Merge pull request #62052 from nikhiljindal/httpsOnly

Automatic merge from submit-queue (batch tested with PRs 61806, 61508, 62075, 62079, 62052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding an e2e test for verifying https-only annotation with kubemci Fixes https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/issues/142 Refactoring existing GCE ingress test to be reusable with kubemci. Similar to https://github.com/kubernetes/kubernetes/pull/61871 cc @G-Harmon @nicksardo @madhusudancs ```release-note NONE ```
2018-04-03 17:24:32 -07:00 · 2018-04-03 17:24:32 -07:00 · 6cd3c08458
parent 6e3aa7a35e 146b00911a
commit 6cd3c08458
1 changed files with 22 additions and 14 deletions
--- a/test/e2e/network/ingress.go
+++ b/test/e2e/network/ingress.go
@ -120,18 +120,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
 			// ip released when the rest of lb resources are deleted in CleanupGCEIngressController
 			ip := gceController.CreateStaticIP(ns)
 			By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ns, ip))
-
-			jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "static-ip"), ns, map[string]string{
-				framework.IngressStaticIPKey:  ns,
-				framework.IngressAllowHTTPKey: "false",
-			}, map[string]string{})
-
-			By("waiting for Ingress to come up with ip: " + ip)
-			httpClient := framework.BuildInsecureClient(framework.IngressReqTimeout)
-			framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, false))
-
-			By("should reject HTTP traffic")
-			framework.ExpectNoError(framework.PollURL(fmt.Sprintf("http://%v/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, true))
+			executeStaticIPHttpsOnlyTest(f, jig, ns, ip)

 			By("should have correct firewall rule for ingress")
 			fw := gceController.GetFirewallRule()
@ -577,7 +566,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {

 	Describe("GCE [Slow] [Feature:kubemci]", func() {
 		var gceController *framework.GCEIngressController
-		var ipName string
+		var ipName, ipAddress string

 		// Platform specific setup
 		BeforeEach(func() {
@ -597,7 +586,7 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
 			// Kubemci should reserve a static ip if user has not specified one.
 			ipName = "kubemci-" + string(uuid.NewUUID())
 			// ip released when the rest of lb resources are deleted in CleanupGCEIngressController
-			ipAddress := gceController.CreateStaticIP(ipName)
+			ipAddress = gceController.CreateStaticIP(ipName)
 			By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", ipName, ipAddress))
 		})

@ -636,6 +625,11 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
 		It("should create ingress with backend HTTPS", func() {
 			executeBacksideBacksideHTTPSTest(f, jig, ipName)
 		})
+
+		It("should support https-only annotation", func() {
+			executeStaticIPHttpsOnlyTest(f, jig, ipName, ipAddress)
+		})
+
 	})

 	// Time: borderline 5m, slow by design
@ -741,6 +735,20 @@ func executePresharedCertTest(f *framework.Framework, jig *framework.IngressTest
 	Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Unexpected error while waiting for ingress: %v", err))
 }

+func executeStaticIPHttpsOnlyTest(f *framework.Framework, jig *framework.IngressTestJig, ipName, ip string) {
+	jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "static-ip"), f.Namespace.Name, map[string]string{
+		framework.IngressStaticIPKey:  ipName,
+		framework.IngressAllowHTTPKey: "false",
+	}, map[string]string{})
+
+	By("waiting for Ingress to come up with ip: " + ip)
+	httpClient := framework.BuildInsecureClient(framework.IngressReqTimeout)
+	framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%s/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, false))
+
+	By("should reject HTTP traffic")
+	framework.ExpectNoError(framework.PollURL(fmt.Sprintf("http://%s/", ip), "", framework.LoadBalancerPollTimeout, jig.PollInterval, httpClient, true))
+}
+
 func executeBacksideBacksideHTTPSTest(f *framework.Framework, jig *framework.IngressTestJig, staticIPName string) {
 	By("Creating a set of ingress, service and deployment that have backside re-encryption configured")
 	deployCreated, svcCreated, ingCreated, err := jig.SetUpBacksideHTTPSIngress(f.ClientSet, f.Namespace.Name, staticIPName)