add e2e coverage for multi auth

kubernetes · Apr 18, 2019 · bd694bf · bd694bf
1 parent 7283a01
commit bd694bf
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/test/e2e/annotations/satisfy.go b/test/e2e/annotations/satisfy.go
@@ -19,12 +19,14 @@ package annotations
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"time"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/parnurzeal/gorequest"
 	extensions "k8s.io/api/extensions/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
@@ -82,4 +84,66 @@ var _ = framework.IngressNginxDescribe("Annotations - SATISFY", func() {
 			Expect(body).Should(ContainSubstring(fmt.Sprintf("host=%v", host)))
 		}
 	})
+
+	It("should allow multiple auth with satisfy any", func() {
+		host := "auth"
+
+		// setup external auth
+		f.NewHttpbinDeployment()
+
+		err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "httpbin", f.Namespace, 1)
+		Expect(err).NotTo(HaveOccurred())
+
+		e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get("httpbin", metav1.GetOptions{})
+		Expect(err).NotTo(HaveOccurred())
+
+		httpbinIP := e.Subsets[0].Addresses[0].IP
+
+		// create basic auth secret at ingress
+		s := f.EnsureSecret(buildSecret("uname", "pwd", "basic-secret", f.Namespace))
+
+		annotations := map[string]string{
+			// annotations for basic auth at ingress
+			"nginx.ingress.kubernetes.io/auth-type":   "basic",
+			"nginx.ingress.kubernetes.io/auth-secret": s.Name,
+			"nginx.ingress.kubernetes.io/auth-realm":  "test basic auth",
+
+			// annotations for external auth
+			"nginx.ingress.kubernetes.io/auth-url":    fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP),
+			"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",
+
+			// set satisfy any
+			"nginx.ingress.kubernetes.io/satisfy": "any",
+		}
+
+		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
+		f.EnsureIngress(ing)
+
+		f.WaitForNginxServer(host, func(server string) bool {
+			return Expect(server).Should(ContainSubstring("server_name auth"))
+		})
+
+		// with basic auth cred
+		resp, _, errs := gorequest.New().
+			Get(f.GetURL(framework.HTTP)).
+			Retry(10, 1*time.Second, http.StatusNotFound).
+			Set("Host", host).
+			SetBasicAuth("uname", "pwd").End()
+
+		Expect(errs).Should(BeEmpty())
+		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+
+		// reroute to signin if without basic cred
+		resp, _, errs = gorequest.New().
+			Get(f.GetURL(framework.HTTP)).
+			Retry(10, 1*time.Second, http.StatusNotFound).
+			Set("Host", host).
+			RedirectPolicy(func(req gorequest.Request, via []gorequest.Request) error {
+				return http.ErrUseLastResponse
+			}).Param("a", "b").Param("c", "d").
+			End()
+		Expect(errs).Should(BeEmpty())
+		Expect(resp.StatusCode).Should(Equal(http.StatusFound))
+		Expect(resp.Header.Get("Location")).Should(Equal(fmt.Sprintf("http://%s/auth/start?rd=http://%s%s", host, host, url.QueryEscape("/?a=b&c=d"))))
+	})
 })