diff --git a/test/e2e/annotations/satisfy.go b/test/e2e/annotations/satisfy.go index 3c91e1dce3..5fbfde31d2 100644 --- a/test/e2e/annotations/satisfy.go +++ b/test/e2e/annotations/satisfy.go @@ -19,12 +19,14 @@ package annotations import ( "fmt" "net/http" + "net/url" "time" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/parnurzeal/gorequest" extensions "k8s.io/api/extensions/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/test/e2e/framework" ) @@ -82,4 +84,66 @@ var _ = framework.IngressNginxDescribe("Annotations - SATISFY", func() { Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", host))) } }) + + It("should allow multiple auth with satisfy any", func() { + host := "auth" + + // setup external auth + f.NewHttpbinDeployment() + + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "httpbin", f.Namespace, 1) + Expect(err).NotTo(HaveOccurred()) + + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get("httpbin", metav1.GetOptions{}) + Expect(err).NotTo(HaveOccurred()) + + httpbinIP := e.Subsets[0].Addresses[0].IP + + // create basic auth secret at ingress + s := f.EnsureSecret(buildSecret("uname", "pwd", "basic-secret", f.Namespace)) + + annotations := map[string]string{ + // annotations for basic auth at ingress + "nginx.ingress.kubernetes.io/auth-type": "basic", + "nginx.ingress.kubernetes.io/auth-secret": s.Name, + "nginx.ingress.kubernetes.io/auth-realm": "test basic auth", + + // annotations for external auth + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", + + // set satisfy any + "nginx.ingress.kubernetes.io/satisfy": "any", + } + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, func(server string) bool { + return Expect(server).Should(ContainSubstring("server_name auth")) + }) + + // with basic auth cred + resp, _, errs := gorequest.New(). + Get(f.GetURL(framework.HTTP)). + Retry(10, 1*time.Second, http.StatusNotFound). + Set("Host", host). + SetBasicAuth("uname", "pwd").End() + + Expect(errs).Should(BeEmpty()) + Expect(resp.StatusCode).Should(Equal(http.StatusOK)) + + // reroute to signin if without basic cred + resp, _, errs = gorequest.New(). + Get(f.GetURL(framework.HTTP)). + Retry(10, 1*time.Second, http.StatusNotFound). + Set("Host", host). + RedirectPolicy(func(req gorequest.Request, via []gorequest.Request) error { + return http.ErrUseLastResponse + }).Param("a", "b").Param("c", "d"). + End() + Expect(errs).Should(BeEmpty()) + Expect(resp.StatusCode).Should(Equal(http.StatusFound)) + Expect(resp.Header.Get("Location")).Should(Equal(fmt.Sprintf("http://%s/auth/start?rd=http://%s%s", host, host, url.QueryEscape("/?a=b&c=d")))) + }) })