1
2
3
4
19
20 package main
21
22 import (
23 "context"
24 "fmt"
25 "strings"
26 "testing"
27 "time"
28
29 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
30 gatewayv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
31 "sigs.k8s.io/gateway-api/apis/v1beta1"
32 )
33
34 func TestBackendTLSPolicyConfig(t *testing.T) {
35 tests := []struct {
36 name string
37 wantErrors []string
38 routeConfig gatewayv1a2.BackendTLSPolicyConfig
39 }{
40 {
41 name: "valid BackendTLSPolicyConfig with WellKnownCACerts",
42 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
43 WellKnownCACerts: ptrTo(gatewayv1a2.WellKnownCACertType("System")),
44 Hostname: "foo.example.com",
45 },
46 wantErrors: []string{},
47 },
48 {
49 name: "valid BackendTLSPolicyConfig with CACertRefs",
50 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
51 CACertRefs: []v1beta1.LocalObjectReference{
52 {
53 Group: "group",
54 Kind: "kind",
55 Name: "name",
56 },
57 },
58 Hostname: "foo.example.com",
59 },
60 wantErrors: []string{},
61 },
62 {
63 name: "invalid BackendTLSPolicyConfig with missing fields",
64 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{},
65 wantErrors: []string{"spec.tls.hostname in body should be at least 1 chars long", "must specify either CACertRefs or WellKnownCACerts"},
66 },
67 {
68 name: "invalid BackendTLSPolicyConfig with both CACertRefs and WellKnownCACerts",
69 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
70 CACertRefs: []v1beta1.LocalObjectReference{
71 {
72 Group: "group",
73 Kind: "kind",
74 Name: "name",
75 },
76 },
77 WellKnownCACerts: ptrTo(gatewayv1a2.WellKnownCACertType("System")),
78 Hostname: "foo.example.com",
79 },
80
81 wantErrors: []string{"must not contain both CACertRefs and WellKnownCACerts"},
82 },
83 {
84 name: "invalid BackendTLSPolicyConfig with Unsupported value for WellKnownCACerts",
85 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
86 WellKnownCACerts: ptrTo(gatewayv1a2.WellKnownCACertType("bar")),
87 Hostname: "foo.example.com",
88 },
89 wantErrors: []string{"supported values: \"System\""},
90 },
91 {
92 name: "invalid BackendTLSPolicyConfig with empty Hostname field",
93 routeConfig: gatewayv1a2.BackendTLSPolicyConfig{
94 CACertRefs: []v1beta1.LocalObjectReference{
95 {
96 Group: "group",
97 Kind: "kind",
98 Name: "name",
99 },
100 },
101 Hostname: "",
102 },
103 wantErrors: []string{"spec.tls.hostname in body should be at least 1 chars long"},
104 },
105 }
106 for _, tc := range tests {
107 t.Run(tc.name, func(t *testing.T) {
108 route := &gatewayv1a2.BackendTLSPolicy{
109 ObjectMeta: metav1.ObjectMeta{
110 Name: fmt.Sprintf("foo-%v", time.Now().UnixNano()),
111 Namespace: metav1.NamespaceDefault,
112 },
113 Spec: gatewayv1a2.BackendTLSPolicySpec{
114 TargetRef: gatewayv1a2.PolicyTargetReferenceWithSectionName{
115 PolicyTargetReference: gatewayv1a2.PolicyTargetReference{
116 Group: "group",
117 Kind: "kind",
118 Name: "name",
119 Namespace: ptrTo(gatewayv1a2.Namespace("ns")),
120 },
121 },
122 TLS: tc.routeConfig,
123 },
124 }
125 validateBackendTLSPolicy(t, route, tc.wantErrors)
126 })
127 }
128 }
129
130 func validateBackendTLSPolicy(t *testing.T, route *gatewayv1a2.BackendTLSPolicy, wantErrors []string) {
131 t.Helper()
132
133 ctx := context.Background()
134 err := k8sClient.Create(ctx, route)
135
136 if (len(wantErrors) != 0) != (err != nil) {
137 t.Fatalf("Unexpected response while creating BackendTLSPolicy %q; got err=\n%v\n;want error=%v", fmt.Sprintf("%v/%v", route.Namespace, route.Name), err, wantErrors)
138 }
139
140 var missingErrorStrings []string
141 for _, wantError := range wantErrors {
142 if !strings.Contains(strings.ToLower(err.Error()), strings.ToLower(wantError)) {
143 missingErrorStrings = append(missingErrorStrings, wantError)
144 }
145 }
146 if len(missingErrorStrings) != 0 {
147 t.Errorf("Unexpected response while creating BackendTLSPolicy %q; got err=\n%v\n;missing strings within error=%q", fmt.Sprintf("%v/%v", route.Namespace, route.Name), err, missingErrorStrings)
148 }
149 }
150
View as plain text