diff --git a/pkg/ingress/config/ingress_config.go b/pkg/ingress/config/ingress_config.go index f93336d81..f104e2565 100644 --- a/pkg/ingress/config/ingress_config.go +++ b/pkg/ingress/config/ingress_config.go @@ -140,8 +140,6 @@ type IngressConfig struct { annotationHandler annotations.AnnotationHandler - globalGatewayName string - namespace string clusterId string @@ -157,13 +155,11 @@ func NewIngressConfig(localKubeClient kube.Client, XDSUpdater model.XDSUpdater, XDSUpdater: XDSUpdater, annotationHandler: annotations.NewAnnotationHandlerManager(), clusterId: clusterId, - globalGatewayName: namespace + "/" + - common.CreateConvertedName(clusterId, "global"), - watchedSecretSet: sets.NewSet(), - namespace: namespace, - mcpbridgeReconciled: atomic.NewBool(false), - wasmPlugins: make(map[string]*extensions.WasmPlugin), - http2rpcs: make(map[string]*higressv1.Http2Rpc), + watchedSecretSet: sets.NewSet(), + namespace: namespace, + mcpbridgeReconciled: atomic.NewBool(false), + wasmPlugins: make(map[string]*extensions.WasmPlugin), + http2rpcs: make(map[string]*higressv1.Http2Rpc), } mcpbridgeController := mcpbridge.NewController(localKubeClient, clusterId) mcpbridgeController.AddEventHandler(config.AddOrUpdateMcpBridge, config.DeleteMcpBridge) @@ -479,7 +475,7 @@ func (m *IngressConfig) convertVirtualService(configs []common.WrapperConfig) [] common.CreateConvertedName(m.clusterId, cleanHost), common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)} if host != "*" { - gateways = append(gateways, m.globalGatewayName) + gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*"))) } wrapperVS, exist := convertOptions.VirtualServices[host] diff --git a/pkg/ingress/config/ingress_config_test.go b/pkg/ingress/config/ingress_config_test.go index 54e0df0d4..d11c8c893 100644 --- a/pkg/ingress/config/ingress_config_test.go +++ b/pkg/ingress/config/ingress_config_test.go @@ -257,7 +257,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "foo.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-foo-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1beta1", @@ -270,7 +270,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1beta1-wakanda-test-1-foo-com", + Name: "http-80-ingress-ingress-v1beta1", }, Hosts: []string{"foo.com"}, }, @@ -278,7 +278,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-ingress-v1beta1-wakanda-test-2-foo-com", + Name: "https-443-ingress-ingress-v1beta1", }, Hosts: []string{"foo.com"}, Tls: &networking.ServerTLSSettings{ @@ -293,7 +293,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "test.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-test-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1beta1", @@ -306,7 +306,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1beta1-wakanda-test-1-test-com", + Name: "http-80-ingress-ingress-v1beta1", }, Hosts: []string{"test.com"}, }, @@ -314,7 +314,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-ingress-v1beta1-wakanda-test-1-test-com", + Name: "https-443-ingress-ingress-v1beta1", }, Hosts: []string{"test.com"}, Tls: &networking.ServerTLSSettings{ @@ -329,7 +329,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "bar.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-bar-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1beta1", @@ -342,7 +342,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1beta1-wakanda-test-2-bar-com", + Name: "http-80-ingress-ingress-v1beta1", }, Hosts: []string{"bar.com"}, }, @@ -471,7 +471,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "foo.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-foo-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1", @@ -484,7 +484,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1-wakanda-test-1-foo-com", + Name: "http-80-ingress-ingress-v1", }, Hosts: []string{"foo.com"}, }, @@ -492,7 +492,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-ingress-v1-wakanda-test-2-foo-com", + Name: "https-443-ingress-ingress-v1", }, Hosts: []string{"foo.com"}, Tls: &networking.ServerTLSSettings{ @@ -507,7 +507,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "test.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-test-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1", @@ -520,7 +520,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1-wakanda-test-1-test-com", + Name: "http-80-ingress-ingress-v1", }, Hosts: []string{"test.com"}, }, @@ -528,7 +528,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-ingress-v1-wakanda-test-1-test-com", + Name: "https-443-ingress-ingress-v1", }, Hosts: []string{"test.com"}, Tls: &networking.ServerTLSSettings{ @@ -543,7 +543,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { "bar.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-bar-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "ingress-v1", @@ -556,7 +556,7 @@ func TestConvertGatewaysForIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-ingress-v1-wakanda-test-2-bar-com", + Name: "http-80-ingress-ingress-v1", }, Hosts: []string{"bar.com"}, }, diff --git a/pkg/ingress/config/kingress_config.go b/pkg/ingress/config/kingress_config.go index fff21d7cc..06e125616 100644 --- a/pkg/ingress/config/kingress_config.go +++ b/pkg/ingress/config/kingress_config.go @@ -66,8 +66,6 @@ type KIngressConfig struct { annotationHandler annotations.AnnotationHandler - globalGatewayName string - namespace string clusterId string @@ -86,10 +84,8 @@ func NewKIngressConfig(localKubeClient kube.Client, XDSUpdater model.XDSUpdater, XDSUpdater: XDSUpdater, annotationHandler: annotations.NewAnnotationHandlerManager(), clusterId: clusterId, - globalGatewayName: namespace + "/" + - common.CreateConvertedName(clusterId, "global"), - watchedSecretSet: sets.NewSet(), - namespace: namespace, + watchedSecretSet: sets.NewSet(), + namespace: namespace, } return config @@ -319,7 +315,7 @@ func (m *KIngressConfig) convertVirtualService(configs []common.WrapperConfig) [ common.CreateConvertedName(m.clusterId, cleanHost), common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)} if host != "*" { - gateways = append(gateways, m.globalGatewayName) + gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*"))) } wrapperVS, exist := convertOptions.VirtualServices[host] diff --git a/pkg/ingress/config/kingress_config_test.go b/pkg/ingress/config/kingress_config_test.go index ea96a1ddf..4ec41ebaa 100644 --- a/pkg/ingress/config/kingress_config_test.go +++ b/pkg/ingress/config/kingress_config_test.go @@ -363,7 +363,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { "foo.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-foo-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "kingress", @@ -376,7 +376,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-kingress-wakanda-test-1-foo-com", + Name: "http-80-ingress-kingress", }, Hosts: []string{"foo.com"}, //Tls: &networking.ServerTLSSettings{ @@ -387,7 +387,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-kingress-wakanda-test-2-foo-com", + Name: "https-443-ingress-kingress", }, Hosts: []string{"foo.com"}, Tls: &networking.ServerTLSSettings{ @@ -402,7 +402,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { "test.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-test-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "kingress", @@ -415,7 +415,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-kingress-wakanda-test-1-test-com", + Name: "http-80-ingress-kingress", }, Hosts: []string{"test.com"}, //Tls: &networking.ServerTLSSettings{ @@ -426,7 +426,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { Port: &networking.Port{ Number: 443, Protocol: "HTTPS", - Name: "https-443-ingress-kingress-wakanda-test-1-test-com", + Name: "https-443-ingress-kingress", }, Hosts: []string{"test.com"}, Tls: &networking.ServerTLSSettings{ @@ -441,7 +441,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { "bar.com": { Meta: config.Meta{ GroupVersionKind: gvk.Gateway, - Name: "istio-autogenerated-k8s-ingress-bar-com", + Name: "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"), Namespace: "wakanda", Annotations: map[string]string{ common.ClusterIdAnnotation: "kingress", @@ -454,7 +454,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) { Port: &networking.Port{ Number: 80, Protocol: "HTTP", - Name: "http-80-ingress-kingress-wakanda-test-2-bar-com", + Name: "http-80-ingress-kingress", }, Hosts: []string{"bar.com"}, }, diff --git a/pkg/ingress/kube/common/tool.go b/pkg/ingress/kube/common/tool.go index 81828dab4..b374a7a0e 100644 --- a/pkg/ingress/kube/common/tool.go +++ b/pkg/ingress/kube/common/tool.go @@ -140,17 +140,19 @@ func GetHost(annotations map[string]string) string { return "" } +// Istio requires that the name of the gateway must conform to the DNS label. +// For details, you can view: https://github.com/istio/istio/blob/2d5c40ad5e9cceebe64106005aa38381097da2ba/pkg/config/validation/validation.go#L478 +func convertToDNSLabelValid(input string) string { + hasher := md5.New() + hasher.Write([]byte(input)) + hash := hasher.Sum(nil) + + return hex.EncodeToString(hash) +} + // CleanHost follow the format of mse-ops for host. func CleanHost(host string) string { - if host == "*" { - return "global" - } - - if strings.HasPrefix(host, "*") { - host = strings.ReplaceAll(host, "*", "global-") - } - - return strings.ReplaceAll(host, ".", "-") + return convertToDNSLabelValid(host) } func CreateConvertedName(items ...string) string { diff --git a/pkg/ingress/kube/ingress/controller.go b/pkg/ingress/kube/ingress/controller.go index 0dca636a4..2c515f7d0 100644 --- a/pkg/ingress/kube/ingress/controller.go +++ b/pkg/ingress/kube/ingress/controller.go @@ -373,7 +373,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp } for _, rule := range ingressV1Beta.Rules { - cleanHost := common.CleanHost(rule.Host) // Need create builder for every rule. domainBuilder := &common.IngressDomainBuilder{ ClusterId: c.options.ClusterId, @@ -401,7 +400,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 80, Protocol: string(protocol.HTTP), - Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId), }, Hosts: []string{rule.Host}, }) @@ -446,7 +445,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 443, Protocol: string(protocol.HTTPS), - Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId), }, Hosts: []string{rule.Host}, Tls: &networking.ServerTLSSettings{ diff --git a/pkg/ingress/kube/ingressv1/controller.go b/pkg/ingress/kube/ingressv1/controller.go index 5e7789c69..9d5194d7c 100644 --- a/pkg/ingress/kube/ingressv1/controller.go +++ b/pkg/ingress/kube/ingressv1/controller.go @@ -358,7 +358,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp } for _, rule := range ingressV1.Rules { - cleanHost := common.CleanHost(rule.Host) // Need create builder for every rule. domainBuilder := &common.IngressDomainBuilder{ ClusterId: c.options.ClusterId, @@ -386,7 +385,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 80, Protocol: string(protocol.HTTP), - Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId), }, Hosts: []string{rule.Host}, }) @@ -431,7 +430,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 443, Protocol: string(protocol.HTTPS), - Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId), }, Hosts: []string{rule.Host}, Tls: &networking.ServerTLSSettings{ diff --git a/pkg/ingress/kube/kingress/controller.go b/pkg/ingress/kube/kingress/controller.go index adf71e7f1..648d6e127 100644 --- a/pkg/ingress/kube/kingress/controller.go +++ b/pkg/ingress/kube/kingress/controller.go @@ -16,7 +16,6 @@ package kingress import ( "fmt" - "github.com/alibaba/higress/pkg/ingress/kube/annotations" "path" "reflect" "sort" @@ -24,7 +23,6 @@ import ( "sync" "time" - "github.com/alibaba/higress/pkg/kube" "github.com/hashicorp/go-multierror" networking "istio.io/api/networking/v1alpha3" "istio.io/istio/pilot/pkg/model" @@ -46,10 +44,12 @@ import ( ingress "knative.dev/networking/pkg/apis/networking/v1alpha1" networkingv1alpha1 "knative.dev/networking/pkg/client/listers/networking/v1alpha1" + "github.com/alibaba/higress/pkg/ingress/kube/annotations" "github.com/alibaba/higress/pkg/ingress/kube/common" "github.com/alibaba/higress/pkg/ingress/kube/kingress/resources" "github.com/alibaba/higress/pkg/ingress/kube/secret" . "github.com/alibaba/higress/pkg/ingress/log" + "github.com/alibaba/higress/pkg/kube" ) var ( @@ -337,7 +337,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp for _, rule := range kingressv1alpha1.Rules { for _, ruleHost := range rule.Hosts { - cleanHost := common.CleanHost(ruleHost) // Need create builder for every rule. domainBuilder := &common.IngressDomainBuilder{ ClusterId: c.options.ClusterId, @@ -364,7 +363,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 8081, Protocol: string(protocol.HTTP), - Name: common.CreateConvertedName("http-8081-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("http-8081-ingress", c.options.ClusterId), }, Hosts: []string{ruleHost}, }) @@ -374,7 +373,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 80, Protocol: string(protocol.HTTP), - Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("http-80-ingress", c.options.ClusterId), }, Hosts: []string{ruleHost}, }) @@ -436,7 +435,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp Port: &networking.Port{ Number: 443, Protocol: string(protocol.HTTPS), - Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost), + Name: common.CreateConvertedName("https-443-ingress", c.options.ClusterId), }, Hosts: []string{ruleHost}, Tls: &networking.ServerTLSSettings{ diff --git a/test/e2e/conformance/tests/httproute-hostname-same-namespace.go b/test/e2e/conformance/tests/httproute-hostname-same-namespace.go index de8a2d989..e5b6606fd 100644 --- a/test/e2e/conformance/tests/httproute-hostname-same-namespace.go +++ b/test/e2e/conformance/tests/httproute-hostname-same-namespace.go @@ -113,6 +113,39 @@ var HTTPRouteHostNameSameNamespace = suite.ConformanceTest{ }, }, }, + { + Meta: http.AssertionMeta{ + TargetBackend: "infra-backend-v2", + TargetNamespace: "higress-conformance-infra", + }, + Request: http.AssertionRequest{ + ActualRequest: http.Request{ + Path: "/bar", + Host: "api.bar.com", + }, + }, + Response: http.AssertionResponse{ + ExpectedResponse: http.Response{ + StatusCode: 200, + }, + }, + }, { + Meta: http.AssertionMeta{ + TargetBackend: "infra-backend-v3", + TargetNamespace: "higress-conformance-infra", + }, + Request: http.AssertionRequest{ + ActualRequest: http.Request{ + Path: "/bar", + Host: "api-bar.com", + }, + }, + Response: http.AssertionResponse{ + ExpectedResponse: http.Response{ + StatusCode: 200, + }, + }, + }, } t.Run("HTTP request should reach infra-backend with different hostname", func(t *testing.T) { diff --git a/test/e2e/conformance/tests/httproute-hostname-same-namespace.yaml b/test/e2e/conformance/tests/httproute-hostname-same-namespace.yaml index d0dfd7cec..40bedc1dc 100644 --- a/test/e2e/conformance/tests/httproute-hostname-same-namespace.yaml +++ b/test/e2e/conformance/tests/httproute-hostname-same-namespace.yaml @@ -70,3 +70,23 @@ spec: name: infra-backend-v1 port: number: 8080 + - host: "api.bar.com" + http: + paths: + - pathType: Prefix + path: "/bar" + backend: + service: + name: infra-backend-v2 + port: + number: 8080 + - host: "api-bar.com" + http: + paths: + - pathType: Prefix + path: "/bar" + backend: + service: + name: infra-backend-v3 + port: + number: 8080 diff --git a/test/e2e/conformance/tests/httproute-https-without-sni.go b/test/e2e/conformance/tests/httproute-https-without-sni.go new file mode 100644 index 000000000..1f982c315 --- /dev/null +++ b/test/e2e/conformance/tests/httproute-https-without-sni.go @@ -0,0 +1,105 @@ +// Copyright (c) 2022 Alibaba Group Holding Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tests + +import ( + "testing" + + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/alibaba/higress/test/e2e/conformance/utils/cert" + "github.com/alibaba/higress/test/e2e/conformance/utils/http" + "github.com/alibaba/higress/test/e2e/conformance/utils/kubernetes" + "github.com/alibaba/higress/test/e2e/conformance/utils/suite" +) + +func init() { + Register(HTTPHttpsWithoutSni) +} + +var HTTPHttpsWithoutSni = suite.ConformanceTest{ + ShortName: "HTTPHttpsWithoutSni", + Description: "A single Ingress in the higress-conformance-infra namespace for https without sni.", + Manifests: []string{"tests/httproute-https-without-sni.yaml"}, + Features: []suite.SupportedFeature{suite.HTTPConformanceFeature}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + // Prepare secrets for testcases + _, _, caCert, caKey := cert.MustGenerateCaCert(t) + svcCertOut, svcKeyOut := cert.MustGenerateCertWithCA(t, cert.ServerCertType, caCert, caKey, []string{"foo.com"}) + fooSecret := kubernetes.ConstructTLSSecret("higress-conformance-infra", "foo-secret", svcCertOut.Bytes(), svcKeyOut.Bytes()) + suite.Applier.MustApplyObjectsWithCleanup(t, suite.Client, suite.TimeoutConfig, []client.Object{fooSecret}, suite.Cleanup) + + testcases := []http.Assertion{ + { + Meta: http.AssertionMeta{ + TestCaseName: "case 1: with sni", + TargetBackend: "infra-backend-v2", + TargetNamespace: "higress-conformance-infra", + }, + Request: http.AssertionRequest{ + ActualRequest: http.Request{ + Path: "/foo", + Host: "foo.com", + TLSConfig: &http.TLSConfig{ + SNI: "foo.com", + }, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/foo", + Host: "foo.com", + }, + }, + }, + Response: http.AssertionResponse{ + ExpectedResponse: http.Response{ + StatusCode: 200, + }, + }, + }, + { + Meta: http.AssertionMeta{ + TestCaseName: "case 1: without sni", + TargetBackend: "infra-backend-v2", + TargetNamespace: "higress-conformance-infra", + }, + Request: http.AssertionRequest{ + ActualRequest: http.Request{ + Path: "/foo", + Host: "foo.com", + TLSConfig: &http.TLSConfig{}, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/foo", + Host: "foo.com", + }, + }, + }, + Response: http.AssertionResponse{ + ExpectedResponse: http.Response{ + StatusCode: 200, + }, + }, + }, + } + + t.Run("HTTPS without SNI", func(t *testing.T) { + for _, testcase := range testcases { + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase) + } + }) + }, +} diff --git a/test/e2e/conformance/tests/httproute-https-without-sni.yaml b/test/e2e/conformance/tests/httproute-https-without-sni.yaml new file mode 100644 index 000000000..9b8f1057d --- /dev/null +++ b/test/e2e/conformance/tests/httproute-https-without-sni.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2022 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httproute-https-without-sni-global + namespace: higress-conformance-infra +spec: + ingressClassName: higress + tls: + - secretName: foo-secret + rules: + - http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: infra-backend-v1 + port: + number: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httproute-https-without-sni-domain + namespace: higress-conformance-infra +spec: + ingressClassName: higress + tls: + - hosts: + - "foo.com" + secretName: foo-secret + rules: + - host: "foo.com" + http: + paths: + - pathType: Exact + path: "/foo" + backend: + service: + name: infra-backend-v2 + port: + number: 8080