kubernetes · k8s-ci-robot · Aug 25, 2018 · Aug 24, 2018
diff --git a/test/e2e/lua/dynamic_certificates.go b/test/e2e/lua/dynamic_certificates.go
@@ -17,15 +17,12 @@ limitations under the License.
 package lua
 
 import (
-	"crypto/tls"
 	"fmt"
-	"net/http"
 	"strings"
 	"time"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
-	"github.com/parnurzeal/gorequest"
 
 	appsv1beta1 "k8s.io/api/apps/v1beta1"
 	extensions "k8s.io/api/extensions/v1beta1"
@@ -54,18 +51,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 	})
 
 	It("picks up the certificate when we add TLS spec to existing ingress", func() {
-		ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
-		Expect(err).NotTo(HaveOccurred())
-		Expect(ing).NotTo(BeNil())
-		time.Sleep(waitForLuaSync)
-		resp, _, errs := gorequest.New().
-			Get(f.IngressController.HTTPURL).
-			Set("Host", host).
-			End()
-		Expect(len(errs)).Should(BeNumerically("==", 0))
-		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-
-		ing, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{})
+		ensureIngress(f, host)
+
+		ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
 		Expect(err).ToNot(HaveOccurred())
 		ing.Spec.TLS = []extensions.IngressTLS{
 			{
@@ -80,47 +68,17 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 		Expect(err).ToNot(HaveOccurred())
 		_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
 		Expect(err).ToNot(HaveOccurred())
-
-		By("configuring HTTPS endpoint")
-		err = f.WaitForNginxServer(host,
-			func(server string) bool {
-				return strings.Contains(server, "server_name "+host) &&
-					strings.Contains(server, "listen 443")
-			})
-		Expect(err).ToNot(HaveOccurred())
-
 		time.Sleep(waitForLuaSync)
 
-		By("serving the configured certificate on HTTPS endpoint")
-		resp, _, errs = gorequest.New().
-			Get(f.IngressController.HTTPSURL).
-			Set("Host", ing.Spec.TLS[0].Hosts[0]).
-			TLSClientConfig(&tls.Config{
-				InsecureSkipVerify: true,
-				ServerName:         ing.Spec.TLS[0].Hosts[0],
-			}).
-			End()
-		Expect(len(errs)).Should(BeNumerically("==", 0))
-		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-		Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-		Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
+		ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
 	})
 
 	It("picks up the previously missing secret for a given ingress without reloading", func() {
 		ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
 		Expect(err).NotTo(HaveOccurred())
 		Expect(ing).NotTo(BeNil())
 		time.Sleep(waitForLuaSync)
-		resp, _, errs := gorequest.New().
-			Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
-			Set("Host", host).
-			TLSClientConfig(&tls.Config{
-				InsecureSkipVerify: true,
-				ServerName:         ing.Spec.TLS[0].Hosts[0],
-			}).
-			End()
-		Expect(len(errs)).Should(BeNumerically("==", 0))
-		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+		ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, "ingress.local")
 
 		_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
 			ing.Spec.TLS[0].Hosts,
@@ -141,18 +99,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 		time.Sleep(waitForLuaSync)
 
 		By("serving the configured certificate on HTTPS endpoint")
-		resp, _, errs = gorequest.New().
-			Get(f.IngressController.HTTPSURL).
-			Set("Host", ing.Spec.TLS[0].Hosts[0]).
-			TLSClientConfig(&tls.Config{
-				InsecureSkipVerify: true,
-				ServerName:         ing.Spec.TLS[0].Hosts[0],
-			}).
-			End()
-		Expect(len(errs)).Should(BeNumerically("==", 0))
-		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-		Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-		Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
+		ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
 
 		log, err := f.NginxLogs()
 		Expect(err).ToNot(HaveOccurred())
@@ -173,24 +120,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 			Expect(ing).NotTo(BeNil())
 			time.Sleep(waitForLuaSync)
 
-			resp, _, errs := gorequest.New().
-				Get(f.IngressController.HTTPSURL).
-				Set("Host", host).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         host,
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-
-			By("configuring HTTPS endpoint")
-			err = f.WaitForNginxServer(host,
-				func(server string) bool {
-					return strings.Contains(server, "server_name "+host) &&
-						strings.Contains(server, "listen 443")
-				})
-			Expect(err).ToNot(HaveOccurred())
+			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")
 
 			_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
 				ing.Spec.TLS[0].Hosts,
@@ -212,33 +142,13 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 			time.Sleep(waitForLuaSync)
 
 			By("serving the configured certificate on HTTPS endpoint")
-			resp, _, errs = gorequest.New().
-				Get(f.IngressController.HTTPSURL).
-				Set("Host", ing.Spec.TLS[0].Hosts[0]).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         ing.Spec.TLS[0].Hosts[0],
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-			Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-			Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
+			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
 		})
 
 		It("picks up the updated certificate without reloading", func() {
-			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{})
-
-			resp, _, errs := gorequest.New().
-				Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
-				Set("Host", host).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         ing.Spec.TLS[0].Hosts[0],
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
+
+			ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)
 
 			_, err = framework.CreateIngressTLSSecret(f.KubeClientSet,
 				ing.Spec.TLS[0].Hosts,
@@ -260,18 +170,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 			time.Sleep(waitForLuaSync)
 
 			By("serving the configured certificate on HTTPS endpoint")
-			resp, _, errs = gorequest.New().
-				Get(f.IngressController.HTTPSURL).
-				Set("Host", ing.Spec.TLS[0].Hosts[0]).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         ing.Spec.TLS[0].Hosts[0],
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-			Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-			Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(host))
+			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, host)
 
 			log, err := f.NginxLogs()
 			Expect(err).ToNot(HaveOccurred())
@@ -286,18 +185,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 		})
 
 		It("falls back to using default certificate when secret gets deleted without reloading", func() {
-			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{})
-
-			resp, _, errs := gorequest.New().
-				Get(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL)).
-				Set("Host", host).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         ing.Spec.TLS[0].Hosts[0],
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
+
+			ensureHTTPSRequest(fmt.Sprintf("%s?id=dummy_log_splitter_foo_bar", f.IngressController.HTTPSURL), host, host)
 
 			f.KubeClientSet.CoreV1().Secrets(ing.Namespace).Delete(ing.Spec.TLS[0].SecretName, nil)
 			Expect(err).ToNot(HaveOccurred())
@@ -316,18 +206,7 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 			time.Sleep(waitForLuaSync)
 
 			By("serving the default certificate on HTTPS endpoint")
-			resp, _, errs = gorequest.New().
-				Get(f.IngressController.HTTPSURL).
-				Set("Host", ing.Spec.TLS[0].Hosts[0]).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         ing.Spec.TLS[0].Hosts[0],
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-			Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-			Expect(resp.TLS.PeerCertificates[0].Issuer.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
+			ensureHTTPSRequest(f.IngressController.HTTPSURL, host, "ingress.local")
 
 			log, err := f.NginxLogs()
 			Expect(err).ToNot(HaveOccurred())
@@ -343,58 +222,26 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
 
 		It("picks up a non-certificate only change", func() {
 			newHost := "foo2.com"
-			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{})
+			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
 			Expect(err).NotTo(HaveOccurred())
-
 			ing.Spec.Rules[0].Host = newHost
 			_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
 			Expect(err).ToNot(HaveOccurred())
-
-			By("configuring HTTPS endpoint")
-			err = f.WaitForNginxServer(newHost,
-				func(server string) bool {
-					return strings.Contains(server, "server_name "+newHost) &&
-						strings.Contains(server, "listen 443")
-				})
-			Expect(err).ToNot(HaveOccurred())
+			time.Sleep(waitForLuaSync)
 
 			By("serving the configured certificate on HTTPS endpoint")
-			resp, _, errs := gorequest.New().
-				Get(f.IngressController.HTTPSURL).
-				Set("Host", newHost).
-				TLSClientConfig(&tls.Config{
-					InsecureSkipVerify: true,
-					ServerName:         newHost,
-				}).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
-			Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
-			Expect(resp.TLS.PeerCertificates[0].Issuer.CommonName).Should(Equal("Kubernetes Ingress Controller Fake Certificate"))
+			ensureHTTPSRequest(f.IngressController.HTTPSURL, newHost, "ingress.local")
 		})
 
 		It("removes HTTPS configuration when we delete TLS spec", func() {
-			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get("foo.com", metav1.GetOptions{})
+			ing, err := f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Get(host, metav1.GetOptions{})
 			Expect(err).NotTo(HaveOccurred())
-
 			ing.Spec.TLS = []extensions.IngressTLS{}
-
 			_, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ing)
 			Expect(err).ToNot(HaveOccurred())
-			By("configuring HTTP endpoint")
-			err = f.WaitForNginxServer(host,
-				func(server string) bool {
-					return !strings.Contains(server, "ssl_certificate_by_lua_block") &&
-						!strings.Contains(server, "listen 443")
-				})
-			Expect(err).ToNot(HaveOccurred())
+			time.Sleep(waitForLuaSync)
 
-			resp, _, errs := gorequest.New().
-				Get(f.IngressController.HTTPURL).
-				Set("Host", host).
-				End()
-			Expect(len(errs)).Should(BeNumerically("==", 0))
-			Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+			ensureRequest(f, host)
 		})
 	})
 })

diff --git a/test/e2e/lua/dynamic_configuration.go b/test/e2e/lua/dynamic_configuration.go
@@ -17,6 +17,7 @@ limitations under the License.
 package lua
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net/http"
 	"regexp"
@@ -170,6 +171,21 @@ func ensureRequest(f *framework.Framework, host string) {
 	Expect(resp.StatusCode).Should(Equal(http.StatusOK))
 }
 
+func ensureHTTPSRequest(url string, host string, expectedDNSName string) {
+	resp, _, errs := gorequest.New().
+		Get(url).
+		Set("Host", host).
+		TLSClientConfig(&tls.Config{
+			InsecureSkipVerify: true,
+			ServerName:         host,
+		}).
+		End()
+	Expect(errs).Should(BeEmpty())
+	Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+	Expect(len(resp.TLS.PeerCertificates)).Should(BeNumerically("==", 1))
+	Expect(resp.TLS.PeerCertificates[0].DNSNames[0]).Should(Equal(expectedDNSName))
+}
+
 func getCookie(name string, cookies []*http.Cookie) (*http.Cookie, error) {
 	for _, cookie := range cookies {
 		if cookie.Name == name {