Go: Bump to v1.22.6. #9991
GitHub Actions / JEST Tests v1.30.0
succeeded
Aug 8, 2024 in 1s
426 passed, 0 failed and 4 skipped
β Β report-e2e-test-suite.xml
430 tests were completed in 2700s with 426 passed, 0 failed and 4 skipped.
Test suite | Passed | Failed | Skipped | Time |
---|---|---|---|---|
nginx-ingress-controller e2e suite | 426β | 4βͺ | 2700s |
β Β nginx-ingress-controller e2e suite
nginx-ingress-controller e2e suite
β
[It] [Setting] keep-alive keep-alive-requests Check the upstream keep alive should set keepalive connection to upstream server
β
[It] [Annotations] cors-* should allow headers for cors
β
[It] [Setting] configmap server-snippet should add global server-snippet and drop annotations per admin config
β
[It] [Annotations] client-body-buffer-size should set client_body_buffer_size to 1M
β
[It] [Service] backend status code 503 should return 503 when all backend service endpoints are unavailable
β
[It] Debug CLI should list the backend servers
β
[It] [Service] backend status code 503 should return 503 when backend service does not exist
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) ports or X-Forwarded-Host check during HTTP tp HTTPS redirection should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection
β
[It] [Annotations] x-forwarded-prefix should not add X-Forwarded-Prefix if the annotation value is empty
β
[It] [Annotations] cors-* should disable cors allow credentials
β
[It] [Annotations] auth-* should not set snippet "proxy_set_header My-Custom-Header 42;" when external auth is not configured
β
[It] [Annotations] rewrite-target use-regex enable-rewrite-log should use correct longest path match
β
[It] [Setting] proxy-read-timeout should set valid proxy read timeouts using configmap values
β
[It] [Setting] log-format-* Check log-format-upstream with log-format-escape-json and log-format-escape-none log-format-escape-json enabled
β
[It] [Annotations] denylist-source-range only deny explicitly denied IPs, allow all others
β
[It] [Ingress] [PathType] exact should choose exact location for /exact
β
[It] [Annotations] affinity session-cookie-name should set cookie with domain
β
[It] [Annotations] proxy-* should set proxy_redirect to hello.com goodbye.com
β
[It] [Annotations] canary-* when canaried by header with value and pattern should routes to mainline upstream when the given Regex causes error
β
[It] [Default Backend] should return 404 sending requests when only a default backend is running
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should proxy_method method when global-auth-method is configured
β
[It] [Annotations] server-alias should return status code 200 for host 'foo' and 404 for 'bar'
β
[It] [Setting] [Security] block-* should block User-Agents defined in the ConfigMap
β
[It] [Annotations] proxy-ssl-* should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES
β
[It] [Flag] ingress-class With watch-ingress-without-class flag should watch Ingress with no class and ignore ingress with a different class
β
[It] [Annotations] upstream-vhost set host to upstreamvhost.bar.com
β
[It] [Annotations] auth-* cookie set by external authentication server user with annotated ingress retains cookie if upstream returns error status code
β
[It] [TCP] tcp-services should expose a TCP service
β
[It] [Setting] log-format-* Check log-format-upstream with log-format-escape-json and log-format-escape-none log-format default escape
β
[It] [Setting] keep-alive keep-alive-requests Check the upstream keep alive should set the request count to upstream server through one keep alive connection
β
[It] [Annotations] canary-* when canaried by weight should route requests only to mainline if canary weight is 0
β
[It] [Annotations] canary-* canary affinity behavior always routes traffic to canary if first request was affinitized to canary (default behavior)
β
[It] [Annotations] backend-protocol - GRPC authorization metadata should be overwritten by external auth response headers
β
[It] [Default Backend] SSL should return a self generated SSL certificate
β
[It] [Annotations] custom-http-errors configures Nginx correctly
β
[It] [Setting] gzip should set gzip_comp_level to 4
β
[It] [Flag] custom HTTP and HTTPS ports with a TLS enabled ingress when external authentication is configured should set the X-Forwarded-Port header to 443
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should set snippet when global external auth is configured
β
[It] [TCP] tcp-services should expose an ExternalName TCP service
β
[It] [Annotations] proxy-* should change the default proxy HTTP version
β
[It] [Annotations] Bad annotation values [BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation
β
[It] [Annotations] Bad annotation values [BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place
β
[It] [Lua] dynamic configuration when only backends change handles endpoints only changes consistently (down scaling of replicas vs. empty service)
β
[It] [Lua] dynamic configuration configures balancer Lua middleware correctly
β
[It] [Annotations] app-root should redirect to /foo
β
[It] [Annotations] service-upstream when using the default value (false) and enabling in the annotations should use the Service Cluster IP and Port
β
[It] global-options should have worker_rlimit_nofile option
β
[It] [Setting] add-headers Add a custom header
β
[It] [Annotations] proxy-* should not set proxy client-max-body-size to incorrect value
β
[It] [Ingress] definition without host should set ingress details variables for ingresses with host without IngressRuleValue, only Backend
β
[It] [Setting] stream-snippet should add stream-snippet and drop annotations per admin config
β
[It] [Setting] hash size Check server names hash size should set server_names_hash_bucket_size
β
[It] [Ingress] definition without host should set ingress details variables for ingresses without a host
β
[It] [Lua] dynamic certificates given an ingress with TLS correctly configured removes HTTPS configuration when we delete TLS spec
β
[It] [Annotations] cors-* should allow origin for cors
β
[It] [Ingress] [PathType] prefix checks should test prefix path using simple regex pattern for /id/{int}
β
[It] [Annotations] auth-* when external authentication is configured should not create additional upstream block when auth-keepalive is set with HTTP/2
β
[It] [Annotations] affinity session-cookie-name should set secure in cookie with provided false annotation on https
β
[It] [Setting] server-tokens should exists Server header in the response when is enabled
β
[It] [Flag] ingress-class With ingress-class-by-name flag should watch Ingress that uses the class name even if spec is different
β
[It] [Ingress] DeepInspection should drop whole ingress if one path matches invalid regex
β
[It] [Annotations] service-upstream when enabling in the configmap and disabling in the annotations should not use the Service Cluster IP and Port
β
[It] [Annotations] auth-* when external authentication with caching is configured should deny login for different location on same server
β
[It] [Admission] admission controller should return an error if there is a forbidden value in some annotation
β
[It] [Admission] admission controller reject ingress with global-rate-limit annotations when memcached is not configured
β
[It] [Admission] admission controller should not return an error if the Ingress V1 definition is valid with Ingress Class
β
[It] [Admission] admission controller should return an error if there is an invalid path and wrong pathType is set
β
[It] [Admission] admission controller should not return an error for an invalid Ingress when it has unknown class
β
[It] [Admission] admission controller should return an error if there is an error validating the ingress definition
β
[It] [Admission] admission controller should allow overlaps of host and paths with canary annotation
β
[It] [Flag] watch namespace selector With specific watch-namespace-selector flags should ignore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar
β
[It] [TopologyHints] topology aware routing should return 200 when service has topology hints
β
[It] [Admission] admission controller should not return an error if the Ingress V1 definition is valid with IngressClass annotation
β
[It] [Admission] admission controller should return an error if the Ingress V1 definition contains invalid annotations
β
[It] [Admission] admission controller should block ingress with invalid path
β
[It] annotation validations should allow ingress based on their risk on webhooks
β
[It] [Admission] admission controller should return an error if there is an invalid value in some annotation
β
[It] annotation validations should allow ingress based on their risk on webhooks
β
[It] [Admission] admission controller should not allow overlaps of host and paths without canary annotations
β
[It] [Flag] ingress-class With default ingress class config should serve Ingress when class is updated between annotation and ingressClassName
β
[It] [Setting] proxy-next-upstream should build proxy next upstream using configmap values
β
[It] [Annotations] canary-* when canaried by weight should route requests only to canary if canary weight is equal to canary weight total
β
[It] [Annotations] backend-protocol should set backend protocol to https:// and use proxy_pass with lowercase annotation
β
[It] [Annotations] cors-* should allow - single origin for multiple cors values
β
[It] [Annotations] canary-* when canary is created should return 404 status for requests to the canary if no matching ingress is found
β
[It] [Setting] [Load Balancer] round-robin should evenly distribute requests with round-robin (default algorithm)
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should return status code 401 when request any protected service
β
[It] [Annotations] affinity session-cookie-name should work with server-alias annotation
β
[It] [Annotations] auth-* with invalid auth-url should deny whole location should add error to the config
β
[It] [Lua] dynamic certificates given an ingress with TLS correctly configured supports requests with domain with trailing dot
β
[It] [Annotations] auth-* should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured
β
[It] Dynamic $proxy_host should exist a proxy_host
β
[It] [Annotations] Bad annotation values [BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation
β
[It] [Annotations] auth-tls-* should validate auth-tls-verify-client
β
[It] [Setting] use-forwarded-headers should not trust X-Forwarded headers when setting is false
β
[It] [Setting] use-proxy-protocol should enable PROXY Protocol for TCP
β
[It] [Annotations] cors-* should not break functionality with extra domain
β
[It] [Setting] access-log http-access-log-path & stream-access-log-path use the specified configuration
β
[It] [SSL] [Flag] default-ssl-certificate uses default ssl certificate for host based ingress when configured certificate does not match host
βͺ [It] [Setting] Geoip2 should only allow requests from specific countries
β
[It] [Annotations] cors-* should set cors methods to only allow POST, GET
β
[It] [Annotations] annotation-global-rate-limit generates correct configuration
β
[It] [Flag] disable-sync-events should create sync events (default)
β
[It] [Flag] disable-catch-all should ignore catch all Ingress with backend
β
[It] [Setting] aio-write should be disabled when setting is false
β
[It] [Annotations] backend-protocol should set backend protocol to https:// and use proxy_pass
β
[It] [Setting] [Security] block-* should block Referers defined in the ConfigMap
β
[It] [Annotations] proxy-* should build proxy next upstream
β
[It] [Service] Type ExternalName should return 200 for service type=ExternalName using a port name
β
[It] [Annotations] upstream-hash-by-* should connect to the same subset of pods
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should set request-redirect when global-auth-request-redirect is configured
β
[It] [Annotations] auth-tls-* should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client
β
[It] [Annotations] service-upstream when enabling in the configmap should use the Service Cluster IP and Port
β
[It] [Annotations] auth-* should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials
β
[It] [Annotations] backend-protocol - FastCGI should add fastcgi_index in the configuration file
β
[It] [Annotations] upstream-hash-by-* should connect to the same pod
β
[It] [Ingress] [PathType] prefix checks should test prefix path using fixed path size regex pattern /id/{int}{3}
β
[It] [Annotations] rewrite-target use-regex enable-rewrite-log should write rewrite logs
β
[It] [Flag] disable-catch-all should delete Ingress updated to catch-all
β
[It] [Annotations] enable-access-log enable-rewrite-log set rewrite_log on
β
[It] [Annotations] cors-* should set cors max-age
β
[It] [Annotations] canary-* when canary is created should route requests to the correct upstream if the mainline ingress is modified
β
[It] [Annotations] auth-* should return status code 401 when authentication is configured with invalid content and Authorization header is sent
β
[It] [Annotations] cors-* should not allow - single origin with port and origin without port
β
[It] [Annotations] auth-* when external authentication with caching is configured should redirect to signin url when not signed in
β
[It] [Annotations] modsecurity owasp should enable modsecurity with snippet and block requests
β
[It] [Annotations] canary-* does not crash when canary ingress has multiple paths to the same non-matching backend
β
[It] [Setting] hash size Check the variable hash size should set variables-hash-max-size
β
[It] [Annotations] proxy-* should set proxy client-max-body-size to 8m
β
[It] [Flag] ingress-class With default ingress class config should ignore Ingress with a different class annotation
β
[It] [Annotations] disable-access-log disable-http-access-log disable-stream-access-log disable-stream-access-log set access_log off
β
[It] [SSL] redirect to HTTPS should redirect from HTTP to HTTPS when secret is missing
β
[It] [Annotations] modsecurity owasp should enable modsecurity globally and with modsecurity-snippet block requests
β
[It] [Setting] [Load Balancer] EWMA does not fail requests
β
[It] [Annotations] proxy-* should turn off proxy-request-buffering
β
[It] [Setting] configmap stream-snippet should add value of stream-snippet via config map to nginx config
β
[It] [Annotations] backend-protocol - GRPC should use grpc_pass in the configuration file
β
[It] [Setting] gzip should set gzip_disable to msie6
β
[It] [Annotations] affinity session-cookie-name should warn user when use-regex is true and session-cookie-path is not set
β
[It] [Annotations] cors-* should allow - matching origin+port with wildcard origin
βͺ [It] [Default Backend] disables access logging for default backend
β
[It] [Annotations] auth-* cookie set by external authentication server user does not retain cookie if upstream returns error status code
β
[It] [Annotations] cors-* should allow correct origins - missing subdomain + origin with wildcard origin and correct origin
β
[It] [Annotations] backend-protocol should set backend protocol to grpc:// and use grpc_pass
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service
β
[It] [Status] status update should update status field after client-go reconnection
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) should configure HSTS policy header overriding what's set from the upstream
β
[It] [Annotations] cors-* should allow correct origin but not others - cors allow origin annotations contain trailing comma
β
[It] [Flag] ingress-class Without IngressClass Cluster scoped Permission should watch Ingress with correct annotation
β
[It] [Annotations] backend-protocol - GRPC should return OK for service with backend protocol GRPC
β
[It] [Annotations] auth-* when external authentication is configured should enable set_all_vars when auth-keepalive-share-vars is true
β
[It] [TCP] tcp-services should reload after an update in the configuration
β
[It] [metrics] exported prometheus metrics exclude socket request metrics are absent
β
[It] [Default Backend] change default settings should apply the annotation to the default backend
β
[It] [Service] Type ExternalName should return 200 for service type=ExternalName using FQDN with trailing dot
β
[It] [Annotations] cors-* should allow correct origins - single origin for multiple cors values
β
[It] [Annotations] affinity session-cookie-name should not set secure in cookie with provided false annotation on http
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) should configure HSTS policy header setting max-age parameter
β
[It] [Annotations] auth-* cookie set by external authentication server user retains cookie by default
β
[It] [Annotations] auth-* when external authentication is configured with a custom redirect param should redirect to signin url when not signed in
β
[It] [Annotations] affinity session-cookie-name should change cookie name on ingress definition change
β
[It] [Setting] main-snippet should add value of main-snippet setting to nginx config
β
[It] [Service] Type ExternalName should update the external name after a service update
β
[It] [Annotations] server-snippet add valid directives to server via server snippet
β
[It] [Annotations] satisfy should allow multiple auth with satisfy any
β
[It] [Annotations] limit-rate Check limit-rate annotation
β
[It] [Setting] Configmap - limit-rate Check limit-rate config
β
[It] [Annotations] cors-* should not allow - unmatching origin with wildcard origin (2 subdomains)
β
[It] [Annotations] canary-* when canary is created should route requests to the correct upstream if mainline ingress is created before the canary ingress
β
[It] [Annotations] affinity session-cookie-name should not set cookie without domain annotation
β
[It] [Lua] dynamic configuration when only backends change handles an annotation change
β
[It] [Annotations] ssl-ciphers should keep ssl ciphers
β
[It] [Setting] reuse-port reuse port should be disabled
β
[It] [Annotations] modsecurity owasp should enable modsecurity when enable-owasp-modsecurity-crs is set to true
β
[It] [Setting] access-log access-log-path use the specified configuration
β
[It] [Annotations] Annotation - limit-connections should limit-connections
β
[It] [Setting] log-format-* Check log-format-escape-json and log-format-escape-none should not configure log-format escape by default
β
[It] [Annotations] auth-* when external authentication is configured should redirect to signin url when not signed in
β
[It] [Annotations] permanent-redirect permanent-redirect-code should respond with a standard redirect code
β
[It] [Ingress] [PathType] prefix checks should return 404 when prefix /aaa does not match request /aaaccc
β
[It] [Setting] enable-multi-accept should be disabled when set to false
β
[It] [Annotations] backend-protocol should set backend protocol to $scheme:// and use proxy_pass
β
[It] [Annotations] auth-* when external authentication is configured should not create additional upstream block when host part of auth-url contains a variable
β
[It] [Annotations] auth-* when external authentication is configured with a custom redirect param keeps processing new ingresses even if one of the existing ingresses is misconfigured
βͺ [It] [Memory Leak] Dynamic Certificates should not leak memory from ingress SSL certificates or configuration updates
β
[It] [Annotations] cors-* should enable cors
β
[It] [Annotations] mirror-* should set mirror-target to https://test.env.com/$request_uri
β
[It] [Flag] custom HTTP and HTTPS ports with a TLS enabled ingress should set X-Forwarded-Port header to 443
β
[It] [Annotations] auth-* when external authentication is configured should overwrite Foo header with auth response
β
[It] [Annotations] canary-* canary affinity behavior always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)
β
[It] [Setting] use-proxy-protocol should enable PROXY Protocol for HTTPS
β
[It] [Annotations] auth-* when external authentication is configured should not create additional upstream block when auth-keepalive is negative
β
[It] [Annotations] disable-access-log disable-http-access-log disable-stream-access-log disable-http-access-log set access_log off
β
[It] [metrics] exported prometheus metrics exclude socket request metrics are present
β
[It] [Annotations] affinitymode Balanced affinity mode should balance
β
[It] [Service] Type ExternalName should return 200 for service type=ExternalName with a port defined
β
[It] [Flag] ingress-class With default ingress class config should ignore Ingress without IngressClass configuration
β
[It] [Annotations] server-alias should return status code 200 for hosts defined in two ingresses, different path with one alias
β
[It] [Annotations] affinity session-cookie-name does not set the path to / on the generated cookie if there's more than one rule referring to the same backend
β
[It] [Annotations] proxy-* should set proxy_redirect to default
β
[It] [Setting] nginx-configuration fails when using alias directive
β
[It] [Setting] [Load Balancer] load-balance should apply the configmap load-balance setting
β
[It] [Flag] disable-catch-all should allow Ingress with rules
β
[It] [Annotations] connection-proxy-header set connection header to keep-alive
β
[It] [Security] request smuggling should not return body content from error_page
β
[It] [Annotations] client-body-buffer-size should set client_body_buffer_size to 1m
β
[It] [Annotations] modsecurity owasp should enable modsecurity
β
[It] single ingress - multiple hosts should set the correct $service_name NGINX variable
β
[It] [Annotations] backend-protocol should set backend protocol to grpcs:// and use grpc_pass
β
[It] [Annotations] ssl-ciphers should change ssl ciphers
β
[It] [Annotations] server-alias should return status code 200 for host 'foo' and 'bar'
β
[It] plugins should exist a x-hello-world header
β
[It] [SSL] secret update should return the fake SSL certificate if the secret is invalid
β
[It] [Setting] enable-real-ip should not trust X-Forwarded-For header when setting is false
β
[It] [Annotations] auth-* should return status code 200 when authentication is configured and Authorization header is sent
β
[It] [Service] Nil Service Backend should return 404 when backend service is nil
β
[It] [Setting] hash size Check the variable hash size should set variables-hash-bucket-size
β
[It] [Lua] dynamic certificates picks up the certificate when we add TLS spec to existing ingress
β
[It] [Flag] ingress-class With default ingress class config should serve Ingress when class is added
β
[It] [Annotations] default-backend when default backend annotation is enabled should use a custom default backend as upstream
β
[It] [Annotations] auth-tls-* should return 403 using auth-tls-match-cn with no matching CN from client
β
[It] [Annotations] from-to-www-redirect should redirect from www HTTPS to HTTPS
β
[It] [Annotations] auth-tls-* should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret
β
[It] [Annotations] client-body-buffer-size should not set client_body_buffer_size to invalid 1b
β
[It] [Annotations] affinity session-cookie-name should set cookie with expires
β
[It] [Annotations] enable-access-log enable-rewrite-log set access_log off
β
[It] [Annotations] canary-* when canary is created should route requests to the correct upstream if mainline ingress is created after the canary ingress
β
[It] [Setting] use-proxy-protocol should respect proto passed by the PROXY Protocol server port
β
[It] [Annotations] affinity session-cookie-name should set secure in cookie with provided true annotation on http
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should add custom error page when global-auth-signin url is configured
β
[It] [Setting] settings-global-rate-limit generates correct NGINX configuration
β
[It] [Annotations] auth-tls-* should 302 redirect to error page instead of 400 when auth-tls-error-page is set
β
[It] [Setting] [Security] no-auth-locations should return status code 200 when accessing '/' authentication
β
[It] [Setting] log-format-* Check log-format-upstream with log-format-escape-json and log-format-escape-none log-format-escape-none enabled
β
[It] [Annotations] auth-* when external authentication is configured with a custom redirect param should return status code 200 when signed in
β
[It] [Setting] [Lua] lua-shared-dicts configures lua shared dicts
β
[It] [Setting] enable-multi-accept should be enabled by default
β
[It] [Annotations] proxy-* should not set invalid proxy timeouts
β
[It] [Setting] aio-write should be enabled by default
β
[It] [Annotations] proxy-* should setup proxy cookies
β
[It] [Setting] [Security] global-auth-url cookie set by external authentication server user does not retain cookie if upstream returns error status code
β
[It] [Annotations] proxy-ssl-* should set valid proxy-ssl-secret, proxy-ssl-protocols
β
[It] [Setting] aio-write should be enabled when setting is true
β
[It] [Flag] ingress-class With default ingress class config should ignore Ingress with different controller class
β
[It] [Annotations] canary-* when canaried by cookie respects always and never values
β
[It] [Setting] proxy-send-timeout should not set invalid proxy send timeouts using configmap values
β
[It] [Annotations] canary-* when canaried by weight should route requests only to canary if canary weight is 100
β
[It] [Annotations] modsecurity owasp should enable modsecurity through the config map but ignore snippet as disabled by admin
β
[It] [Annotations] canary-* when canaried by weight should route requests split between mainline and canary if canary weight is 50
β
[It] [Setting] ssl-ciphers Add ssl ciphers
β
[It] [Setting] stream-snippet should add value of stream-snippet to nginx config
β
[It] [Annotations] canary-* canary affinity behavior routes traffic to either mainline or canary backend (legacy behavior)
β
[It] [Annotations] auth-tls-* should reload the nginx config when auth-tls-match-cn is updated
β
[It] [Annotations] configuration-snippet set snippet more_set_headers in all locations
β
[It] [Setting] hash size Check server names hash size should set server_names_hash_max_size
β
[It] [Annotations] canary-* when canary is created should response with a 200 status from the mainline upstream when requests are made to the mainline ingress
β
[It] [Annotations] cors-* should allow - missing origins (should allow all origins)
β
[It] [Setting] keep-alive keep-alive-requests Check the upstream keep alive should set keep alive connection timeout to upstream server
β
[It] [Annotations] denylist-source-range only allow explicitly allowed IPs, deny all others
β
[It] [Annotations] backend-protocol - GRPC should return OK for service with backend protocol GRPCS
β
[It] [Annotations] modsecurity owasp should enable modsecurity with snippet
β
[It] [SSL] [Flag] default-ssl-certificate uses default ssl certificate for catch-all ingress
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) should configure HSTS policy header setting preload parameter
β
[It] Debug CLI should produce valid JSON for /dbg general
β
[It] [Annotations] force-ssl-redirect should redirect to https
β
[It] [Flag] ingress-class Without IngressClass Cluster scoped Permission should ignore Ingress with only IngressClassName
β
[It] [Annotations] affinity session-cookie-name should set sticky cookie SERVERID
β
[It] Debug CLI should get information for a specific backend server
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) ports or X-Forwarded-Host check during HTTP tp HTTPS redirection should not use ports during the HTTP to HTTPS redirection
β
[It] [Annotations] rewrite-target use-regex enable-rewrite-log should fail to use longest match for documented warning
β
[It] [Setting] gzip should be disabled by default
β
[It] [Setting] keep-alive keep-alive-requests Check the keep alive should set keepalive_timeout
β
[It] [Annotations] cors-* should allow - matching origin with wildcard origin (2 subdomains)
β
[It] [Annotations] cors-* should allow - single origin with required port
β
[It] [Annotations] affinity session-cookie-name should set sticky cookie without host
β
[It] [Annotations] auth-* should set "proxy_set_header 'My-Custom-Header' '42';" when auth-headers are set
β
[It] [Annotations] canary-* when canaried by weight should route requests split between mainline and canary if canary weight is 100 and weight total is 200
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should still return status code 200 after auth backend is deleted using cache
β
[It] [Setting] log-format-* Check log-format-escape-json and log-format-escape-none should enable the log-format-escape-json
β
[It] [Annotations] rewrite-target use-regex enable-rewrite-log should use ~* location modifier if regex annotation is present
β
[It] [Annotations] backend-protocol - FastCGI should add fastcgi_param in the configuration file
β
[It] [Setting] access-log stream-access-log-path use the specified configuration
β
[It] [Setting] nginx-configuration fails when using root directive
β
[It] [Lua] dynamic certificates given an ingress with TLS correctly configured picks up the updated certificate without reloading
β
[It] [Annotations] canary-* when canaried by header with value should route requests to the correct upstream
β
[It] Configure Opentelemetry should not exists opentelemetry directive
β
[It] [Shutdown] ingress controller should shutdown in less than 60 secons without pending connections
β
[It] [Flag] disable-sync-events should create sync events
β
[It] [Ingress] [PathType] prefix checks should test prefix path using regex pattern for /id/{int} ignoring non-digits characters at end of string
β
[It] [Annotations] satisfy should configure satisfy directive correctly
β
[It] Configure Opentelemetry should exists opentelemetry directive when is enabled
β
[It] [Setting] [Security] block-* should block CIDRs defined in the ConfigMap
β
[It] [Flag] disable-service-external-name should ignore services of external-name type
β
[It] [Annotations] cors-* should not break functionality - without `*`
β
[It] [Annotations] auth-tls-* should return 200 using auth-tls-match-cn with matching CN from client
β
[It] [Setting] access-log http-access-log-path use the specified configuration
β
[It] Configure Opentelemetry should exists opentelemetry_operation_name directive when is configured
β
[It] [Annotations] cors-* should expose headers for cors
β
[It] [Annotations] affinity session-cookie-name should work with use-regex annotation and session-cookie-path
β
[It] [Annotations] disable-proxy-intercept-errors configures Nginx correctly
β
[It] [Annotations] auth-tls-* should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2
β
[It] [Endpointslices] long service name should return 200 when service name has max allowed number of characters 63
β
[It] [Annotations] backend-protocol - FastCGI should use fastcgi_pass in the configuration file
β
[It] [Annotations] modsecurity owasp should disable modsecurity
β
[It] [Annotations] proxy-ssl-* should set valid proxy-ssl-secret
β
[It] [Setting] proxy-read-timeout should not set invalid proxy read timeouts using configmap values
β
[It] [Flag] ingress-class With default ingress class config should delete Ingress when class is removed
β
[It] [Annotations] rewrite-target use-regex enable-rewrite-log should allow for custom rewrite parameters
β
[It] [Lua] dynamic configuration when only backends change handles endpoints only changes
β
[It] [Setting] hash size Check proxy header hash size should set proxy-headers-hash-bucket-size
β
[It] [Setting] [Security] global-auth-url cookie set by external authentication server user retains cookie by default
β
[It] [Setting] server-tokens should not exists Server header in the response
β
[It] [Setting] [Security] no-auth-locations should return status code 200 when accessing '/noauth' unauthenticated
β
[It] [Setting] log-format-* Check log-format-escape-json and log-format-escape-none should disable the log-format-escape-none
β
[It] [Setting] access-log access-log-path use the default configuration
β
[It] [Service] Type ExternalName works with external name set to incomplete fqdn
β
[It] [Annotations] auth-* should return status code 503 when authentication is configured with an invalid secret
β
[It] [Setting] gzip should be enabled with default settings
β
[It] [Annotations] server-snippet drops server snippet if disabled by the administrator
β
[It] [Annotations] cors-* should not match
β
[It] [Setting] gzip should set gzip_types to text/html
β
[It] [Flag] enable-ssl-passthrough With enable-ssl-passthrough enabled should enable ssl-passthrough-proxy-port on a different port
β
[It] global-options should have worker_rlimit_nofile option and be independent on amount of worker processes
β
[It] [Annotations] Bad annotation values [BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass
β
[It] [Setting] log-format-* Check log-format-escape-json and log-format-escape-none should enable the log-format-escape-none
β
[It] brotli should only compress responses that meet the `brotli-min-length` condition
β
[It] [Default Backend] custom service uses custom default backend that returns 200 as status code
β
[It] [Annotations] from-to-www-redirect should redirect from www HTTP to HTTP
β
[It] Dynamic $proxy_host should exist a proxy_host using the upstream-vhost annotation value
β
[It] [Service] Type ExternalName should return status 502 for service type=ExternalName with an invalid host
β
[It] [Annotations] auth-tls-* should pass URL-encoded certificate to upstream
β
[It] [Annotations] auth-* should return status code 200 when authentication is configured with a map and Authorization header is sent
βͺ [It] [Default Backend] enables access logging for default backend
β
[It] [Annotations] proxy-* should set valid proxy timeouts
β
[It] [Annotations] auth-* should set cache_key when external auth cache is configured
β
[It] [Annotations] auth-* when external authentication is configured keeps processing new ingresses even if one of the existing ingresses is misconfigured
β
[It] [Annotations] auth-* should return status code 401 when authentication is configured but Authorization header is not configured
β
[It] [Setting] OCSP should enable OCSP and contain stapling information in the connection
β
[It] [Flag] disable-catch-all should ignore catch all Ingress with backend and rules
β
[It] [Lua] dynamic certificates given an ingress with TLS correctly configured falls back to using default certificate when secret gets deleted without reloading
β
[It] [Annotations] configuration-snippet drops snippet more_set_header in all locations if disabled by admin
β
[It] [Flag] ingress-class With default ingress class config should accept both Ingresses with default IngressClassName and IngressClass annotation
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) should configure TLS protocol setting cipher suite
β
[It] [Annotations] affinity session-cookie-name should set the path to /something on the generated cookie
β
[It] [Annotations] canary-* when canaried by header with no value should route requests to the correct upstream
β
[It] [Lua] dynamic certificates picks up the previously missing secret for a given ingress without reloading
β
[It] [Setting] hash size Check proxy header hash size should set proxy-headers-hash-max-size
β
[It] [Annotations] client-body-buffer-size should set client_body_buffer_size to 1000
β
[It] [Annotations] canary-* when canaried by header with value and pattern should route requests to the correct upstream
β
[It] [Shutdown] Grace period shutdown /healthz should return status code 500 during shutdown grace period
β
[It] [Annotations] cors-* should not allow - single origin without port and origin with required port
β
[It] [Annotations] allowlist-source-range should set valid ip allowlist range
β
[It] [Setting] gzip should set gzip_min_length to 100
β
[It] [Flag] enable-ssl-passthrough With enable-ssl-passthrough enabled should pass unknown traffic to default backend and handle known traffic
β
[It] [Ingress] [PathType] prefix checks should correctly route multi-segment path patterns
β
[It] [Flag] custom HTTP and HTTPS ports with a plain HTTP ingress should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port
β
[It] [Annotations] x-forwarded-prefix should set the X-Forwarded-Prefix to the annotation value
β
[It] [Annotations] modsecurity owasp should disable default modsecurity conf setting when modsecurity-snippet is specified
β
[It] [Setting] Add no tls redirect locations Check no tls redirect locations config
β
[It] [Annotations] auth-* when external authentication is configured should disable set_all_vars when auth-keepalive-share-vars is not set
β
[It] [Annotations] proxy-* should set proxy_redirect to off
β
[It] [Annotations] preserve-trailing-slash should allow preservation of trailing slashes
β
[It] [Setting] proxy-connect-timeout should not set invalid proxy timeouts using configmap values
β
[It] [Annotations] backend-protocol should set backend protocol to '' and use fastcgi_pass
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service
β
[It] [Annotations] cors-* should not allow - single origin for multiple cors values
β
[It] [Annotations] client-body-buffer-size should set client_body_buffer_size to 1K
β
[It] [Annotations] canary-* when canaried by header with value and pattern should route requests to the correct upstream
β
[It] [Setting] reuse-port reuse port should be enabled
β
[It] [Annotations] auth-* should return status code 200 when no authentication is configured
β
[It] [Annotations] auth-* when external authentication with caching is configured should return status code 200 when signed in after auth backend is deleted
β
[It] [Annotations] mirror-* should set mirror-target to http://localhost/mirror
β
[It] [Service] Type ExternalName should sync ingress on external name service addition/deletion
β
[It] [Annotations] auth-* when external authentication with caching is configured should deny login for different servers
β
[It] [Setting] enable-real-ip trusts X-Forwarded-For header only when setting is true
β
[It] [Setting] use-proxy-protocol should respect port passed by the PROXY Protocol
β
[It] [Annotations] canary-* Single canary Ingress should not use canary as a catch-all server
β
[It] [Annotations] permanent-redirect permanent-redirect-code should respond with a custom redirect code
β
[It] [Annotations] modsecurity owasp should enable modsecurity through the config map
β
[It] [Annotations] modsecurity owasp should disable modsecurity using 'modsecurity off;'
β
[It] [Annotations] mirror-* should disable mirror-request-body
β
[It] [Setting] hash size Check the map hash size should set vmap-hash-bucket-size
β
[It] [Ingress] [PathType] mix Exact and Prefix paths should choose the correct location
β
[It] [Setting] [SSL] TLS protocols, ciphers and headers) should configure HSTS policy header setting includeSubDomains parameter
β
[It] Configure Opentelemetry should not exists opentelemetry_operation_name directive when is empty
β
[It] [Setting] configmap server-snippet should add value of server-snippet setting to all ingress config
β
[It] [Setting] proxy-connect-timeout should set valid proxy timeouts using configmap values
β
[It] [Flag] ingress-class With specific ingress-class flags should ignore Ingress with no class and accept the correctly configured Ingresses
β
[It] [Annotations] canary-* when canary is created should route requests to the correct upstream if the canary ingress is modified
β
[It] [Setting] nginx-configuration start nginx with default configuration
β
[It] [Annotations] cors-* should not allow - portless origin with wildcard origin
β
[It] [Setting] [Security] no-auth-locations should return status code 401 when accessing '/' unauthentication
β
[It] [Annotations] proxy-ssl-* should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on
β
[It] Configure Opentelemetry should include opentelemetry_trust_incoming_spans on directive when enabled
β
[It] [Setting] [Security] global-auth-url cookie set by external authentication server user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code
β
[It] [Service] Type ExternalName should return 200 for service type=ExternalName without a port defined
β
[It] [Setting] proxy-send-timeout should set valid proxy send timeouts using configmap values
β
[It] [Setting] enable-multi-accept should be enabled when set to true
β
[It] [Lua] dynamic certificates given an ingress with TLS correctly configured picks up a non-certificate only change
β
[It] [Setting] reuse-port reuse port should be enabled by default
β
[It] [Annotations] canary-* Single canary Ingress should not use canary with domain as a server
β
[It] [Annotations] affinity session-cookie-name should not set affinity across all server locations when using separate ingresses
β
[It] [Setting] log-format-* Check log-format-escape-json and log-format-escape-none should disable the log-format-escape-json
β
[It] [Setting] add-headers Add multiple custom headers
β
[It] [Setting] use-forwarded-headers should trust X-Forwarded headers when setting is true
β
[It] [Annotations] canary-* when canaried by header with value and cookie should route requests to the correct upstream
β
[It] [Flag] disable-sync-events should not create sync events
β
[It] [Setting] [Security] global-auth-url when global external authentication is configured should add auth headers when global-auth-response-headers is configured
β
[It] [Annotations] proxy-ssl-* proxy-ssl-location-only flag should change the nginx config server part
β
[It] [Annotations] disable-access-log disable-http-access-log disable-stream-access-log disable-access-log set access_log off
β
[It] [Setting] keep-alive keep-alive-requests Check the keep alive should set keepalive_requests
β
[It] [Setting] keep-alive keep-alive-requests Check the upstream keep alive should set keepalive time to upstream server
β
[It] [Annotations] auth-* when external authentication is configured should not create additional upstream block when auth-keepalive is not set
β
[It] [Annotations] auth-* with invalid auth-url should deny whole location should return 503 (location was denied)
β
[It] [Annotations] proxy-* should turn on proxy-buffering
β
[It] [Annotations] auth-* should set snippet "proxy_set_header My-Custom-Header 42;" when external auth is configured
β
[It] [Setting] Geoip2 should include geoip2 line in config when enabled and db file exists
β
[It] [SSL] secret update should not appear references to secret updates not used in ingress rules
β
[It] [Setting] Configmap change should reload after an update in the configuration
β
[It] [Setting] [Security] modsecurity-snippet should add value of modsecurity-snippet setting to nginx config
β
[It] [Lua] dynamic configuration when only backends change handles endpoints only changes (down scaling of replicas)
β
[It] [Annotations] auth-* when external authentication is configured should return status code 200 when signed in
β
[It] [Annotations] cors-* should not break functionality
β
[It] [Annotations] client-body-buffer-size should set client_body_buffer_size to 1k
β
[It] [Annotations] backend-protocol - FastCGI should return OK for service with backend protocol FastCGI
β
[It] [Annotations] http2-push-preload enable the http2-push-preload directive
β
[It] [Annotations] modsecurity owasp should enable modsecurity with transaction ID and OWASP rules
β
[It] [Annotations] modsecurity owasp should enable modsecurity without using 'modsecurity on;'
β
[It] [Annotations] auth-* when external authentication is configured should create additional upstream block when auth-keepalive is set with HTTP/1.x
β
[It] [Annotations] affinitymode Check persistent affinity mode
Loading