Merge pull request #62502 from nicksardo/update-ingress-util

Automatic merge from submit-queue (batch tested with PRs 62503, 62502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix ingress util for setting TLS spec

**What this PR does / why we need it**:
Fixes an issue with ingress TLS testing.  For most tests, we want to only provide one certificate and verify it's being served. In some tests (including a conformance test), a new certificate was added; but only the first certificate was asserted. 

This is because the multi-TLS test uses `WaitForIngressWithCert()` while the other tests use `WaitForGivenIngressWithTimeout`.

**Special notes for your reviewer**:
/assign rramkumar1
/cc rramkumar1

**Release note**:
```release-note
NONE
```

test/e2e/framework/ingress_utils.go

@@ -183,7 +183,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m
 		},
 		{
 			fmt.Sprintf("should terminate TLS for host %v", tlsHost),
-			func() { jig.AddHTTPS(tlsSecretName, tlsHost) },
+			func() { jig.SetHTTPS(tlsSecretName, tlsHost) },
 			fmt.Sprintf("waiting for HTTPS updates to reflect in ingress"),
 		},
 		{
@@ -241,7 +241,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m
 					}
 					ing.Spec.Rules = newRules
 				})
-				jig.AddHTTPS(tlsSecretName, updatedTLSHost)
+				jig.SetHTTPS(tlsSecretName, updatedTLSHost)
 			},
 			fmt.Sprintf("Waiting for updated certificates to accept requests for host %v", updatedTLSHost),
 		})
@@ -1211,19 +1211,30 @@ func (j *IngressTestJig) Update(update func(ing *extensions.Ingress)) {
 	Failf("too many retries updating ingress %s/%s", ns, name)
 }
 
-// AddHTTPS updates the ingress to use this secret for these hosts.
+// AddHTTPS updates the ingress to add this secret for these hosts.
 func (j *IngressTestJig) AddHTTPS(secretName string, hosts ...string) {
 	// TODO: Just create the secret in GetRootCAs once we're watching secrets in
 	// the ingress controller.
 	_, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...)
 	ExpectNoError(err)
-	j.Logger.Infof("Updating ingress %v to use secret %v for TLS termination", j.Ingress.Name, secretName)
+	j.Logger.Infof("Updating ingress %v to also use secret %v for TLS termination", j.Ingress.Name, secretName)
 	j.Update(func(ing *extensions.Ingress) {
 		ing.Spec.TLS = append(ing.Spec.TLS, extensions.IngressTLS{Hosts: hosts, SecretName: secretName})
 	})
 	j.RootCAs[secretName] = cert
 }
 
+// SetHTTPS updates the ingress to use only this secret for these hosts.
+func (j *IngressTestJig) SetHTTPS(secretName string, hosts ...string) {
+	_, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...)
+	ExpectNoError(err)
+	j.Logger.Infof("Updating ingress %v to only use secret %v for TLS termination", j.Ingress.Name, secretName)
+	j.Update(func(ing *extensions.Ingress) {
+		ing.Spec.TLS = []extensions.IngressTLS{{Hosts: hosts, SecretName: secretName}}
+	})
+	j.RootCAs = map[string][]byte{secretName: cert}
+}
+
 // RemoveHTTPS updates the ingress to not use this secret for TLS.
 // Note: Does not delete the secret.
 func (j *IngressTestJig) RemoveHTTPS(secretName string) {

test/e2e/upgrades/ingress.go

@@ -97,7 +97,7 @@ func (t *IngressUpgradeTest) Setup(f *framework.Framework) {
 		framework.IngressStaticIPKey:  t.ipName,
 		framework.IngressAllowHTTPKey: "false",
 	}, map[string]string{})
-	t.jig.AddHTTPS("tls-secret", "ingress.test.com")
+	t.jig.SetHTTPS("tls-secret", "ingress.test.com")
 
 	By("waiting for Ingress to come up with ip: " + t.ip)
 	framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))