From d049b2e652c951820746bced7706a49242553c6d Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sat, 31 Aug 2024 15:17:23 -0500 Subject: [PATCH] Fix lua config assessment --- test/e2e/framework/framework.go | 33 +++++++++++++++++++++++++++++++++ test/e2e/settings/ocsp/ocsp.go | 6 ++++++ test/e2e/settings/tls.go | 18 +++++++++++++++++- 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 6e62a1df3c..9b96ef2cf5 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -16,6 +16,7 @@ package framework import ( "context" "crypto/tls" + "encoding/json" "fmt" "net" "net/http" @@ -283,6 +284,15 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) { Sleep(1 * time.Second) } +// WaitForLuaConfiguration waits until the nginx configuration contains a particular configuration +// `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space. +func (f *Framework) WaitForLuaConfiguration(matcher func(jsonCfg map[string]interface{}) bool) { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated + err := wait.Poll(Poll, DefaultTimeout, f.matchLuaConditions(matcher)) + assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx lua configuration condition/s") + Sleep(1 * time.Second) +} + // WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) { //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated @@ -326,6 +336,29 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b } } +func (f *Framework) matchLuaConditions(matcher func(jsonCfg map[string]interface{}) bool) wait.ConditionFunc { + return func() (bool, error) { + cmd := "cat /etc/nginx/lua/cfg.json" + + o, err := f.ExecCommand(f.pod, cmd) + if err != nil { + return false, nil + } + + if klog.V(10).Enabled() && o != "" { + klog.InfoS("Lua", "configuration", o) + } + + luaConfig := make(map[string]interface{}) // Use unstructured so we can walk through JSON + if err := json.Unmarshal([]byte(o), &luaConfig); err != nil { + return false, err + } + + // passes the lua interface to the function + return matcher(luaConfig), nil + } +} + func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg string) bool) wait.ConditionFunc { return func() (bool, error) { cmd := fmt.Sprintf("cat /etc/nginx/nginx.conf| awk '/%v/,/%v/'", from, to) diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index e4be0751fd..5dcaccc2f3 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -34,6 +34,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/test/e2e/framework" @@ -107,6 +108,11 @@ var _ = framework.DescribeSetting("OCSP", func() { err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") + f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool { + val, ok, err := unstructured.NestedBool(jsonCfg, "enable_ocsp") + return err == nil && ok && val + }) + f.WaitForNginxServer(host, func(server string) bool { return strings.Contains(server, fmt.Sprintf(`server_name %v`, host)) diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go index f5be40d209..1ebf358c18 100644 --- a/test/e2e/settings/tls.go +++ b/test/e2e/settings/tls.go @@ -25,10 +25,11 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/ingress-nginx/test/e2e/framework" ) -var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", func() { +var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers", func() { f := framework.NewDefaultFramework("settings-tls") host := "settings-tls" @@ -109,6 +110,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f ginkgo.It("setting max-age parameter", func() { f.UpdateNginxConfigMapData(hstsMaxAge, "86400") + f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool { + val, ok, err := unstructured.NestedString(jsonCfg, "hsts_max_age") + return err == nil && ok && val == "86400" + }) + f.HTTPTestClientWithTLSConfig(tlsConfig). GET("/"). WithURL(f.GetURL(framework.HTTPS)). @@ -124,6 +130,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f hstsIncludeSubdomains: "false", }) + f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool { + val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_include_subdomains") + return err == nil && ok && !val + }) + f.HTTPTestClientWithTLSConfig(tlsConfig). GET("/"). WithURL(f.GetURL(framework.HTTPS)). @@ -140,6 +151,11 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f hstsIncludeSubdomains: "false", }) + f.WaitForLuaConfiguration(func(jsonCfg map[string]interface{}) bool { + val, ok, err := unstructured.NestedBool(jsonCfg, "hsts_preload") + return err == nil && ok && val + }) + f.HTTPTestClientWithTLSConfig(tlsConfig). GET("/"). WithURL(f.GetURL(framework.HTTPS)).