Skip to content

Commit 9edac6f

Browse files
author
Ali Syed
committed
conformance: add a conformance test for BackendTLSPolicy
Changing a ConfigMap content should be reconciled by the controller.
1 parent a863bd3 commit 9edac6f

File tree

1 file changed

+100
-0
lines changed

1 file changed

+100
-0
lines changed

conformance/tests/backendtlspolicy.go

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,13 @@ limitations under the License.
1717
package tests
1818

1919
import (
20+
"context"
2021
"testing"
2122

23+
"github.com/stretchr/testify/require"
24+
corev1 "k8s.io/api/core/v1"
25+
"sigs.k8s.io/controller-runtime/pkg/client"
26+
2227
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2328
"k8s.io/apimachinery/pkg/types"
2429

@@ -152,5 +157,100 @@ var BackendTLSPolicy = suite.ConformanceTest{
152157
},
153158
})
154159
})
160+
161+
// Verify that changing a ConfigMap content should be reconciled by the controller
162+
t.Run("Changing the content of a ConfigMap should be reconciled by the controller", func(t *testing.T) {
163+
ctx, cancel := context.WithTimeout(context.Background(), suite.TimeoutConfig.DefaultTestTimeout)
164+
defer cancel()
165+
routeNN := types.NamespacedName{Name: "backendtlspolicy", Namespace: ns}
166+
gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
167+
validconfigmap := types.NamespacedName{Name: "tls-checks-ca-certificate", Namespace: ns}
168+
invalidconfigmap := types.NamespacedName{Name: "mismatch-ca-certificate", Namespace: ns}
169+
170+
kubernetes.NamespacesMustBeReady(t, suite.Client, suite.TimeoutConfig, []string{ns})
171+
gwAddr := kubernetes.GatewayAndRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), &gatewayv1.HTTPRoute{}, false, routeNN)
172+
kubernetes.HTTPRouteMustHaveResolvedRefsConditionsTrue(t, suite.Client, suite.TimeoutConfig, routeNN, gwNN)
173+
174+
validPolicyNN := types.NamespacedName{Name: "normative-test", Namespace: ns}
175+
kubernetes.BackendTLSPolicyMustHaveCondition(t, suite.Client, suite.TimeoutConfig, validPolicyNN, gwNN, acceptedCond)
176+
kubernetes.BackendTLSPolicyMustHaveCondition(t, suite.Client, suite.TimeoutConfig, validPolicyNN, gwNN, resolvedRefsCond)
177+
178+
validcm := &corev1.ConfigMap{}
179+
err := suite.Client.Get(ctx, validconfigmap, validcm)
180+
require.NoErrorf(t, err, "failed to get valid configmap")
181+
182+
invalidcm := &corev1.ConfigMap{}
183+
err = suite.Client.Get(ctx, invalidconfigmap, invalidcm)
184+
require.NoErrorf(t, err, "failed to get invalid configmap")
185+
186+
originalCAData := validcm.Data["ca.crt"]
187+
mismatchCAData := invalidcm.Data["ca.crt"]
188+
189+
t.Cleanup(func() {
190+
cleanupCtx, cleanupCancel := context.WithTimeout(context.Background(),
191+
suite.TimeoutConfig.DefaultTestTimeout)
192+
defer cleanupCancel()
193+
194+
currentCM := &corev1.ConfigMap{}
195+
err = suite.Client.Get(cleanupCtx, validconfigmap, currentCM)
196+
if err != nil {
197+
t.Logf("cleanup: error getting ConfigMap: %v", err)
198+
return
199+
}
200+
201+
if currentCM.Data["ca.crt"] != originalCAData {
202+
restored := currentCM.DeepCopy()
203+
restored.Data["ca.crt"] = originalCAData
204+
err = suite.Client.Patch(cleanupCtx, restored, client.MergeFrom(currentCM))
205+
if err != nil {
206+
t.Logf("cleanup: error restoring ConfigMap: %v", err)
207+
}
208+
}
209+
})
210+
h.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
211+
h.ExpectedResponse{
212+
Namespace: ns,
213+
Request: h.Request{
214+
Host: "abc.example.com",
215+
Path: "/backendtlspolicy",
216+
},
217+
Response: h.Response{StatusCodes: []int{200}},
218+
})
219+
220+
mutatedCM := validcm.DeepCopy()
221+
mutatedCM.Data["ca.crt"] = mismatchCAData
222+
err = suite.Client.Patch(ctx, mutatedCM, client.MergeFrom(validcm))
223+
require.NoErrorf(t, err, "failed to mutate ConfigMap")
224+
225+
h.MakeRequestAndExpectFailure(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
226+
h.ExpectedResponse{
227+
Namespace: ns,
228+
Request: h.Request{
229+
Host: "abc.example.com",
230+
Path: "/backendtlspolicy",
231+
SNI: "abc.example.com",
232+
},
233+
})
234+
235+
currentCM := &corev1.ConfigMap{}
236+
err = suite.Client.Get(ctx, validconfigmap, currentCM)
237+
require.NoErrorf(t, err, "failed to get valid configmap")
238+
239+
restoredCM := currentCM.DeepCopy()
240+
restoredCM.Data["ca.crt"] = originalCAData
241+
err = suite.Client.Patch(ctx, restoredCM, client.MergeFrom(currentCM))
242+
require.NoErrorf(t, err, "failed to mutate ConfigMap")
243+
244+
h.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr,
245+
h.ExpectedResponse{
246+
Namespace: ns,
247+
Request: h.Request{
248+
Host: "abc.example.com",
249+
Path: "/backendtlspolicy",
250+
SNI: "abc.example.com",
251+
},
252+
Response: h.Response{StatusCodes: []int{200}},
253+
})
254+
})
155255
},
156256
}

0 commit comments

Comments
 (0)