mirror of
https://github.com/alibaba/higress.git
synced 2026-06-26 02:35:02 +08:00
113 lines
3.0 KiB
Go
113 lines
3.0 KiB
Go
// Copyright (c) 2022 Alibaba Group Holding Ltd.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package annotations
|
|
|
|
import "testing"
|
|
|
|
func TestSSLPassthroughParse(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
input Annotations
|
|
enabled bool
|
|
exists bool
|
|
}{
|
|
{
|
|
name: "missing",
|
|
input: Annotations{},
|
|
},
|
|
{
|
|
name: "enabled by nginx annotation",
|
|
input: Annotations{
|
|
buildNginxAnnotationKey(sslPassthroughAnnotation): "true",
|
|
},
|
|
enabled: true,
|
|
exists: true,
|
|
},
|
|
{
|
|
name: "enabled by higress annotation",
|
|
input: Annotations{
|
|
buildHigressAnnotationKey(sslPassthroughAnnotation): "true",
|
|
},
|
|
enabled: true,
|
|
exists: true,
|
|
},
|
|
{
|
|
name: "disabled by nginx annotation",
|
|
input: Annotations{
|
|
buildNginxAnnotationKey(sslPassthroughAnnotation): "false",
|
|
},
|
|
exists: true,
|
|
},
|
|
{
|
|
name: "disabled by higress annotation",
|
|
input: Annotations{
|
|
buildHigressAnnotationKey(sslPassthroughAnnotation): "false",
|
|
},
|
|
exists: true,
|
|
},
|
|
}
|
|
|
|
parser := sslPassthrough{}
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
config := &Ingress{}
|
|
if err := parser.Parse(tc.input, config, nil); err != nil {
|
|
t.Fatalf("Parse() error = %v", err)
|
|
}
|
|
if tc.exists && config.SSLPassthrough == nil {
|
|
t.Fatal("expected ssl passthrough config")
|
|
}
|
|
if !tc.exists && config.SSLPassthrough != nil {
|
|
t.Fatal("unexpected ssl passthrough config")
|
|
}
|
|
if tc.exists && config.SSLPassthrough.Enabled != tc.enabled {
|
|
t.Fatalf("enabled mismatch, want %v, got %v", tc.enabled, config.SSLPassthrough.Enabled)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSSLPassthroughDoesNotSetUpstreamTLS(t *testing.T) {
|
|
parser := sslPassthrough{}
|
|
config := &Ingress{}
|
|
err := parser.Parse(Annotations{
|
|
buildNginxAnnotationKey(sslPassthroughAnnotation): "true",
|
|
}, config, nil)
|
|
if err != nil {
|
|
t.Fatalf("Parse() error = %v", err)
|
|
}
|
|
if config.UpstreamTLS != nil {
|
|
t.Fatal("unexpected upstream tls config")
|
|
}
|
|
}
|
|
|
|
func TestSSLPassthroughKeepsExplicitBackendProtocol(t *testing.T) {
|
|
manager := NewAnnotationHandlerManager()
|
|
config := &Ingress{}
|
|
err := manager.Parse(Annotations{
|
|
buildNginxAnnotationKey(sslPassthroughAnnotation): "true",
|
|
buildNginxAnnotationKey(backendProtocol): "HTTPS",
|
|
}, config, nil)
|
|
if err != nil {
|
|
t.Fatalf("Parse() error = %v", err)
|
|
}
|
|
if config.UpstreamTLS == nil {
|
|
t.Fatal("expected upstream tls config")
|
|
}
|
|
if config.UpstreamTLS.BackendProtocol != "HTTPS" {
|
|
t.Fatalf("backend protocol mismatch, want HTTPS, got %s", config.UpstreamTLS.BackendProtocol)
|
|
}
|
|
}
|