Skip to content

Commit

Permalink
add e2e coverage for multi auth
Browse files Browse the repository at this point in the history
  • Loading branch information
anthonyho007 committed Apr 18, 2019
1 parent 7283a01 commit bd694bf
Showing 1 changed file with 64 additions and 0 deletions.
64 changes: 64 additions & 0 deletions test/e2e/annotations/satisfy.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,14 @@ package annotations
import (
"fmt"
"net/http"
"net/url"
"time"

. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/parnurzeal/gorequest"
extensions "k8s.io/api/extensions/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/test/e2e/framework"
)

Expand Down Expand Up @@ -82,4 +84,66 @@ var _ = framework.IngressNginxDescribe("Annotations - SATISFY", func() {
Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", host)))
}
})

It("should allow multiple auth with satisfy any", func() {
host := "auth"

// setup external auth
f.NewHttpbinDeployment()

err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "httpbin", f.Namespace, 1)
Expect(err).NotTo(HaveOccurred())

e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get("httpbin", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())

httpbinIP := e.Subsets[0].Addresses[0].IP

// create basic auth secret at ingress
s := f.EnsureSecret(buildSecret("uname", "pwd", "basic-secret", f.Namespace))

annotations := map[string]string{
// annotations for basic auth at ingress
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": s.Name,
"nginx.ingress.kubernetes.io/auth-realm": "test basic auth",

// annotations for external auth
"nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",

// set satisfy any
"nginx.ingress.kubernetes.io/satisfy": "any",
}

ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
f.EnsureIngress(ing)

f.WaitForNginxServer(host, func(server string) bool {
return Expect(server).Should(ContainSubstring("server_name auth"))
})

// with basic auth cred
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", host).
SetBasicAuth("uname", "pwd").End()

Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusOK))

// reroute to signin if without basic cred
resp, _, errs = gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", host).
RedirectPolicy(func(req gorequest.Request, via []gorequest.Request) error {
return http.ErrUseLastResponse
}).Param("a", "b").Param("c", "d").
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusFound))
Expect(resp.Header.Get("Location")).Should(Equal(fmt.Sprintf("http://%s/auth/start?rd=http://%s%s", host, host, url.QueryEscape("/?a=b&c=d"))))
})
})

0 comments on commit bd694bf

Please sign in to comment.