mirror of
https://github.com/alibaba/higress.git
synced 2026-04-21 03:57:28 +08:00
88 lines
3.0 KiB
Go
88 lines
3.0 KiB
Go
// Copyright (c) 2025 Alibaba Group Holding Ltd.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package tests
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/alibaba/higress/v2/pkg/ingress/kube/configmap"
|
|
"github.com/alibaba/higress/v2/test/e2e/conformance/utils/envoy"
|
|
"github.com/alibaba/higress/v2/test/e2e/conformance/utils/kubernetes"
|
|
"github.com/alibaba/higress/v2/test/e2e/conformance/utils/suite"
|
|
)
|
|
|
|
func init() {
|
|
Register(ConfigMapMcpRedisSecret)
|
|
}
|
|
|
|
var ConfigMapMcpRedisSecret = suite.ConformanceTest{
|
|
ShortName: "ConfigMapMcpRedisSecret",
|
|
Description: "Envoy MCP session filter should resolve Redis password from Kubernetes secret and react to updates",
|
|
Manifests: []string{"tests/configmap-mcp-redis-secret.yaml"},
|
|
Features: []suite.SupportedFeature{suite.EnvoyConfigConformanceFeature},
|
|
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
|
|
const (
|
|
configMapNamespace = "higress-system"
|
|
configMapName = "higress-config"
|
|
configMapKey = "higress"
|
|
secretNamespace = "higress-system"
|
|
secretName = "redis-credentials"
|
|
secretKey = "password"
|
|
|
|
initialSecretValue = "InitialSecretFromSecret123"
|
|
updatedSecretValue = "UpdatedSecretFromSecret456"
|
|
)
|
|
|
|
higressCfg := &configmap.HigressConfig{
|
|
McpServer: &configmap.McpServer{
|
|
Enable: true,
|
|
SSEPathSuffix: "/sse",
|
|
Redis: &configmap.RedisConfig{
|
|
Address: "redis:6379",
|
|
PasswordSecret: &configmap.SecretKeyReference{
|
|
Name: secretName,
|
|
Key: secretKey,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
err := kubernetes.ApplyConfigmapDataWithYaml(t, suite.Client, configMapNamespace, configMapName, configMapKey, higressCfg)
|
|
require.NoErrorf(t, err, "failed to update %s/%s", configMapNamespace, configMapName)
|
|
|
|
assertRedisPassword := func(password string) {
|
|
envoy.AssertEnvoyConfig(t, suite.TimeoutConfig, envoy.Assertion{
|
|
Path: `configs.#(@type=="type.googleapis.com/envoy.admin.v3.EcdsConfigDump").` +
|
|
`ecds_filters.#(ecds_filter.name=="golang-filter-mcp-session").` +
|
|
`ecds_filter.typed_config.plugin_config.value.redis`,
|
|
CheckType: envoy.CheckTypeMatch,
|
|
TargetNamespace: configMapNamespace,
|
|
ExpectEnvoyConfig: map[string]interface{}{
|
|
"password": password,
|
|
},
|
|
})
|
|
}
|
|
|
|
assertRedisPassword(initialSecretValue)
|
|
|
|
err = kubernetes.ApplySecret(t, suite.Client, secretNamespace, secretName, secretKey, updatedSecretValue)
|
|
require.NoErrorf(t, err, "failed to update %s/%s secret", secretNamespace, secretName)
|
|
|
|
assertRedisPassword(updatedSecretValue)
|
|
},
|
|
}
|