github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
357834c5b9c3abfafdb7293e43f447deadf46d1f
capsule/e2e/disable_ingress_wildcard_test.go

306 lines
8.2 KiB
Go
Raw Blame History

//+build e2e
// Copyright 2020-2021 Clastix Labs
// SPDX-License-Identifier: Apache-2.0
package e2e
import (
"context"
"errors"
"fmt"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
networkingv1 "k8s.io/api/networking/v1"
networkingv1beta1 "k8s.io/api/networking/v1beta1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating an Ingress with a wildcard when it is denied for the Tenant", func() {
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "denied-ingress-wildcard",
Annotations: map[string]string{
"capsule.clastix.io/deny-wildcard": "true",
},
},
Spec: capsulev1beta1.TenantSpec{
Owners: capsulev1beta1.OwnerListSpec{
{
Name: "scott",
Kind: "User",
},
},
},
}
JustBeforeEach(func() {
EventuallyCreation(func() error {
tnt.ResourceVersion = ""
return k8sClient.Create(context.TODO(), tnt)
}).Should(Succeed())
})
JustAfterEach(func() {
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
})
It("should fail creating an extensions/v1beta1 Ingress with a wildcard hostname", func() {
if err := k8sClient.List(context.Background(), &extensionsv1beta1.IngressList{}); err != nil {
missingAPIError := &meta.NoKindMatchError{}
if errors.As(err, &missingAPIError) {
Skip(fmt.Sprintf("Running test due to unsupported API kind: %s", err.Error()))
}
}
ns := NewNamespace("extensions-v1beta1")
NamespaceCreation(ns, tnt.Spec.Owners[0], defaultTimeoutInterval).Should(Succeed())
ok := &extensionsv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ok",
Namespace: ns.GetName(),
},
Spec: extensionsv1beta1.IngressSpec{
Rules: []extensionsv1beta1.IngressRule{
{
Host: "clastix.io",
IngressRuleValue: extensionsv1beta1.IngressRuleValue{
HTTP: &extensionsv1beta1.HTTPIngressRuleValue{
Paths: []extensionsv1beta1.HTTPIngressPath{
{
Path: "/",
PathType: func(v extensionsv1beta1.PathType) *extensionsv1beta1.PathType {
return &v
}(extensionsv1beta1.PathTypeExact),
Backend: extensionsv1beta1.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ok)
}).Should(Succeed())
ko := &extensionsv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ko",
Namespace: ns.GetName(),
},
Spec: extensionsv1beta1.IngressSpec{
Rules: []extensionsv1beta1.IngressRule{
{
Host: "*.clastix.io",
IngressRuleValue: extensionsv1beta1.IngressRuleValue{
HTTP: &extensionsv1beta1.HTTPIngressRuleValue{
Paths: []extensionsv1beta1.HTTPIngressPath{
{
Path: "/",
PathType: func(v extensionsv1beta1.PathType) *extensionsv1beta1.PathType {
return &v
}(extensionsv1beta1.PathTypeExact),
Backend: extensionsv1beta1.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ko)
}).ShouldNot(Succeed())
})
It("should fail creating an networking.k8s.io/v1beta1 Ingress with a wildcard hostname", func() {
if err := k8sClient.List(context.Background(), &networkingv1beta1.IngressList{}); err != nil {
missingAPIError := &meta.NoKindMatchError{}
if errors.As(err, &missingAPIError) {
Skip(fmt.Sprintf("Running test due to unsupported API kind: %s", err.Error()))
}
}
ns := NewNamespace("networking-v1beta1")
NamespaceCreation(ns, tnt.Spec.Owners[0], defaultTimeoutInterval).Should(Succeed())
ok := &networkingv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ok",
Namespace: ns.GetName(),
},
Spec: networkingv1beta1.IngressSpec{
Rules: []networkingv1beta1.IngressRule{
{
Host: "clastix.io",
IngressRuleValue: networkingv1beta1.IngressRuleValue{
HTTP: &networkingv1beta1.HTTPIngressRuleValue{
Paths: []networkingv1beta1.HTTPIngressPath{
{
Path: "/",
PathType: func(v networkingv1beta1.PathType) *networkingv1beta1.PathType {
return &v
}(networkingv1beta1.PathTypeExact),
Backend: networkingv1beta1.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ok)
}).Should(Succeed())
ko := &extensionsv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ko",
Namespace: ns.GetName(),
},
Spec: extensionsv1beta1.IngressSpec{
Rules: []extensionsv1beta1.IngressRule{
{
Host: "*.clastix.io",
IngressRuleValue: extensionsv1beta1.IngressRuleValue{
HTTP: &extensionsv1beta1.HTTPIngressRuleValue{
Paths: []extensionsv1beta1.HTTPIngressPath{
{
Path: "/",
PathType: func(v extensionsv1beta1.PathType) *extensionsv1beta1.PathType {
return &v
}(extensionsv1beta1.PathTypeExact),
Backend: extensionsv1beta1.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ko)
}).ShouldNot(Succeed())
})
It("should fail creating an networking.k8s.io/v1 Ingress with a wildcard hostname", func() {
if err := k8sClient.List(context.Background(), &networkingv1.IngressList{}); err != nil {
missingAPIError := &meta.NoKindMatchError{}
if errors.As(err, &missingAPIError) {
Skip(fmt.Sprintf("Running test due to unsupported API kind: %s", err.Error()))
}
}
ns := NewNamespace("networking-v1")
NamespaceCreation(ns, tnt.Spec.Owners[0], defaultTimeoutInterval).Should(Succeed())
ok := &networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ok",
Namespace: ns.GetName(),
},
Spec: networkingv1.IngressSpec{
Rules: []networkingv1.IngressRule{
{
Host: "clastix.io",
IngressRuleValue: networkingv1.IngressRuleValue{
HTTP: &networkingv1.HTTPIngressRuleValue{
Paths: []networkingv1.HTTPIngressPath{
{
Path: "/",
PathType: func(v networkingv1.PathType) *networkingv1.PathType {
return &v
}(networkingv1.PathTypeExact),
Backend: networkingv1.IngressBackend{
Service: &networkingv1.IngressServiceBackend{
Name: "foo",
Port: networkingv1.ServiceBackendPort{
Number: 8080,
},
},
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ok)
}).Should(Succeed())
ko := &networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-ko",
Namespace: ns.GetName(),
},
Spec: networkingv1.IngressSpec{
Rules: []networkingv1.IngressRule{
{
Host: "*.clastix.io",
IngressRuleValue: networkingv1.IngressRuleValue{
HTTP: &networkingv1.HTTPIngressRuleValue{
Paths: []networkingv1.HTTPIngressPath{
{
Path: "/",
PathType: func(v networkingv1.PathType) *networkingv1.PathType {
return &v
}(networkingv1.PathTypeExact),
Backend: networkingv1.IngressBackend{
Service: &networkingv1.IngressServiceBackend{
Name: "foo",
Port: networkingv1.ServiceBackendPort{
Number: 8080,
},
},
},
},
},
},
},
},
},
},
}
EventuallyCreation(func() error {
return k8sClient.Create(context.Background(), ko)
}).ShouldNot(Succeed())
})
})
Reference in New Issue View Git Blame Copy Permalink