chore: update httpbin to httpbun (#9919)

Signed-off-by: Spazzy <[email protected]>
kubernetes · May 10, 2023 · 0bdb643 · 0bdb643
1 parent eec4351
commit 0bdb643
Show file tree

Hide file tree

Showing 12 changed files with 215 additions and 117 deletions.
diff --git a/test/data/config.json b/test/data/config.json
@@ -413,7 +413,7 @@
 				"secured": false
 			},
 			"externalAuth": {
-				"url": "https://httpbin.org/basic-auth/user/passwd",
+				"url": "https://httpbun.com/basic-auth/user/passwd",
 				"method": "",
 				"sendBody": false
 			},
@@ -59354,7 +59354,7 @@
 				"secured": false
 			},
 			"externalAuth": {
-				"url": "https://httpbin.org/basic-auth/user/passwd",
+				"url": "https://httpbun.com/basic-auth/user/passwd",
 				"method": "",
 				"sendBody": false
 			},
@@ -60272,4 +60272,4 @@
 			"failTimeout": 0
 		}]
 	}]
-}
+}
diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go
@@ -19,13 +19,14 @@ package annotations
 import (
 	"context"
 	"fmt"
-	"golang.org/x/crypto/bcrypt"
 	"net/http"
 	"net/url"
 	"regexp"
 	"strings"
 	"time"
 
+	"golang.org/x/crypto/bcrypt"
+
 	"github.com/onsi/ginkgo/v2"
 	"github.com/stretchr/testify/assert"
 
@@ -389,10 +390,10 @@ http {
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint")
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint")
 
-			httpbinIP := e.Subsets[0].Addresses[0].IP
+			httpbunIP := e.Subsets[0].Addresses[0].IP
 
 			annotations = map[string]string{
-				"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP),
+				"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbunIP),
 				"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",
 			}
 
@@ -456,21 +457,21 @@ http {
 		var ing *networking.Ingress
 
 		ginkgo.BeforeEach(func() {
-			f.NewHttpbinDeployment()
+			f.NewHttpbunDeployment()
 
-			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
+			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1)
 			assert.Nil(ginkgo.GinkgoT(), err)
 
-			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{})
+			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{})
 			assert.Nil(ginkgo.GinkgoT(), err)
 
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint")
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint")
 
-			httpbinIP := e.Subsets[0].Addresses[0].IP
+			httpbunIP := e.Subsets[0].Addresses[0].IP
 
 			annotations = map[string]string{
-				"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
+				"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP),
 				"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",
 			}
 
@@ -649,20 +650,20 @@ http {
 		var ing *networking.Ingress
 
 		ginkgo.BeforeEach(func() {
-			f.NewHttpbinDeployment()
+			f.NewHttpbunDeployment()
 
-			var httpbinIP string
+			var httpbunIP string
 
-			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
+			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1)
 			assert.Nil(ginkgo.GinkgoT(), err)
 
-			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{})
+			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{})
 			assert.Nil(ginkgo.GinkgoT(), err)
 
-			httpbinIP = e.Subsets[0].Addresses[0].IP
+			httpbunIP = e.Subsets[0].Addresses[0].IP
 
 			annotations = map[string]string{
-				"nginx.ingress.kubernetes.io/auth-url":                   fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
+				"nginx.ingress.kubernetes.io/auth-url":                   fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP),
 				"nginx.ingress.kubernetes.io/auth-signin":                "http://$host/auth/start",
 				"nginx.ingress.kubernetes.io/auth-signin-redirect-param": "orig",
 			}
@@ -728,23 +729,23 @@ http {
 		barPath := "/bar"
 
 		ginkgo.BeforeEach(func() {
-			f.NewHttpbinDeployment()
+			f.NewHttpbunDeployment()
 
-			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
+			err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1)
 			assert.Nil(ginkgo.GinkgoT(), err)
 
 			framework.Sleep(1 * time.Second)
 
-			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{})
+			e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{})
 			assert.Nil(ginkgo.GinkgoT(), err)
 
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint")
 			assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint")
 
-			httpbinIP := e.Subsets[0].Addresses[0].IP
+			httpbunIP := e.Subsets[0].Addresses[0].IP
 
 			annotations := map[string]string{
-				"nginx.ingress.kubernetes.io/auth-url":            fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
+				"nginx.ingress.kubernetes.io/auth-url":            fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP),
 				"nginx.ingress.kubernetes.io/auth-signin":         "http://$host/auth/start",
 				"nginx.ingress.kubernetes.io/auth-cache-key":      "fixed",
 				"nginx.ingress.kubernetes.io/auth-cache-duration": "200 201 401 30m",
@@ -777,7 +778,7 @@ http {
 				Expect().
 				Status(http.StatusOK)
 
-			err := f.DeleteDeployment(framework.HTTPBinService)
+			err := f.DeleteDeployment(framework.HTTPBunService)
 			assert.Nil(ginkgo.GinkgoT(), err)
 			framework.Sleep()
 
@@ -797,7 +798,7 @@ http {
 				Expect().
 				Status(http.StatusOK)
 
-			err := f.DeleteDeployment(framework.HTTPBinService)
+			err := f.DeleteDeployment(framework.HTTPBunService)
 			assert.Nil(ginkgo.GinkgoT(), err)
 			framework.Sleep()
 
@@ -826,7 +827,7 @@ http {
 				Expect().
 				Status(http.StatusOK)
 
-			err := f.DeleteDeployment(framework.HTTPBinService)
+			err := f.DeleteDeployment(framework.HTTPBunService)
 			assert.Nil(ginkgo.GinkgoT(), err)
 			framework.Sleep()
 

diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go
@@ -125,7 +125,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 
 	ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() {
 		f.NewGRPCBinDeployment()
-		f.NewHttpbinDeployment()
+		f.NewHttpbunDeployment()
 
 		host := "echo"
 
@@ -149,19 +149,19 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 		}
 		f.EnsureService(svc)
 
-		err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
+		err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
-		e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{})
+		e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{})
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint")
 		assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint")
 
-		httpbinIP := e.Subsets[0].Addresses[0].IP
+		httpbunIP := e.Subsets[0].Addresses[0].IP
 
 		annotations := map[string]string{
-			"nginx.ingress.kubernetes.io/auth-url":              fmt.Sprintf("http://%s/response-headers?authorization=foo", httpbinIP),
+			"nginx.ingress.kubernetes.io/auth-url":              fmt.Sprintf("http://%s/response-headers?authorization=foo", httpbunIP),
 			"nginx.ingress.kubernetes.io/auth-response-headers": "Authorization",
 			"nginx.ingress.kubernetes.io/backend-protocol":      "GRPC",
 		}

diff --git a/test/e2e/annotations/satisfy.go b/test/e2e/annotations/satisfy.go
@@ -85,15 +85,15 @@ var _ = framework.DescribeAnnotation("satisfy", func() {
 		host := "auth"
 
 		// setup external auth
-		f.NewHttpbinDeployment()
+		f.NewHttpbunDeployment()
 
-		err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
+		err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
-		e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{})
+		e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{})
 		assert.Nil(ginkgo.GinkgoT(), err)
 
-		httpbinIP := e.Subsets[0].Addresses[0].IP
+		httpbunIP := e.Subsets[0].Addresses[0].IP
 
 		// create basic auth secret at ingress
 		s := f.EnsureSecret(buildSecret("uname", "pwd", "basic-secret", f.Namespace))
@@ -105,7 +105,7 @@ var _ = framework.DescribeAnnotation("satisfy", func() {
 			"nginx.ingress.kubernetes.io/auth-realm":  "test basic auth",
 
 			// annotations for external auth
-			"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
+			"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP),
 			"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",
 
 			// set satisfy any

diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go
@@ -19,6 +19,7 @@ package framework
 import (
 	"context"
 	"errors"
+	"fmt"
 	"os"
 	"time"
 
@@ -36,14 +37,18 @@ const EchoService = "echo"
 // SlowEchoService name of the deployment for the echo app
 const SlowEchoService = "slow-echo"
 
-// HTTPBinService name of the deployment for the httpbin app
-const HTTPBinService = "httpbin"
+// HTTPBunService name of the deployment for the httpbun app
+const HTTPBunService = "httpbun"
+
+// NipService name of external service using nip.io
+const NIPService = "external-nip"
 
 type deploymentOptions struct {
 	namespace      string
 	name           string
 	replicas       int
 	svcAnnotations map[string]string
+	image          string
 }
 
 // WithDeploymentNamespace allows configuring the deployment's namespace
@@ -82,18 +87,26 @@ func WithName(n string) func(*deploymentOptions) {
 	}
 }
 
+// WithImage allows configuring the image for the deployments
+func WithImage(i string) func(*deploymentOptions) {
+	return func(o *deploymentOptions) {
+		o.image = i
+	}
+}
+
 // NewEchoDeployment creates a new single replica deployment of the echo server image in a particular namespace
 func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) {
 	options := &deploymentOptions{
 		namespace: f.Namespace,
 		name:      EchoService,
 		replicas:  1,
+		image:     "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a",
 	}
 	for _, o := range opts {
 		o(options)
 	}
 
-	deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a", 80, int32(options.replicas),
+	deployment := newDeployment(options.name, options.namespace, options.image, 80, int32(options.replicas),
 		nil, nil, nil,
 		[]corev1.VolumeMount{},
 		[]corev1.Volume{},
@@ -129,6 +142,85 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) {
 	assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
 }
 
+// BuildNipHost used to generate a nip host for DNS resolving
+func BuildNIPHost(ip string) string {
+	return fmt.Sprintf("%s.nip.io", ip)
+}
+
+// BuildNIPExternalNameService used to generate a service pointing to nip.io to
+// help resolve to an IP address
+func BuildNIPExternalNameService(f *Framework, ip, portName string) *corev1.Service {
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      NIPService,
+			Namespace: f.Namespace,
+		},
+		Spec: corev1.ServiceSpec{
+			ExternalName: BuildNIPHost(ip),
+			Type:         corev1.ServiceTypeExternalName,
+			Ports: []corev1.ServicePort{
+				{
+					Name:       portName,
+					Port:       80,
+					TargetPort: intstr.FromInt(80),
+					Protocol:   "TCP",
+				},
+			},
+		},
+	}
+}
+
+// NewHttpbunDeployment creates a new single replica deployment of the httpbun
+// server image in a particular namespace we return the ip for testing purposes
+func (f *Framework) NewHttpbunDeployment(opts ...func(*deploymentOptions)) string {
+	options := &deploymentOptions{
+		namespace: f.Namespace,
+		name:      HTTPBunService,
+		replicas:  1,
+		image:     "registry.k8s.io/ingress-nginx/e2e-test-httpbun:v20230505-v0.0.1",
+	}
+	for _, o := range opts {
+		o(options)
+	}
+
+	deployment := newDeployment(options.name, options.namespace, options.image, 80, int32(options.replicas),
+		nil, nil, nil,
+		[]corev1.VolumeMount{},
+		[]corev1.Volume{},
+		true,
+	)
+
+	f.EnsureDeployment(deployment)
+
+	service := &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        options.name,
+			Namespace:   options.namespace,
+			Annotations: options.svcAnnotations,
+		},
+		Spec: corev1.ServiceSpec{
+			Ports: []corev1.ServicePort{
+				{
+					Name:       "http",
+					Port:       80,
+					TargetPort: intstr.FromInt(80),
+					Protocol:   corev1.ProtocolTCP,
+				},
+			},
+			Selector: map[string]string{
+				"app": options.name,
+			},
+		},
+	}
+
+	s := f.EnsureService(service)
+
+	err := WaitForEndpoints(f.KubeClientSet, DefaultTimeout, options.name, options.namespace, options.replicas)
+	assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready")
+
+	return s.Spec.ClusterIPs[0]
+}
+
 // NewSlowEchoDeployment creates a new deployment of the slow echo server image in a particular namespace.
 func (f *Framework) NewSlowEchoDeployment() {
 	cfg := `#
@@ -418,11 +510,6 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co
 	return d
 }
 
-// NewHttpbinDeployment creates a new single replica deployment of the httpbin image in a particular namespace.
-func (f *Framework) NewHttpbinDeployment() {
-	f.NewDeployment(HTTPBinService, "registry.k8s.io/ingress-nginx/e2e-test-httpbin@sha256:c6372ef57a775b95f18e19d4c735a9819f2e7bb4641e5e3f27287d831dfeb7e8", 80, 1)
-}
-
 func (f *Framework) NewDeployment(name, image string, port int32, replicas int32) {
 	f.NewDeploymentWithOpts(name, image, port, replicas, nil, nil, nil, nil, nil, true)
 }

diff --git a/test/e2e/security/request_smuggling.go b/test/e2e/security/request_smuggling.go
@@ -50,9 +50,12 @@ server {
 
 		f.UpdateNginxConfigMapData("http-snippet", snippet)
 
+		//TODO: currently using a self hosted HTTPBun instance results in a 499, we
+		//should move away from using httpbun.com once we have the httpbun
+		//deployment as part of the framework
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, map[string]string{
-			"nginx.ingress.kubernetes.io/auth-signin": "https://httpbin.org/uuid",
-			"nginx.ingress.kubernetes.io/auth-url":    "https://httpbin.org/basic-auth/user/passwd",
+			"nginx.ingress.kubernetes.io/auth-signin": "https://httpbun.com/bearer/d4bcba7a-0def-4a31-91a7-47e420adf44b",
+			"nginx.ingress.kubernetes.io/auth-url":    "https://httpbun.com/basic-auth/user/passwd",
 		})
 		f.EnsureIngress(ing)