From 9f3e53e4d05dfd2b730ca2ccd21fbf4b7b549e2c Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Tue, 11 Oct 2022 18:38:37 +0100 Subject: [PATCH 1/8] Remove ipv6 listeners in ingress upstreams when command line argument is used --- internal/configs/ingress.go | 1 + internal/configs/ingress_test.go | 19 +++++++++++++++++++ internal/configs/version1/config.go | 1 - 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/internal/configs/ingress.go b/internal/configs/ingress.go index 303f2e5040..f92700ed88 100644 --- a/internal/configs/ingress.go +++ b/internal/configs/ingress.go @@ -156,6 +156,7 @@ func generateNginxCfg(ingEx *IngressEx, apResources *AppProtectResources, dosRes AppProtectEnable: cfgParams.AppProtectEnable, AppProtectLogEnable: cfgParams.AppProtectLogEnable, SpiffeCerts: cfgParams.SpiffeServerCerts, + DisableIPV6: staticParams.DisableIPV6, } warnings := addSSLConfig(&server, ingEx.Ingress, rule.Host, ingEx.Ingress.Spec.TLS, ingEx.SecretRefs, isWildcardEnabled) diff --git a/internal/configs/ingress_test.go b/internal/configs/ingress_test.go index 1e3aab9eb0..7d689856bf 100644 --- a/internal/configs/ingress_test.go +++ b/internal/configs/ingress_test.go @@ -152,6 +152,25 @@ func TestGenerateNginxCfgWithWildcardTLSSecret(t *testing.T) { } } +func TestGenerateNginxCfgWithIPV6Disabled(t *testing.T) { + t.Parallel() + cafeIngressEx := createCafeIngressEx() + isPlus := false + configParams := NewDefaultConfigParams(isPlus) + + expected := createExpectedConfigForCafeIngressEx(isPlus) + expected.Servers[0].DisableIPV6 = true + + result, warnings := generateNginxCfg(&cafeIngressEx, nil, nil, false, configParams, isPlus, false, &StaticConfigParams{DisableIPV6: true}, false) + + if diff := cmp.Diff(expected, result); diff != "" { + t.Errorf("generateNginxCfg() returned unexpected result (-want +got):\n%s", diff) + } + if len(warnings) != 0 { + t.Errorf("generateNginxCfg() returned warnings: %v", warnings) + } +} + func TestPathOrDefaultReturnDefault(t *testing.T) { t.Parallel() path := "" diff --git a/internal/configs/version1/config.go b/internal/configs/version1/config.go index fb7bfdd6d6..1f3496e82f 100644 --- a/internal/configs/version1/config.go +++ b/internal/configs/version1/config.go @@ -15,7 +15,6 @@ type IngressNginxConfig struct { Keepalive string Ingress Ingress SpiffeClientCerts bool - DisableIPV6 bool } // Ingress holds information about an Ingress resource. From c2e3cb7eb2f0a805ddfcbb8fcf9d265086d1b971 Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Wed, 12 Oct 2022 22:31:59 +0100 Subject: [PATCH 2/8] Add automated tests --- .../disable-ipv6-secret.yaml | 8 ++ .../mergeable/disable-ipv6-ingress.yaml | 54 ++++++++ .../standard/disable-ipv6-ingress.yaml | 29 +++++ tests/suite/test_disable_ipv6_ingress.py | 119 ++++++++++++++++++ 4 files changed, 210 insertions(+) create mode 100644 tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml create mode 100644 tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml create mode 100644 tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml create mode 100644 tests/suite/test_disable_ipv6_ingress.py diff --git a/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml b/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml new file mode 100644 index 0000000000..1779d17c21 --- /dev/null +++ b/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: disable-ipv6-secret +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file diff --git a/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml b/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml new file mode 100644 index 0000000000..9db022b0fe --- /dev/null +++ b/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml @@ -0,0 +1,54 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: disable-ipv6-ingress-master + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeable-ingress-type: "master" +spec: + tls: + - hosts: + - disable-ipv6.example.com + secretName: disable-ipv6-secret + rules: + - host: disable-ipv6.example.com +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: disable-ipv6-ingress-backend1-minion + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeable-ingress-type: "minion" +spec: + rules: + - host: disable-ipv6.example.com + http: + paths: + - path: /backend1 + pathType: Prefix + backend: + service: + name: backend1-svc + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: disable-ipv6-ingress-backend2-minion + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeable-ingress-type: "minion" +spec: + rules: + - host: disable-ipv6.example.com + http: + paths: + - path: /backend2 + pathType: Prefix + backend: + service: + name: backend2-svc + port: + number: 80 diff --git a/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml b/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml new file mode 100644 index 0000000000..fe07babd15 --- /dev/null +++ b/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + name: disable-ipv6-setup-ingress +spec: + ingressClassName: nginx + tls: + - hosts: + - disable-ipv6-setup.example.com + secretName: disable-ipv6-setup-secret + rules: + - host: disable-ipv6-setup.example.com + http: + paths: + - path: /backend2 + pathType: Prefix + backend: + service: + name: backend2-svc + port: + number: 80 + - path: /backend1 + pathType: Prefix + backend: + service: + name: backend1-svc + port: + number: 80 diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py new file mode 100644 index 0000000000..7993004c9c --- /dev/null +++ b/tests/suite/test_disable_ipv6_ingress.py @@ -0,0 +1,119 @@ +import pytest + +from settings import TEST_DATA +from suite.fixtures import PublicEndpoint +from suite.resources_utils import ( + create_example_app, + create_items_from_yaml, + create_secret_from_yaml, + delete_common_app, + delete_items_from_yaml, + delete_secret, + ensure_connection_to_public_endpoint, + get_first_pod_name, + get_ingress_nginx_template_conf, + get_nginx_template_conf, + wait_before_test, + wait_until_all_pods_are_ready, +) +from suite.yaml_utils import get_first_ingress_host_from_yaml, get_name_from_yaml + +paths = ["backend1", "backend2"] + + +class DisableIPV6Setup: + """ + Encapsulate the Disable IPV6 Example details. + + Attributes: + public_endpoint (PublicEndpoint): + ingress_name (str): + ingress_host (str): + ingress_pod_name (str): + namespace (str): + """ + + def __init__(self, + public_endpoint: PublicEndpoint, + ingress_name, + ingress_host, + ingress_pod_name, + namespace): + self.public_endpoint = public_endpoint + self.ingress_host = ingress_host + self.ingress_name = ingress_name + self.ingress_pod_name = ingress_pod_name + self.namespace = namespace + + +@pytest.fixture(scope="class", params=["standard", "mergeable"]) +def disable_ipv6_setup(request, + kube_apis, + ingress_controller_prerequisites, + ingress_controller_endpoint, + ingress_controller, + test_namespace + ) -> DisableIPV6Setup: + print("------------------------- Deploy Disable IPV6 Example -----------------------------------") + secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, + f"{TEST_DATA}/disable-ipv6-ingress/disable-ipv6-secret.yaml") + + create_items_from_yaml(kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", + test_namespace) + ingress_name = get_name_from_yaml(f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml") + ingress_host = get_first_ingress_host_from_yaml( + f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml") + create_example_app(kube_apis, "simple", test_namespace) + wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) + + ensure_connection_to_public_endpoint( + ingress_controller_endpoint.public_ip, + ingress_controller_endpoint.port, + ingress_controller_endpoint.port_ssl, + ) + ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) + + def fin(): + print("Clean up the Disable IPV6 Application:") + delete_common_app(kube_apis, "simple", test_namespace) + delete_items_from_yaml(kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", + test_namespace) + delete_secret(kube_apis.v1, secret_name, test_namespace) + + request.addfinalizer(fin) + + return DisableIPV6Setup(ingress_controller_endpoint, + ingress_name, + ingress_host, + ic_pod_name, + test_namespace) + + +@pytest.mark.ingresses +class TestDisableIPV6: + + @pytest.mark.parametrize( + "ingress_controller", + [ + pytest.param({"extra_args": ["-disable-ipv6"]}, id="one-additional-cli-args"), + + ], + indirect=True, + ) + def test_ipv6_listeners_not_in_config( + self, + kube_apis, + disable_ipv6_setup: DisableIPV6Setup, + ingress_controller_prerequisites, + ): + wait_before_test() + nginx_config = get_nginx_template_conf(kube_apis.v1, ingress_controller_prerequisites.namespace) + upstream_conf = get_ingress_nginx_template_conf( + kube_apis.v1, + disable_ipv6_setup.namespace, + disable_ipv6_setup.ingress_name, + disable_ipv6_setup.ingress_pod_name, + ingress_controller_prerequisites.namespace, + ) + assert "listen [::]:" not in nginx_config + assert "listen [::]:" not in upstream_conf From db3333173c9a34a3e797e706bd5cce39606dfed6 Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Wed, 12 Oct 2022 22:41:40 +0100 Subject: [PATCH 3/8] calculate diff only when test fails and fix linting --- internal/configs/ingress_test.go | 4 +- tests/suite/test_disable_ipv6_ingress.py | 57 +++++++++++------------- 2 files changed, 27 insertions(+), 34 deletions(-) diff --git a/internal/configs/ingress_test.go b/internal/configs/ingress_test.go index 7d689856bf..0da7f9ac25 100644 --- a/internal/configs/ingress_test.go +++ b/internal/configs/ingress_test.go @@ -163,8 +163,8 @@ func TestGenerateNginxCfgWithIPV6Disabled(t *testing.T) { result, warnings := generateNginxCfg(&cafeIngressEx, nil, nil, false, configParams, isPlus, false, &StaticConfigParams{DisableIPV6: true}, false) - if diff := cmp.Diff(expected, result); diff != "" { - t.Errorf("generateNginxCfg() returned unexpected result (-want +got):\n%s", diff) + if !cmp.Equal(expected, result) { + t.Errorf("generateNginxCfg() returned unexpected result (-want +got):\n%s", cmp.Diff(expected, result)) } if len(warnings) != 0 { t.Errorf("generateNginxCfg() returned warnings: %v", warnings) diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py index 7993004c9c..7fca5ac093 100644 --- a/tests/suite/test_disable_ipv6_ingress.py +++ b/tests/suite/test_disable_ipv6_ingress.py @@ -1,5 +1,4 @@ import pytest - from settings import TEST_DATA from suite.fixtures import PublicEndpoint from suite.resources_utils import ( @@ -33,12 +32,7 @@ class DisableIPV6Setup: namespace (str): """ - def __init__(self, - public_endpoint: PublicEndpoint, - ingress_name, - ingress_host, - ingress_pod_name, - namespace): + def __init__(self, public_endpoint: PublicEndpoint, ingress_name, ingress_host, ingress_pod_name, namespace): self.public_endpoint = public_endpoint self.ingress_host = ingress_host self.ingress_name = ingress_name @@ -47,22 +41,26 @@ def __init__(self, @pytest.fixture(scope="class", params=["standard", "mergeable"]) -def disable_ipv6_setup(request, - kube_apis, - ingress_controller_prerequisites, - ingress_controller_endpoint, - ingress_controller, - test_namespace - ) -> DisableIPV6Setup: +def disable_ipv6_setup( + request, + kube_apis, + ingress_controller_prerequisites, + ingress_controller_endpoint, + ingress_controller, + test_namespace, +) -> DisableIPV6Setup: print("------------------------- Deploy Disable IPV6 Example -----------------------------------") - secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, - f"{TEST_DATA}/disable-ipv6-ingress/disable-ipv6-secret.yaml") + secret_name = create_secret_from_yaml( + kube_apis.v1, test_namespace, f"{TEST_DATA}/disable-ipv6-ingress/disable-ipv6-secret.yaml" + ) - create_items_from_yaml(kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", - test_namespace) + create_items_from_yaml( + kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", test_namespace + ) ingress_name = get_name_from_yaml(f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml") ingress_host = get_first_ingress_host_from_yaml( - f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml") + f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml" + ) create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) @@ -76,35 +74,30 @@ def disable_ipv6_setup(request, def fin(): print("Clean up the Disable IPV6 Application:") delete_common_app(kube_apis, "simple", test_namespace) - delete_items_from_yaml(kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", - test_namespace) + delete_items_from_yaml( + kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", test_namespace + ) delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) - return DisableIPV6Setup(ingress_controller_endpoint, - ingress_name, - ingress_host, - ic_pod_name, - test_namespace) + return DisableIPV6Setup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, test_namespace) @pytest.mark.ingresses class TestDisableIPV6: - @pytest.mark.parametrize( "ingress_controller", [ pytest.param({"extra_args": ["-disable-ipv6"]}, id="one-additional-cli-args"), - ], indirect=True, ) def test_ipv6_listeners_not_in_config( - self, - kube_apis, - disable_ipv6_setup: DisableIPV6Setup, - ingress_controller_prerequisites, + self, + kube_apis, + disable_ipv6_setup: DisableIPV6Setup, + ingress_controller_prerequisites, ): wait_before_test() nginx_config = get_nginx_template_conf(kube_apis.v1, ingress_controller_prerequisites.namespace) From 4af823523c683785c874fa6373d95be7cf7a1ff3 Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Thu, 13 Oct 2022 10:10:29 +0100 Subject: [PATCH 4/8] fix typo --- .../standard/disable-ipv6-ingress.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml b/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml index fe07babd15..0d9c0caf22 100644 --- a/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml +++ b/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml @@ -2,15 +2,15 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - name: disable-ipv6-setup-ingress + name: disable-ipv6-ingress spec: ingressClassName: nginx tls: - hosts: - - disable-ipv6-setup.example.com - secretName: disable-ipv6-setup-secret + - disable-ipv6.example.com + secretName: disable-ipv6-secret rules: - - host: disable-ipv6-setup.example.com + - host: disable-ipv6.example.com http: paths: - path: /backend2 From 66899e0e9a42bb854eca4866af17aa0945b9bbec Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:34:49 +0100 Subject: [PATCH 5/8] Remove unnecessary files and variables --- .../disable-ipv6-secret.yaml | 8 --- .../mergeable/disable-ipv6-ingress.yaml | 54 -------------- .../standard/disable-ipv6-ingress.yaml | 29 -------- tests/suite/resources_utils.py | 14 ++-- tests/suite/test_disable_ipv6_ingress.py | 72 ++++++++----------- 5 files changed, 37 insertions(+), 140 deletions(-) delete mode 100644 tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml delete mode 100644 tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml delete mode 100644 tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml diff --git a/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml b/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml deleted file mode 100644 index 1779d17c21..0000000000 --- a/tests/data/disable-ipv6-ingress/disable-ipv6-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: disable-ipv6-secret -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file diff --git a/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml b/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml deleted file mode 100644 index 9db022b0fe..0000000000 --- a/tests/data/disable-ipv6-ingress/mergeable/disable-ipv6-ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: disable-ipv6-ingress-master - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.org/mergeable-ingress-type: "master" -spec: - tls: - - hosts: - - disable-ipv6.example.com - secretName: disable-ipv6-secret - rules: - - host: disable-ipv6.example.com ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: disable-ipv6-ingress-backend1-minion - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.org/mergeable-ingress-type: "minion" -spec: - rules: - - host: disable-ipv6.example.com - http: - paths: - - path: /backend1 - pathType: Prefix - backend: - service: - name: backend1-svc - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: disable-ipv6-ingress-backend2-minion - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.org/mergeable-ingress-type: "minion" -spec: - rules: - - host: disable-ipv6.example.com - http: - paths: - - path: /backend2 - pathType: Prefix - backend: - service: - name: backend2-svc - port: - number: 80 diff --git a/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml b/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml deleted file mode 100644 index 0d9c0caf22..0000000000 --- a/tests/data/disable-ipv6-ingress/standard/disable-ipv6-ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - name: disable-ipv6-ingress -spec: - ingressClassName: nginx - tls: - - hosts: - - disable-ipv6.example.com - secretName: disable-ipv6-secret - rules: - - host: disable-ipv6.example.com - http: - paths: - - path: /backend2 - pathType: Prefix - backend: - service: - name: backend2-svc - port: - number: 80 - - path: /backend1 - pathType: Prefix - backend: - service: - name: backend1-svc - port: - number: 80 diff --git a/tests/suite/resources_utils.py b/tests/suite/resources_utils.py index 75f3616750..e1c036fa7e 100644 --- a/tests/suite/resources_utils.py +++ b/tests/suite/resources_utils.py @@ -239,7 +239,7 @@ def scale_deployment(v1: CoreV1Api, apps_v1_api: AppsV1Api, name, namespace, val now = time.time() wait_until_all_pods_are_ready(v1, namespace) later = time.time() - print(f"All pods came up in {int(later-now)} seconds") + print(f"All pods came up in {int(later - now)} seconds") elif value == 0: replica_num = (apps_v1_api.read_namespaced_deployment_scale(name, namespace)).spec.replicas @@ -933,14 +933,16 @@ def clear_file_contents(v1: CoreV1Api, file_path, pod_name, pod_namespace): ) -def get_nginx_template_conf(v1: CoreV1Api, ingress_namespace) -> str: +def get_nginx_template_conf(v1: CoreV1Api, ingress_namespace: str, ic_pod_name: str = None) -> str: """ Get contents of /etc/nginx/nginx.conf in the pod :param v1: CoreV1Api - :param ingress_namespace: + :param ingress_namespace: str + :param ic_pod_name: str :return: str """ - ic_pod_name = get_first_pod_name(v1, ingress_namespace) + if ic_pod_name is None: + ic_pod_name = get_first_pod_name(v1, ingress_namespace) file_path = "/etc/nginx/nginx.conf" return get_file_contents(v1, file_path, ic_pod_name, ingress_namespace) @@ -1117,7 +1119,7 @@ def create_ingress_controller(v1: CoreV1Api, apps_v1_api: AppsV1Api, cli_argumen before = time.time() wait_until_all_pods_are_ready(v1, namespace) after = time.time() - print(f"All pods came up in {int(after-before)} seconds") + print(f"All pods came up in {int(after - before)} seconds") print(f"Ingress Controller was created with name '{name}'") return name @@ -1160,7 +1162,7 @@ def create_dos_arbitrator( before = time.time() wait_until_all_pods_are_ready(v1, namespace) after = time.time() - print(f"All pods came up in {int(after-before)} seconds") + print(f"All pods came up in {int(after - before)} seconds") print(f"Dos arbitrator was created with name '{name}'") print("create dos svc") diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py index 7fca5ac093..162da2ce1a 100644 --- a/tests/suite/test_disable_ipv6_ingress.py +++ b/tests/suite/test_disable_ipv6_ingress.py @@ -1,6 +1,6 @@ import pytest + from settings import TEST_DATA -from suite.fixtures import PublicEndpoint from suite.resources_utils import ( create_example_app, create_items_from_yaml, @@ -15,52 +15,38 @@ wait_before_test, wait_until_all_pods_are_ready, ) -from suite.yaml_utils import get_first_ingress_host_from_yaml, get_name_from_yaml - -paths = ["backend1", "backend2"] +from suite.yaml_utils import get_name_from_yaml -class DisableIPV6Setup: +class IngressSetup: """ Encapsulate the Disable IPV6 Example details. Attributes: - public_endpoint (PublicEndpoint): ingress_name (str): - ingress_host (str): ingress_pod_name (str): namespace (str): """ - def __init__(self, public_endpoint: PublicEndpoint, ingress_name, ingress_host, ingress_pod_name, namespace): - self.public_endpoint = public_endpoint - self.ingress_host = ingress_host + def __init__(self, ingress_name, ingress_pod_name, namespace): self.ingress_name = ingress_name self.ingress_pod_name = ingress_pod_name self.namespace = namespace -@pytest.fixture(scope="class", params=["standard", "mergeable"]) -def disable_ipv6_setup( - request, - kube_apis, - ingress_controller_prerequisites, - ingress_controller_endpoint, - ingress_controller, - test_namespace, -) -> DisableIPV6Setup: +@pytest.fixture(scope="class") +def ingress_setup( + request, + kube_apis, + ingress_controller_prerequisites, + ingress_controller_endpoint, + ingress_controller, + test_namespace, +) -> IngressSetup: print("------------------------- Deploy Disable IPV6 Example -----------------------------------") - secret_name = create_secret_from_yaml( - kube_apis.v1, test_namespace, f"{TEST_DATA}/disable-ipv6-ingress/disable-ipv6-secret.yaml" - ) - - create_items_from_yaml( - kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", test_namespace - ) - ingress_name = get_name_from_yaml(f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml") - ingress_host = get_first_ingress_host_from_yaml( - f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml" - ) + secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") + create_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) + ingress_name = get_name_from_yaml(f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml") create_example_app(kube_apis, "simple", test_namespace) wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) @@ -74,14 +60,12 @@ def disable_ipv6_setup( def fin(): print("Clean up the Disable IPV6 Application:") delete_common_app(kube_apis, "simple", test_namespace) - delete_items_from_yaml( - kube_apis, f"{TEST_DATA}/disable-ipv6-ingress/{request.param}/disable-ipv6-ingress.yaml", test_namespace - ) + delete_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) delete_secret(kube_apis.v1, secret_name, test_namespace) request.addfinalizer(fin) - return DisableIPV6Setup(ingress_controller_endpoint, ingress_name, ingress_host, ic_pod_name, test_namespace) + return IngressSetup(ingress_name, ic_pod_name, test_namespace) @pytest.mark.ingresses @@ -89,23 +73,25 @@ class TestDisableIPV6: @pytest.mark.parametrize( "ingress_controller", [ - pytest.param({"extra_args": ["-disable-ipv6"]}, id="one-additional-cli-args"), + pytest.param({"extra_args": ["-disable-ipv6"]}), ], indirect=True, ) def test_ipv6_listeners_not_in_config( - self, - kube_apis, - disable_ipv6_setup: DisableIPV6Setup, - ingress_controller_prerequisites, + self, + kube_apis, + ingress_setup: IngressSetup, + ingress_controller_prerequisites, ): wait_before_test() - nginx_config = get_nginx_template_conf(kube_apis.v1, ingress_controller_prerequisites.namespace) + nginx_config = get_nginx_template_conf( + kube_apis.v1, ingress_controller_prerequisites.namespace, ingress_setup.ingress_pod_name + ) upstream_conf = get_ingress_nginx_template_conf( kube_apis.v1, - disable_ipv6_setup.namespace, - disable_ipv6_setup.ingress_name, - disable_ipv6_setup.ingress_pod_name, + ingress_setup.namespace, + ingress_setup.ingress_name, + ingress_setup.ingress_pod_name, ingress_controller_prerequisites.namespace, ) assert "listen [::]:" not in nginx_config From a145c2ca9555d747ad4a46860e80b1267e569016 Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:48:33 +0100 Subject: [PATCH 6/8] fix linting --- tests/suite/test_disable_ipv6_ingress.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py index 162da2ce1a..ab35c8ccde 100644 --- a/tests/suite/test_disable_ipv6_ingress.py +++ b/tests/suite/test_disable_ipv6_ingress.py @@ -1,5 +1,4 @@ import pytest - from settings import TEST_DATA from suite.resources_utils import ( create_example_app, From 7dee8b1ff97fc18e02cb61dd705cb47e1d51dca7 Mon Sep 17 00:00:00 2001 From: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:57:21 +0100 Subject: [PATCH 7/8] fix linting --- tests/suite/test_disable_ipv6_ingress.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py index ab35c8ccde..02f26b9052 100644 --- a/tests/suite/test_disable_ipv6_ingress.py +++ b/tests/suite/test_disable_ipv6_ingress.py @@ -35,12 +35,12 @@ def __init__(self, ingress_name, ingress_pod_name, namespace): @pytest.fixture(scope="class") def ingress_setup( - request, - kube_apis, - ingress_controller_prerequisites, - ingress_controller_endpoint, - ingress_controller, - test_namespace, + request, + kube_apis, + ingress_controller_prerequisites, + ingress_controller_endpoint, + ingress_controller, + test_namespace, ) -> IngressSetup: print("------------------------- Deploy Disable IPV6 Example -----------------------------------") secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") @@ -77,10 +77,10 @@ class TestDisableIPV6: indirect=True, ) def test_ipv6_listeners_not_in_config( - self, - kube_apis, - ingress_setup: IngressSetup, - ingress_controller_prerequisites, + self, + kube_apis, + ingress_setup: IngressSetup, + ingress_controller_prerequisites, ): wait_before_test() nginx_config = get_nginx_template_conf( From 057645e22fd8f1d43c1033a2b44288c030cc042c Mon Sep 17 00:00:00 2001 From: Venktesh Date: Thu, 13 Oct 2022 15:45:29 +0100 Subject: [PATCH 8/8] consolidate ipv6 tests and cosmetic changes --- tests/suite/resources_utils.py | 2 +- tests/suite/test_disable_ipv6.py | 94 ++++++++++++++++++++++- tests/suite/test_disable_ipv6_ingress.py | 97 ------------------------ 3 files changed, 93 insertions(+), 100 deletions(-) delete mode 100644 tests/suite/test_disable_ipv6_ingress.py diff --git a/tests/suite/resources_utils.py b/tests/suite/resources_utils.py index e1c036fa7e..3c0adfb585 100644 --- a/tests/suite/resources_utils.py +++ b/tests/suite/resources_utils.py @@ -933,7 +933,7 @@ def clear_file_contents(v1: CoreV1Api, file_path, pod_name, pod_namespace): ) -def get_nginx_template_conf(v1: CoreV1Api, ingress_namespace: str, ic_pod_name: str = None) -> str: +def get_nginx_template_conf(v1: CoreV1Api, ingress_namespace, ic_pod_name=None) -> str: """ Get contents of /etc/nginx/nginx.conf in the pod :param v1: CoreV1Api diff --git a/tests/suite/test_disable_ipv6.py b/tests/suite/test_disable_ipv6.py index 31d83bb0c9..2102921123 100644 --- a/tests/suite/test_disable_ipv6.py +++ b/tests/suite/test_disable_ipv6.py @@ -1,14 +1,26 @@ import pytest +from settings import TEST_DATA from suite.resources_utils import ( + create_example_app, + create_items_from_yaml, + create_secret_from_yaml, + delete_common_app, + delete_items_from_yaml, + delete_secret, + ensure_connection_to_public_endpoint, get_first_pod_name, + get_ingress_nginx_template_conf, get_nginx_template_conf, get_ts_nginx_template_conf, wait_before_test, + wait_until_all_pods_are_ready, ) from suite.vs_vsr_resources_utils import get_vs_nginx_template_conf +from suite.yaml_utils import get_name_from_yaml @pytest.mark.vs +@pytest.mark.ts @pytest.mark.parametrize( "crd_ingress_controller, virtual_server_setup, transport_server_setup", [ @@ -27,8 +39,8 @@ ], indirect=True, ) -class TestDisableIpv6: - def test_ipv6_is_disabled( +class TestDisableIpv6VsTs: + def test_ipv6_listeners_not_in_config( self, kube_apis, ingress_controller_prerequisites, @@ -56,3 +68,81 @@ def test_ipv6_is_disabled( assert "listen [::]:" not in nginx_config assert "listen [::]:" not in vs_config assert "listen [::]:" not in ts_config + + +class IngressSetup: + """ + Encapsulate the ingress_setup details. + + Attributes: + ingress_name (str): + ingress_pod_name (str): + namespace (str): + """ + + def __init__(self, ingress_name, ingress_pod_name, namespace): + self.ingress_name = ingress_name + self.ingress_pod_name = ingress_pod_name + self.namespace = namespace + + +@pytest.fixture(scope="class") +def ingress_setup( + request, + kube_apis, + ingress_controller_prerequisites, + ingress_controller_endpoint, + ingress_controller, + test_namespace, +) -> IngressSetup: + print("------------------------- Deploy Disable IPV6 Example -----------------------------------") + secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") + create_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) + ingress_name = get_name_from_yaml(f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml") + create_example_app(kube_apis, "simple", test_namespace) + wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) + + ensure_connection_to_public_endpoint( + ingress_controller_endpoint.public_ip, + ingress_controller_endpoint.port, + ingress_controller_endpoint.port_ssl, + ) + ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) + + def fin(): + print("Clean up the Disable IPV6 Application:") + delete_common_app(kube_apis, "simple", test_namespace) + delete_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) + delete_secret(kube_apis.v1, secret_name, test_namespace) + + request.addfinalizer(fin) + + return IngressSetup(ingress_name, ic_pod_name, test_namespace) + + +@pytest.mark.ingresses +@pytest.mark.parametrize( + "ingress_controller", + [ + pytest.param({"extra_args": ["-disable-ipv6=true"]}), + ], + indirect=True, +) +class TestDisableIPV6Ingress: + def test_ipv6_listeners_not_in_config( + self, + kube_apis, + ingress_setup, + ingress_controller_prerequisites, + ): + wait_before_test() + nginx_config = get_nginx_template_conf(kube_apis.v1, ingress_controller_prerequisites.namespace) + upstream_conf = get_ingress_nginx_template_conf( + kube_apis.v1, + ingress_setup.namespace, + ingress_setup.ingress_name, + ingress_setup.ingress_pod_name, + ingress_controller_prerequisites.namespace, + ) + assert "listen [::]:" not in nginx_config + assert "listen [::]:" not in upstream_conf diff --git a/tests/suite/test_disable_ipv6_ingress.py b/tests/suite/test_disable_ipv6_ingress.py deleted file mode 100644 index 02f26b9052..0000000000 --- a/tests/suite/test_disable_ipv6_ingress.py +++ /dev/null @@ -1,97 +0,0 @@ -import pytest -from settings import TEST_DATA -from suite.resources_utils import ( - create_example_app, - create_items_from_yaml, - create_secret_from_yaml, - delete_common_app, - delete_items_from_yaml, - delete_secret, - ensure_connection_to_public_endpoint, - get_first_pod_name, - get_ingress_nginx_template_conf, - get_nginx_template_conf, - wait_before_test, - wait_until_all_pods_are_ready, -) -from suite.yaml_utils import get_name_from_yaml - - -class IngressSetup: - """ - Encapsulate the Disable IPV6 Example details. - - Attributes: - ingress_name (str): - ingress_pod_name (str): - namespace (str): - """ - - def __init__(self, ingress_name, ingress_pod_name, namespace): - self.ingress_name = ingress_name - self.ingress_pod_name = ingress_pod_name - self.namespace = namespace - - -@pytest.fixture(scope="class") -def ingress_setup( - request, - kube_apis, - ingress_controller_prerequisites, - ingress_controller_endpoint, - ingress_controller, - test_namespace, -) -> IngressSetup: - print("------------------------- Deploy Disable IPV6 Example -----------------------------------") - secret_name = create_secret_from_yaml(kube_apis.v1, test_namespace, f"{TEST_DATA}/smoke/smoke-secret.yaml") - create_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) - ingress_name = get_name_from_yaml(f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml") - create_example_app(kube_apis, "simple", test_namespace) - wait_until_all_pods_are_ready(kube_apis.v1, test_namespace) - - ensure_connection_to_public_endpoint( - ingress_controller_endpoint.public_ip, - ingress_controller_endpoint.port, - ingress_controller_endpoint.port_ssl, - ) - ic_pod_name = get_first_pod_name(kube_apis.v1, ingress_controller_prerequisites.namespace) - - def fin(): - print("Clean up the Disable IPV6 Application:") - delete_common_app(kube_apis, "simple", test_namespace) - delete_items_from_yaml(kube_apis, f"{TEST_DATA}/smoke/standard/smoke-ingress.yaml", test_namespace) - delete_secret(kube_apis.v1, secret_name, test_namespace) - - request.addfinalizer(fin) - - return IngressSetup(ingress_name, ic_pod_name, test_namespace) - - -@pytest.mark.ingresses -class TestDisableIPV6: - @pytest.mark.parametrize( - "ingress_controller", - [ - pytest.param({"extra_args": ["-disable-ipv6"]}), - ], - indirect=True, - ) - def test_ipv6_listeners_not_in_config( - self, - kube_apis, - ingress_setup: IngressSetup, - ingress_controller_prerequisites, - ): - wait_before_test() - nginx_config = get_nginx_template_conf( - kube_apis.v1, ingress_controller_prerequisites.namespace, ingress_setup.ingress_pod_name - ) - upstream_conf = get_ingress_nginx_template_conf( - kube_apis.v1, - ingress_setup.namespace, - ingress_setup.ingress_name, - ingress_setup.ingress_pod_name, - ingress_controller_prerequisites.namespace, - ) - assert "listen [::]:" not in nginx_config - assert "listen [::]:" not in upstream_conf