update version to 1.0.0 (#348)

Makefile.core.mk

@@ -139,8 +139,8 @@ install: pre-install
 	cd helm/higress; helm dependency build
 	helm install higress helm/higress -n higress-system --create-namespace --set 'global.local=true'
 
-ENVOY_LATEST_IMAGE_TAG ?= 1.0.0-rc
-ISTIO_LATEST_IMAGE_TAG ?= 1.0.0-rc
+ENVOY_LATEST_IMAGE_TAG ?= 1.0.0
+ISTIO_LATEST_IMAGE_TAG ?= 1.0.0
 
 install-dev: pre-install
 	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'

VERSION

@@ -1 +1 @@
-v1.0.0-rc
+v1.0.0

helm/core/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.0.0-rc
+appVersion: 1.0.0
 description: Helm chart for deploying higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
@@ -10,4 +10,4 @@ name: higress-core
 sources:
 - http://github.com/alibaba/higress
 type: application
-version: 1.0.0-rc
+version: 1.0.0

helm/core/templates/_helpers.tpl

@@ -95,3 +95,9 @@ higress: {{ include "controller.name" . }}
 {{- print "first-party-jwt" }}
 {{- end }}
 {{- end }}
+
+{{- define "skywalking.enabled" -}}
+{{- if and .Values.skywalking.enabled .Values.skywalking.service.address }}
+true
+{{- end }}
+{{- end }}

helm/core/templates/configmap.yaml

@@ -122,7 +122,7 @@ data:
 {{- include "mesh" . }}
 {{- end }}
 ---
-{{- if .Values.enableSkywalking  }}
+{{- if include "skywalking.enabled" . }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -154,7 +154,6 @@ data:
             "type": "LOGICAL_DNS",
             "connect_timeout": "5s",
             "http2_protocol_options": {
-
             },
             "dns_lookup_family": "V4_ONLY",
             "lb_policy": "ROUND_ROBIN",
@@ -167,8 +166,8 @@ data:
                       "endpoint": {
                         "address": {
                           "socket_address": {
-                            "address": "{{ .Values.Skywalking.address }}",
-                            "port_value": "{{ .Values.Skywalking.port }}"
+                            "address": "{{ .Values.skywalking.service.address }}",
+                            "port_value": "{{ .Values.skywalking.service.port }}"
                           }
                         }
                       }

helm/core/templates/deployment.yaml

@@ -146,7 +146,7 @@ spec:
             value: "{{ $.Values.clusterName | default `Kubernetes` }}"
           - name: INSTANCE_NAME
             value: "higress-gateway"
-          {{- if .Values.enableSkywalking }}
+          {{- if include "skywalking.enabled" . }}
           - name: ISTIO_BOOTSTRAP_OVERRIDE
             value: /etc/istio/custom-bootstrap/custom_bootstrap.json
           {{- end }}
@@ -202,7 +202,7 @@ spec:
             mountPath: /etc/istio/pod
           - name: proxy-socket
             mountPath: /etc/istio/proxy
-          {{- if .Values.enableSkywalking }}
+          {{- if include "skywalking.enabled" . }}
           - mountPath: /etc/istio/custom-bootstrap
             name: custom-bootstrap-volume
           {{- end }}
@@ -242,7 +242,7 @@ spec:
       - name: config
         configMap:
           name: higress-config
-      {{- if .Values.enableSkywalking }}
+      {{- if include "skywalking.enabled" . }}
       - configMap:
           defaultMode: 420
           name: higress-custom-bootstrap

helm/core/values.yaml

@@ -45,7 +45,7 @@ global:
   # Dev builds from prow are on gcr.io
   hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
   # Default tag for Istio images.
-  tag: 1.0.0-rc
+  tag: 1.0.0
 
   # Specify image pull policy if default behavior isn't desired.
   # Default behavior: latest images will be Always else IfNotPresent.
@@ -369,7 +369,7 @@ gateway:
   name: "higress-gateway"
   replicas: 2
   image: gateway
-  tag: "1.0.0-rc"
+  tag: "1.0.0"
   # revision declares which revision this gateway is a part of
   revision: ""
 
@@ -457,7 +457,7 @@ controller:
   name: "higress-controller"
   replicas: 1
   image: higress
-  tag: "1.0.0-rc"
+  tag: "1.0.0"
   env: {}
 
   labels: {}
@@ -547,7 +547,7 @@ pilot:
   rollingMaxUnavailable: 25%
 
   hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
-  tag: 1.0.0-rc
+  tag: 1.0.0
 
   # Can be a full hub/image:tag
   image: pilot
@@ -610,7 +610,8 @@ pilot:
 
 
 # Skywalking config settings
-enableSkywalking: false
-Skywalking:
-  address: "skywalking-oap.higress-system.svc"
-  port: 11800
+skywalking:
+  enabled: false
+  service:
+    address: ~
+    port: 11800

helm/higress/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: higress-core
   repository: file://../core
-  version: 1.0.0-rc
+  version: 1.0.0
 - name: higress-console
   repository: https://higress.io/helm-charts/
-  version: 1.0.0-rc.2
-digest: sha256:6cd5c09946a6d365b03fe9bd5e8cf266bc8bdc94017fae8703920a2cb700e4f7
-generated: "2023-05-09T17:16:27.7257491+08:00"
+  version: 1.0.0
+digest: sha256:fb0f1b6816df5f5ac6888a93fb148b55b669affc9ac99336dd1ac818b8f84ace
+generated: "2023-05-22T17:42:02.506864+08:00"

helm/higress/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.0.0-rc.2
+appVersion: 1.0.0
 description: Helm chart for deploying Higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
@@ -12,9 +12,9 @@ sources:
 dependencies:
 - name: higress-core
   repository: "file://../core"
-  version: 1.0.0-rc
+  version: 1.0.0
 - name: higress-console
   repository: "https://higress.io/helm-charts/"
-  version: 1.0.0-rc.2
+  version: 1.0.0
 type: application
-version: 1.0.0-rc.2
+version: 1.0.0

plugins/wasm-cpp/extensions/jwt_auth/README.md

@@ -244,12 +244,14 @@ public class GenerateJwtDemo {
 - 只有当`from_headers`,`from_params`,`from_cookies`均未配置时，才会使用默认值
 
 `from_headers` 中每一项的配置字段说明如下：
+
 | 名称             | 数据类型        | 填写要求| 默认值 | 描述                                                      |
 | ---------------- | --------------- | ------- | ------ | --------------------------------------------------------- |
 | `name`           | string          | 必填    | -      | 抽取JWT的请求header                                       |
 | `value_prefix`   | string          | 必填    | -      | 对请求header的value去除此前缀，剩余部分作为JWT            |
 
 `claims_to_headers` 中每一项的配置字段说明如下：
+
 | 名称             | 数据类型        | 填写要求| 默认值 | 描述                                                      |
 | ---------------- | --------------- | ------- | ------ | --------------------------------------------------------- |
 | `claim`          | string          | 必填    | -      | JWT payload中的指定字段，要求必须是字符串或无符号整数类型 |

plugins/wasm-cpp/extensions/jwt_auth/README_EN.md

@@ -390,10 +390,10 @@ consumers:
 ```
 
 # Common Error Codes
-| 
-HTTP Status Code | Error Message               | Reason Description|
-| ----------- | ---------------------- | -------------------------------------------------------------------------------- |
-| 401         | JWT missing            | The JWT is not provided in the request header. |
-| 401         | JWT expired            | The JWT has expired. |
-| 401         | JWT verification fails | The JWT payload verification failed, such as the iss mismatch. |
-| 403         | Access denied          | Access to the current route is denied. |
+
+| HTTP Status Code | Error Message               | Reason Description|
+|------------------| ---------------------- | -------------------------------------------------------------------------------- |
+| 401              | JWT missing            | The JWT is not provided in the request header. |
+| 401              | JWT expired            | The JWT has expired. |
+| 401              | JWT verification fails | The JWT payload verification failed, such as the iss mismatch. |
+| 403              | Access denied          | Access to the current route is denied. |

plugins/wasm-cpp/extensions/key_rate_limit/README.md

@@ -14,6 +14,7 @@
 |  limit_keys     |  array of object     | 必填     |   -  |  配置匹配键值后的限流次数   |
 
 `limit_keys`中每一项的配置字段说明
+
 | 名称 | 数据类型 | 填写要求 |  默认值 | 描述 |
 | -------- | -------- | -------- | -------- | -------- |
 |  key     |  string     | 必填     |   -  |  匹配的键值 |

plugins/wasm-cpp/extensions/key_rate_limit/README_EN.md

@@ -14,6 +14,7 @@
 |  limit_keys     |  array of object     | Required     |   -  |  Rate-limiting thresholds when matching specific key-values |
 
 Field descriptions of `limit_keys` items:
+
 | Name | Type | Requirement |  Default Value | Description |
 | -------- | -------- | -------- | -------- | -------- |
 |  key     |  string     | Required     |   -  |  Value to match of the specific key |

plugins/wasm-go/Makefile

@@ -26,6 +26,7 @@ build:
 build-image:
 	DOCKER_BUILDKIT=1 docker build --build-arg PLUGIN_NAME=${PLUGIN_NAME} \
 	                            --build-arg BUILDER=${BUILDER}  \
+	                            --build-arg GOPROXY=$(GOPROXY) \
 	                            -t ${IMG} \
 	                            --load \
 	                            .

plugins/wasm-go/extensions/de-graphql/README.md

@@ -100,10 +100,6 @@ curl 'https://api.github.com/graphql' -X POST \
 | `gql`           | graphql 查询              | 不能为空       |
 | `endpoint`      | graphql 查询端点            | `/graphql` |
 | `timeout`       | 查询连接超时，单位毫秒             | `5000`     |
-| `serviceSource` | 服务来源：k8s, nacos,dns, ip | 不能为空       |
-| `serviceName`   | 服务名称                    | 不能为空       |
-| `servicePort`   | 服务端口                    | 不能为空       |
-| `namespace`     | 服务命名空间， 当服务来源是nacos需要配置 |      |
 | `domain`        | 服务域名，当服务来源是dns配置        |      |
 
 ### 插件使用
@@ -158,9 +154,6 @@ spec:
     config:
       timeout: 5000
       endpoint: /graphql
-      serviceSource: dns
-      serviceName: github
-      servicePort: 443
       domain: api.github.com
       gql: |
            query ($owner:String! $name:String!){

plugins/wasm-go/extensions/de-graphql/config/degraphql_config.go

@@ -16,7 +16,6 @@ package config
 
 import (
 	"errors"
-	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"net/url"
 	"regexp"
 	"strings"
@@ -46,10 +45,10 @@ type Variable struct {
 }
 
 type DeGraphQLConfig struct {
-	client    wrapper.HttpClient
 	gql       string
 	endpoint  string
 	timeout   uint32
+	domain    string
 	variables []Variable
 }
 
@@ -63,6 +62,14 @@ func (d *DeGraphQLConfig) SetEndpoint(endpoint string) error {
 	return nil
 }
 
+func (d *DeGraphQLConfig) GetDomain() string {
+	return d.domain
+}
+
+func (d *DeGraphQLConfig) SetDomain(domain string) {
+	d.domain = domain
+}
+
 func (d *DeGraphQLConfig) GetEndpoint() string {
 	return d.endpoint
 }
@@ -79,14 +86,6 @@ func (d *DeGraphQLConfig) SetTimeout(timeout uint32) {
 	}
 }
 
-func (d *DeGraphQLConfig) SetClient(client wrapper.HttpClient) {
-	d.client = client
-}
-
-func (d *DeGraphQLConfig) GetClient() wrapper.HttpClient {
-	return d.client
-}
-
 func (d *DeGraphQLConfig) SetGql(gql string) error {
 	if strings.TrimSpace(gql) == "" {
 		return errors.New("gql can't be empty")

plugins/wasm-go/extensions/de-graphql/envoy.yaml

@@ -22,7 +22,7 @@ static_resources:
                         - match:
                             prefix: "/api"
                           route:
-                            cluster: mock_service
+                            cluster: github
                 http_filters:
                   - name: envoy.filters.http.wasm
                     typed_config:
@@ -35,9 +35,6 @@ static_resources:
                             value: |-
                               {
                                 "gql": "query ($owner:String! $name:String!){\n repository(owner:$owner, name:$name) {\n name\n forkCount\n description\n}\n}",
-                                "serviceSource": "dns",
-                                "serviceName": "github",
-                                "servicePort": 443,
                                 "domain": "api.github.com",
                                 "endpoint": "/graphql",
                                 "timeout": 2000
@@ -96,7 +93,7 @@ static_resources:
                     socket_address:
                       address: 127.0.0.1
                       port_value: 8099
-    - name: outbound|443||github.dns
+    - name: github
       connect_timeout: 0.5s
       type: STRICT_DNS
       lb_policy: ROUND_ROBIN
@@ -107,7 +104,7 @@ static_resources:
         typed_config:
           "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
       load_assignment:
-        cluster_name: outbound|443||github.dns
+        cluster_name: github
         endpoints:
           - lb_endpoints:
               - endpoint:

plugins/wasm-go/extensions/de-graphql/go.mod

@@ -2,6 +2,8 @@ module de-graphql
 
 go 1.19
 
+replace github.com/alibaba/higress/plugins/wasm-go => ../..
+
 require (
 	github.com/alibaba/higress/plugins/wasm-go v0.0.0-20230410091208-df60dd43079c
 	github.com/stretchr/testify v1.8.0

plugins/wasm-go/extensions/de-graphql/graphql.yaml

@@ -51,11 +51,9 @@ spec:
                description
             }
           }
-        serviceName: github
-        servicePort: 443
-        serviceSource: dns
         timeout: 5000
       configDisable: false
       ingress:
         - github-api
   url: oci://docker.io/2456868764/de-graphql:1.0.0
+

plugins/wasm-go/extensions/de-graphql/main.go

@@ -15,7 +15,6 @@
 package main
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
 
@@ -42,7 +41,8 @@ func parseConfig(json gjson.Result, config *config.DeGraphQLConfig, log wrapper.
 	gql := json.Get("gql").String()
 	endpoint := json.Get("endpoint").String()
 	timeout := json.Get("timeout").Int()
-	log.Debugf("gql:%s endpoint:%s timeout:%d", gql, endpoint, timeout)
+	domain := json.Get("domain").String()
+	log.Debugf("gql:%s endpoint:%s timeout:%d domain:%s", gql, endpoint, timeout, domain)
 	err := config.SetGql(gql)
 	if err != nil {
 		return err
@@ -52,48 +52,7 @@ func parseConfig(json gjson.Result, config *config.DeGraphQLConfig, log wrapper.
 		return err
 	}
 	config.SetTimeout(uint32(timeout))
-	serviceSource := json.Get("serviceSource").String()
-	serviceName := json.Get("serviceName").String()
-	servicePort := json.Get("servicePort").Int()
-	log.Debugf("serviceSource:%s serviceName:%s servicePort:%d", serviceSource, serviceName, servicePort)
-	if serviceName == "" || servicePort == 0 {
-		return errors.New("invalid service config")
-	}
-	switch serviceSource {
-	case "k8s":
-		namespace := json.Get("namespace").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.K8sCluster{
-			ServiceName: serviceName,
-			Namespace:   namespace,
-			Port:        servicePort,
-		}))
-		return nil
-	case "nacos":
-		namespace := json.Get("namespace").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.NacosCluster{
-			ServiceName: serviceName,
-			NamespaceID: namespace,
-			Port:        servicePort,
-		}))
-		return nil
-	case "ip":
-		config.SetClient(wrapper.NewClusterClient(wrapper.StaticIpCluster{
-			ServiceName: serviceName,
-			Port:        servicePort,
-		}))
-		return nil
-	case "dns":
-		domain := json.Get("domain").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.DnsCluster{
-			ServiceName: serviceName,
-			Port:        servicePort,
-			Domain:      domain,
-		}))
-		return nil
-	default:
-		return errors.New("unknown service source: " + serviceSource)
-	}
-
+	config.SetDomain(domain)
 	return nil
 }
 
@@ -122,8 +81,9 @@ func onHttpRequestHeaders(ctx wrapper.HttpContext, config config.DeGraphQLConfig
 	}
 	// Add header Content-Type: application/json
 	headers = append(headers, [2]string{"Content-Type", "application/json"})
+	client := wrapper.NewClusterClient(wrapper.RouteCluster{Host: config.GetDomain()})
 	// Call upstream graphql endpoint
-	config.GetClient().Post(config.GetEndpoint(), headers, []byte(replaceBody),
+	client.Post(config.GetEndpoint(), headers, []byte(replaceBody),
 		func(statusCode int, responseHeaders http.Header, responseBody []byte) {
 			// Pass response headers and body to client
 			headers := make([][2]string, 0, len(responseHeaders)+3)

plugins/wasm-go/pkg/wrapper/cluster_wrapper.go

@@ -17,6 +17,8 @@ package wrapper
 import (
 	"fmt"
 	"strings"
+
+	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
 )
 
 type Cluster interface {
@@ -24,6 +26,25 @@ type Cluster interface {
 	HostName() string
 }
 
+type RouteCluster struct {
+	Host string
+}
+
+func (c RouteCluster) ClusterName() string {
+	routeName, err := proxywasm.GetProperty([]string{"cluster_name"})
+	if err != nil {
+		proxywasm.LogErrorf("get route cluster failed, err:%v", err)
+	}
+	return string(routeName)
+}
+
+func (c RouteCluster) HostName() string {
+	if c.Host != "" {
+		return c.Host
+	}
+	return GetRequestHost()
+}
+
 type K8sCluster struct {
 	ServiceName string
 	Namespace   string

plugins/wasm-go/pkg/wrapper/http_wrapper.go

@@ -115,7 +115,7 @@ func HttpCall(cluster Cluster, method, path string, headers [][2]string, body []
 			requestID, code, normalResponse, respBody)
 		callback(code, headers, respBody)
 	})
-	proxywasm.LogDebugf("http call start, id: %s, cluster: %+v, method: %s, path: %s, body: %s, timeout: %d",
-		requestID, cluster, method, path, body, timeout)
+	proxywasm.LogDebugf("http call start, id: %s, cluster: %s, method: %s, path: %s, body: %s, timeout: %d",
+		requestID, cluster.ClusterName(), method, path, body, timeout)
 	return err
 }

plugins/wasm-go/pkg/wrapper/plugin_wrapper.go

@@ -40,6 +40,7 @@ type HttpContext interface {
 type ParseConfigFunc[PluginConfig any] func(json gjson.Result, config *PluginConfig, log Log) error
 type onHttpHeadersFunc[PluginConfig any] func(context HttpContext, config PluginConfig, log Log) types.Action
 type onHttpBodyFunc[PluginConfig any] func(context HttpContext, config PluginConfig, body []byte, log Log) types.Action
+type onHttpStreamDoneFunc[PluginConfig any] func(context HttpContext, config PluginConfig, log Log)
 
 type CommonVmCtx[PluginConfig any] struct {
 	types.DefaultVMContext
@@ -51,6 +52,7 @@ type CommonVmCtx[PluginConfig any] struct {
 	onHttpRequestBody     onHttpBodyFunc[PluginConfig]
 	onHttpResponseHeaders onHttpHeadersFunc[PluginConfig]
 	onHttpResponseBody    onHttpBodyFunc[PluginConfig]
+	onHttpStreamDone      onHttpStreamDoneFunc[PluginConfig]
 }
 
 func SetCtx[PluginConfig any](pluginName string, setFuncs ...SetPluginFunc[PluginConfig]) {
@@ -89,6 +91,12 @@ func ProcessResponseBodyBy[PluginConfig any](f onHttpBodyFunc[PluginConfig]) Set
 	}
 }
 
+func ProcessStreamDoneBy[PluginConfig any](f onHttpStreamDoneFunc[PluginConfig]) SetPluginFunc[PluginConfig] {
+	return func(ctx *CommonVmCtx[PluginConfig]) {
+		ctx.onHttpStreamDone = f
+	}
+}
+
 func parseEmptyPluginConfig[PluginConfig any](gjson.Result, *PluginConfig, Log) error {
 	return nil
 }
@@ -289,3 +297,13 @@ func (ctx *CommonHttpCtx[PluginConfig]) OnHttpResponseBody(bodySize int, endOfSt
 	}
 	return ctx.plugin.vm.onHttpResponseBody(ctx, *ctx.config, body, ctx.plugin.vm.log)
 }
+
+func (ctx *CommonHttpCtx[PluginConfig]) OnHttpStreamDone() {
+	if ctx.config == nil {
+		return
+	}
+	if ctx.plugin.vm.onHttpStreamDone == nil {
+		return
+	}
+	ctx.plugin.vm.onHttpStreamDone(ctx, *ctx.config, ctx.plugin.vm.log)
+}

test/ingress/conformance/tests/httproute-force-redirect-https.go

@@ -0,0 +1,67 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tests
+
+import (
+	"testing"
+
+	"github.com/alibaba/higress/test/ingress/conformance/utils/http"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/roundtripper"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/suite"
+)
+
+func init() {
+	HigressConformanceTests = append(HigressConformanceTests, HttpForceRedirectHttps)
+}
+
+var HttpForceRedirectHttps = suite.ConformanceTest{
+	ShortName:   "HttpForceRedirectHttps",
+	Description: " The ingress in the higress-conformance-infra namespace enforces server-side HTTPS with forced redirection.",
+	Manifests:   []string{"tests/httproute-force-redirect-https.yaml"},
+	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		testcases := []http.Assertion{
+			{
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Host:             "test.com",
+						Path:             "/test",
+						UnfollowRedirect: true,
+					},
+					RedirectRequest: &roundtripper.RedirectRequest{
+						Scheme: "https",
+						Host:   "test.com",
+						Path:   "/test",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 308,
+					},
+				},
+			},
+		}
+
+		t.Run("HTTPFORCEREDIRCTHTTPS", func(t *testing.T) {
+			for _, testcase := range testcases {
+				http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
+			}
+		})
+
+	},
+}

test/ingress/conformance/tests/httproute-force-redirect-https.yaml

@@ -0,0 +1,49 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  name: http-redirect-as-https
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - hosts:
+        - "test.com"
+      secretName: my-app-tls-secret
+  rules:
+    - host: "test.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/test"
+            backend:
+              service:
+                name: infra-backend-v1
+                port:
+                  number: 8080
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-tls-secret
+  namespace: higress-conformance-infra
+type: kubernetes.io/tls
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQxekNDQXIrZ0F3SUJBZ0lVWXh4dE1Ia0tIQXpxM25yUG0rd0Y2UEtNdmw4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWxOWU1Rc3dDUVlEVlFRSERBSllRVEVOTUFzRwpBMVVFQ2d3RVdGVlFWREVUTUJFR0ExVUVDd3dLVEVsT1ZWaEhVazlWVURFTU1Bb0dBMVVFQXd3RFJsbFVNU0F3CkhnWUpLb1pJaHZjTkFRa0JGaEZtWjNrNE9UTTJRR2R0WVdsc0xtTnZiVEFlRncweU16QTFNRGd4TkRVM016UmEKRncweU5EQTFNRGN4TkRVM016UmFNSHN4Q3pBSkJnTlZCQVlUQWtOT01Rc3dDUVlEVlFRSURBSlRXREVMTUFrRwpBMVVFQnd3Q1dFRXhEVEFMQmdOVkJBb01CRmhWVUZReEV6QVJCZ05WQkFzTUNreEpUbFZZUjFKUFZWQXhEREFLCkJnTlZCQU1NQTBaWlZERWdNQjRHQ1NxR1NJYjNEUUVKQVJZUlptZDVPRGt6TmtCbmJXRnBiQzVqYjIwd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEUEVHaDJxeFpFMmpJUnMvNkFXYkI2b3oxZQpic0c4enE0YWxLTzVUcjgzWFlrUzhOa2g4UkdiU1l3ODlVR3NBWmZ0WkFqT0M2Mml1aEVOUTUzZjhwTmoySWQ1Ck9PNGVhVDN6bndKQ0xGMmRHcThRZE90c1RjU09FZE11N2dORWVOZkxVeWRFNitnYjcxSi9PRkNlZTlQM1dWWWgKQ05adG1nYWcyWm0wQUZxT0F2b1hUV3lGdDBzWEYyVG90VENnWFhNM1kydmdCY3JRMHRTbllHZmVqOVRUcmpENgpGQTBTYmFlL0F6Y001cC9FNmdKNWFXREhLekY5c2lvOHRUOUZuN1Fzb3djR1BSTElOL1o3OGxhaEZITGpsVFBtCmZqUEFmdWVUWVYzY05ZNXRGNjZlV1duazI0WG4vTEFaSlhHU0hXRm5aWHhxZWIxQlBQQlRKSFpWNmFScEFnTUIKQUFHalV6QlJNQjBHQTFVZERnUVdCQlFScHRWS3hCNGpGTjJnZTAwVStBd3FLM2czTkRBZkJnTlZIU01FR0RBVwpnQlFScHRWS3hCNGpGTjJnZTAwVStBd3FLM2czTkRBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ2tJTVJKYzRqZWtCazZUTUVUckFmOWJiKzBMcVkyYi9EMUlXdjUycFZzRkNmeWRDQ0wKRS9KVU1USGpTUXZvd1FRSHh1S291d3VHd2VoVFVocHJISzNzUXptUnZLTkpMVGlkT0tlNWJSUEZuTEVCa1JMRQpnQ1hrRXFNY2dvSjlMdzQvWW5sVm5UakRxK1lVN21QUkJlV3U3WDNFTXE4MWpjNHg1RWtubDZXem95MjIxd1RKCkhMTEl2OGFsbTBuYzAzV2lBbVBsUGpLL3Z3N0lRNDlKMTlydnROMXNDQ2xyUDBSVyt1NjRQL0luL3pBeE1HMC8KeGkwTTdjYk1GYjh5UGFDeERPWVQ0enljdWRUWlhNS0FReDRxLzRhYVpRK1oxV2FBTkVtQi9OM1hNTHBTTUZJaApEdjdCbUVVOWRSUkx6dklQMHIxNDlKNnlaZ2VQYzc2WWR5R0oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFBFR2gycXhaRTJqSVIKcy82QVdiQjZvejFlYnNHOHpxNGFsS081VHI4M1hZa1M4TmtoOFJHYlNZdzg5VUdzQVpmdFpBak9DNjJpdWhFTgpRNTNmOHBOajJJZDVPTzRlYVQzem53SkNMRjJkR3E4UWRPdHNUY1NPRWRNdTdnTkVlTmZMVXlkRTYrZ2I3MUovCk9GQ2VlOVAzV1ZZaENOWnRtZ2FnMlptMEFGcU9Bdm9YVFd5RnQwc1hGMlRvdFRDZ1hYTTNZMnZnQmNyUTB0U24KWUdmZWo5VFRyakQ2RkEwU2JhZS9BemNNNXAvRTZnSjVhV0RIS3pGOXNpbzh0VDlGbjdRc293Y0dQUkxJTi9aNwo4bGFoRkhMamxUUG1malBBZnVlVFlWM2NOWTV0RjY2ZVdXbmsyNFhuL0xBWkpYR1NIV0ZuWlh4cWViMUJQUEJUCkpIWlY2YVJwQWdNQkFBRUNnZ0VBRSs5UzkxWEtXNCtjTVdzZ1RmQVVsd0gvUndlbnZFc3pwTmg1bUw0Vmw3bDQKR0d3Nm8xTm5yQWtkS01NOTh0Ym1ieExwN0JoZ3U2RnBRZHNvS0diY3ZNaWNabFhPU3Z3NzNDZ0xXaDZXVnFrNgpnSDJaS3NDajh6K1JFdHdVVVhQRzVzclhKWUlHd3lXN3pnYTRjRUdncXhnZFBDbnpKdk1rdnppajNSb0puZEZNCktMMjBjeDArUDROMnZLem1FSDJaYmZLUUo0bXlpTlUzdTFjWE14L1hhU04yczJNSExqNHVZemFJV0Q1clU0S1YKOHVrTmNnT3ZFSHl1eUFYcGgyYlVXdjVMcWIvWnFuQnVqVDI1ZFF6Zk43NC81a3grR1dNVkpVMXM1cUFqOEVyMApWZXhhK0FkMU9hM2JTMktEVGt4MHROQVZ1NGprT2tLSkZxVWJjc2RtendLQmdRRHl1T2diSW9CcVY2NjRLTVhlCk1lendkRGVLdTV3dkhUUEhDQStnQlRkbE5Kb1orS3g2Z2FVOXhsN0o2Q0pIcXB2Ti8xdGZFdVY1bzMySmhMdzEKQWtJMDY1ODQ3Slgyb1BvWDFYdU4xelJNUjk4bW05YWkvNk10d20vYWpoOVdKNnhKV2tCYUpyVXB1UGV5K2d5QQp6cDRhSXFCY2xXUjJWK0dkS3RHODROeWNKd0tCZ1FEYVpDUjVMVzBSMmc2bTNHUk9nQS9vY0RMTEM3V0ovVzliCkxUcTZLcndWYlVKUFUvRk1IbG1wb3NBOHY0dUp2MklnM0FwTXphL0JJd2FCUHMvUXArN1hrZVI1em5MbEg2RlEKK3VNQnVRRDhBRXQxZTZiVzJYQkpCcDZjemJXMmF1bjYvUEd3WmpCZkdYT0RQNXJVWHFQNkpiZ2pqMjdwL2RYMwpFVzUrVGlyRTd3S0JnRjdLSzRyOVRGMDdaUFp5cGVPQ1o5LzM0d0VCQjV1MnNkUFdxQk44TmdnR0pQQmpseWc0Cm5VbWt3THZsTmczNjZPSG9DY3oxV2p6SXhtd0FOR2dYTzdmakZNbHNTNXlIZldQMWNVMFJjRkVoK0ZuaG5rOEYKdXJwU0p0Q1psRTlYS3dkeWdaTXpicWllbmMxOXJZaFlLSkpZVjN3UXM2MHI0T1k2SkxLNHRpOGRBb0dCQUpjeQpyK0hKWm5MdWtpaEorNVF4cTFIVXBBWFpkSFUxcGl2czAzVGljMWN1VHJOWFBYN2lvRmNHbTZzelBlcy9PalBmCnc2M0sxYnlVZ0VObzlqM1NsbFJlNkZ6QVp1RmtsYTNZRk9RemJwQUpzRFNGU0V3RlBHMENqVHVvVy84UVpDL2wKZ1hzTU5MOFNndHZDWkhKVmw1ZHZGOTVleG41dncvd0s4SUczb25xM0FvR0FiYVV6UGZJWkRiTlJvM2tKeEZxawoxellzd3ZUUTdqU1lvMGlSbUVNSG9KTStvYWJPaFZjN0NZSjFoK1ZXelBmWXJCUFE5VEZjZEI3b1hueW9OTlZOClBjdGtUYXc1LyszNWdJWThHcmJsdzlqWmtmalFFVDJPNkFmMG5tQTd4a1F2djZkZkgzQTI0WlRyTExrY0pJTzYKZGVtNFpXbitiUWFRNnBvYThJdngvelU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K

test/ingress/conformance/tests/httproute-redirct-as-https.yaml

@@ -0,0 +1,50 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  name: http-redirect-as-https
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - hosts:
+        - "test.com"
+      secretName: my-app-tls-secret
+  rules:
+    - host: "test.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/test"
+            backend:
+              service:
+                name: infra-backend-v1
+                port:
+                  number: 8080
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-tls-secret
+  namespace: higress-conformance-infra
+type: kubernetes.io/tls
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzVENDQXBtZ0F3SUJBZ0lVUGRDZENSdm1pbVZwK2VCcTMxUm9oZ1JsYTBzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2FERUxNQWtHQTFVRUJoTUNZWE14RERBS0JnTlZCQWdNQTJSaGN6RU1NQW9HQTFVRUJ3d0RZWE5rTVF3dwpDZ1lEVlFRS0RBTmhaSE14RERBS0JnTlZCQXNNQTNwNFl6RU5NQXNHQTFVRUF3d0VZWGRsY2pFU01CQUdDU3FHClNJYjNEUUVKQVJZRGNYZGxNQjRYRFRJek1EVXlNREEzTVRRd09Wb1hEVEkwTURVeE9UQTNNVFF3T1Zvd2FERUwKTUFrR0ExVUVCaE1DWVhNeEREQUtCZ05WQkFnTUEyUmhjekVNTUFvR0ExVUVCd3dEWVhOa01Rd3dDZ1lEVlFRSwpEQU5oWkhNeEREQUtCZ05WQkFzTUEzcDRZekVOTUFzR0ExVUVBd3dFWVhkbGNqRVNNQkFHQ1NxR1NJYjNEUUVKCkFSWURjWGRsTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExeHB6Z21UVzdwQmUKa3ZlRkRBU0JZLzdpZmxvWFk1T0x3OUZwOXJqZHNMRmh5Y1dPR0U5NHJ1RmhDSkVqYmNzQW5URHZOKzg4WVRzOApkV2tWbVArQ1RQQjVoN2EvZmJtelJPYVE5SjVDQXhqaGJuRGhCc3YrYVpzeVlhVzBHQkp3Y3h6U1RoVUJpbm9aCmJwYUhvU1QxUjBlZ0FHQ2lkWk4wU2xDMW9KYmxOMHJoOGxKNUROcWxWSnBYejUxaGdLU1NmSm1UcElRQkhBQVkKSDVMUU1CTCtQem9INy83cWhUSUVaWWJvU0o2ajV1ZDc1YUZzVVhndmdLWFgvZ2JZTHlaQ0ljTXUyR2YzRjQ5bwoyc1QwdFZzQmxHbWsrVkswcmgxSi9xQjBWNDBheU8xR3NFalRhelBLUitrYTZJS1N6SjJLVkJadCtHQTdGMUkrCmlHOXcrVDQwVFFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVTFLZSs3aHZTaTljRjhXM2hZTW5hd0NKblcwVXcKSHdZRFZSMGpCQmd3Rm9BVTFLZSs3aHZTaTljRjhXM2hZTW5hd0NKblcwVXdEd1lEVlIwVEFRSC9CQVV3QXdFQgovekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQ3JGQU1KV3g1QThsaXVLY1NETmlWY0Rvem5sU1p6cFYyeGRNCnpkSU5SRytFVXFzV3lpekNtWk5rSUMyV0lKTWhNdVBkOWhJdTZ3cWd5YjJaNnN3MmdjOXpwVnpsbkRKYlUwSlUKZEZJZDFuYmtQRG01ekk3NzAyRTk0eVZqUUs5ZllRVDU3cHFTdlkvOUpSeXRpcGdpdnAxMGR2UC95NUpocDVBawo3VHNQcnZ2K3gzWGhLYTRwRG40eEhzZHp4MGx0ZHdUdExiaWFGU1IwUHpBZzdpOUNsbjQ5aWRRd3YxaHpaNTV5CkFtOStESHhmTkgreGFIYk9zWTJFRHpiZ0FxR0JMaTNEMmtxMkdRREFmRDdOdGovRUNlODl1bG5zSWpMajB5YmUKNWR0QzRXYndBNER3UHBFWUJvbTFTZmdxQlJSSG5seTVIMUxZMS80ZnpUZkNIYkFtdWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFhHbk9DWk5idWtGNlMKOTRVTUJJRmovdUorV2hkams0dkQwV24ydU4yd3NXSEp4WTRZVDNpdTRXRUlrU050eXdDZE1PODM3enhoT3p4MQphUldZLzRKTThIbUh0cjk5dWJORTVwRDBua0lER09GdWNPRUd5LzVwbXpKaHBiUVlFbkJ6SE5KT0ZRR0tlaGx1CmxvZWhKUFZIUjZBQVlLSjFrM1JLVUxXZ2x1VTNTdUh5VW5rTTJxVlVtbGZQbldHQXBKSjhtWk9raEFFY0FCZ2YKa3RBd0V2NC9PZ2Z2L3VxRk1nUmxodWhJbnFQbTUzdmxvV3hSZUMrQXBkZitCdGd2SmtJaHd5N1laL2NYajJqYQp4UFMxV3dHVWFhVDVVclN1SFVuK29IUlhqUnJJN1Vhd1NOTnJNOHBINlJyb2dwTE1uWXBVRm0zNFlEc1hVajZJCmIzRDVQalJOQWdNQkFBRUNnZ0VBTVRZT2ZpTDIzejV0UEo5Zk0zZ21hQXVzb3E2VzBrT3p3cGw2N2lTdUoxbjEKbnRWUkpIT3VEd2htRERFMFUwNlJ0ZVMzbmVyZ08vaHk1UU9sR3NzOThyOURkbzZUTWI3VjZpbjd1Tk1xRkE1UgpxTlF2VDBCRlZNRGFYbWVzRTZQSVVUV2pVWlRSdE80cE9sazY3MTJHdGdlSGJmNnR2RXQvVys4cUZuTGZQdTQ1Cm50Nld6NzgrRkVuUW5qWVk3R1N4bTlaVFEraUw3VGMyR09MMUFjdkxVcmV1VS9aMXNwTVFPTFRUUzBLbkJka0YKY0FVeFBkNGpnZ3lwbGNpSHBQaktNNG1VRGkvSDluTWFjNyt4K08zZFZCNXlpb2xLREJCOHUybDIvb3BPSzVVZwpTSUg0ajVqU1NJY3lNNUNSdkFpR2Q3eE9HaE1Zb3hQV1FNNnduNGMyMFFLQmdRRFpEbkc5TmNTeHVSbnNUSVFMCnZIMForUWFMZmZ4WGF6eWswM21NMldiOWd3NEoxOGF5ZlF4STk2RU13VXd5ODJkRFh5QldzWFgxK0NxMnd2ZUUKMnB1cU1kV3pvUWI4UnZlOVJ6RDlwM0Z1V2kyR3BmL3JsWkVmZ1lRek1FWENtWnN0VlVDZXo5aVZVdW5ZQzRoZQovNU83Zm12VkVlQ1k3TUFIT2JtWUNOWmNtUUtCZ1FEOXNreTdqNjViai9ZYzlER2pQVzNraUZKeWl5YU9rb2dQCnVtbk5vQ2w4bHhIZ2d1Ym8wT3pubEFZQ0M5V3pxTmdBa3E4eWNlMkdTVkFEOTNoZisycDNON3lGRktMS0I3L0YKTlFsUHMyV2pyK25DUytxSHBSdnpQUjgzN01DUkZnbVlxRlNlaXE5NlcyeStwVTJBYVJkQTlqYWtPeWd0TGl5YQpSbHFDeWNVUjFRS0JnUUROWXBLVFpGWmJpUGdUbFk5NC80RXMyMnVyQUtxUEdhVEhubWVzdEdaMHlkYTF6NXh2CmRrM3ltWWFsNkI0dk5BeHBQcEQrRjJ1ME5JQk9jWXYvQlZBNHFuRTVTTXl3V0lMQmNxVFR6K1pRY2pvVDUrMlMKd1BNU2FkNXJCV2x0S3lZZnJrUzRRWm9DS2ZPbC83dXBrSkw4M2pJdzZucW9tWlZYQVBNeC9tTEFPUUtCZ1FDQQpWeXplVGNlRTVvVTVESWYzN3VHakZSdXdlcGljMDZBbFpNYVZrWXFyVHJscWZJNVlCU2x6MWJ4Y1dLUlphUGN0CkF3ZkNXMFF3QlBLSHJ5K2tUc29EV1p6ekxnZFVjU3NnbHI0SkpkWXJRcGpkQkE2M1pGMkpaY2hmUUZRQ2tjVjEKQnVNWCtVemdkMVBCOWxvSXRpRmZhYThtMGc1M0hMN1BwUHV3NG1YaHFRS0JnQmY5NGRrTXplUW44SDBrK2xXcQpJV3lJaGtqOHpNUmw2ODNzRFFOQUdSYngyTnR2RjYyL2dUK1ZJSXdmSzV5MmI4WXEwNFVEQy9rL1hkK0lBc3dVClFTRGdUVFpmYzZkUkVtRU8zc0M0a0xYa1N3Y1BQZmcvTC92T29YRDJiZWxmWUFtaHhSUnByQ0p4ZVowRVBvRUEKc25RblpMN1VsZCtSTmF3dmJNR05XTXJiCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+

test/ingress/conformance/tests/httproute-redirect-as-https.go

@@ -0,0 +1,67 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tests
+
+import (
+	"testing"
+
+	"github.com/alibaba/higress/test/ingress/conformance/utils/http"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/roundtripper"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/suite"
+)
+
+func init() {
+	HigressConformanceTests = append(HigressConformanceTests, HttpRedirectAsHttps)
+}
+
+var HttpRedirectAsHttps = suite.ConformanceTest{
+	ShortName:   "HttpRedirectAsHttps",
+	Description: "The Ingress in the higress-conformance-infra namespace Server-side HTTPS enforcement through redirect.",
+	Manifests:   []string{"tests/httproute-redirct-as-https.yaml"},
+	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		testcases := []http.Assertion{
+			{
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Host:             "test.com",
+						Path:             "/test",
+						UnfollowRedirect: true,
+					},
+					RedirectRequest: &roundtripper.RedirectRequest{
+						Scheme: "https",
+						Host:   "test.com",
+						Path:   "/test",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 308,
+					},
+				},
+			},
+		}
+
+		t.Run("HTTPREDIRCTASHTTPS", func(t *testing.T) {
+			for _, testcase := range testcases {
+				http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
+			}
+		})
+
+	},
+}

test/ingress/e2e_test.go

@@ -70,6 +70,8 @@ func TestHigressConformanceTests(t *testing.T) {
 		tests.HTTPRouteWhitelistSourceRange,
 		tests.HTTPRouteCanaryWeight,
 		tests.HTTPRouteMatchPath,
+		tests.HttpForceRedirectHttps,
+		tests.HttpRedirectAsHttps,
 	}
 
 	cSuite.Run(t, higressTests)