll(Poll, DefaultTimeout, f.matchLuaConditions(matcher))
+	assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx lua configuration condition/s")
+	Sleep(1 * time.Second)
+}
+
 // WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration
 func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) {
 	//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
@@ -326,6 +336,29 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
 	}
 }
 
+func (f *Framework) matchLuaConditions(matcher func(jsonCfg map[string]interface{}) bool) wait.ConditionFunc {
+	return func() (bool, error) {
+		cmd := "cat /etc/nginx/lua/cfg.json"
+
+		o, err := f.ExecCommand(f.pod, cmd)
+		if err != nil {
+			return false, nil
+		}
+
+		if klog.V(10).Enabled() && o != "" {
+			klog.InfoS("Lua", "configuration", o)
+		}
+
+		luaConfig := make(map[string]interface{}) // Use unstructured so we can walk through JSON
+		if err := json.Unmarshal([]byte(o), &luaConfig); err != nil {
+			return false, err
+		}
+
+		// passes the lua interface to the function
+		return matcher(luaConfig), nil
+	}
+}
+
 func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc {
 	return func() (bool, error) {
 		cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to)

diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go
@@ -34,6 +34,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
 	"k8s.io/ingress-nginx/test/e2e/framework"
@@ -107,6 +108,11 @@ var _ = framework.DescribeSetting("OCSP", func() {
 		err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1)
 		assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
 
+		f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+			val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp")
+			return err == nil && ok && val
+		})
+
 		f.WaitForNginxServer(host,
 			func(server string) bool {
 				return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))

diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go
@@ -25,10 +25,11 @@ import (
 	"github.com/onsi/ginkgo/v2"
 	"github.com/stretchr/testify/assert"
 
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
-var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() {
+var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() {
 	f := framework.NewDefaultFramework("settings-tls")
 	host := "settings-tls"
 
@@ -109,6 +110,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 		ginkgo.It("setting max-age parameter", func() {
 			f.UpdateNginxConfigMapData(hstsMaxAge, "86400")
 
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age")
+				return err == nil && ok && val == "86400"
+			})
+
 			f.HTTPTestClientWithTLSConfig(tlsConfig).
 				GET("/").
 				WithURL(f.GetURL(framework.HTTPS)).
@@ -124,6 +130,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})
 
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains")
+				return err == nil && ok && !val
+			})
+
 			f.HTTPTestClientWithTLSConfig(tlsConfig).
 				GET("/").
 				WithURL(f.GetURL(framework.HTTPS)).
@@ -140,6 +151,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				hstsIncludeSubdomains: "false",
 			})
 
+			f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool {
+				val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload")
+				return err == nil && ok && val
+			})
+
 			f.HTTPTestClientWithTLSConfig(tlsConfig).
 				GET("/").
 				WithURL(f.GetURL(framework.HTTPS)).