add integration test for a single instance w/ many certificates

parent 31299c34
Pipeline #64005939 failed with stages
in 8 minutes and 9 seconds
......@@ -9,6 +9,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/tsuru/nginx-operator/pkg/apis/nginx/v1alpha1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
......@@ -24,6 +25,7 @@ func TestMain(m *testing.M) {
}
os.Exit(m.Run())
}
func Test_Operator(t *testing.T) {
cleanup, err := createNamespace(testingNamespace)
if err != nil {
......@@ -42,6 +44,60 @@ func Test_Operator(t *testing.T) {
assert.Equal(t, 2, len(nginx.Status.Pods))
assert.Equal(t, 1, len(nginx.Status.Services))
})
t.Run("with-certificates.yaml", func(t *testing.T) {
err = apply("testdata/with-certificates.yaml", testingNamespace)
require.NoError(t, err)
nginx, err := getReadyNginx("my-secured-nginx", 1, 1)
require.NoError(t, err)
require.NotNil(t, nginx)
assert.Equal(t, "nginx:alpine", nginx.Spec.Image)
defer func() {
err = delete("testdata/with-certificates.yaml", testingNamespace)
require.NoError(t, err)
}()
nginxService := corev1.Service{TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "Service"}}
err = get(&nginxService, "my-secured-nginx-service", nginx.Namespace)
require.NoError(t, err)
assert.NotNil(t, nginxService)
assert.Equal(t, int32(80), nginxService.Spec.Ports[0].Port)
assert.Equal(t, int32(443), nginxService.Spec.Ports[1].Port)
podName := nginx.Status.Pods[0].Name
err = waitPodBeAvailable(podName, testingNamespace)
require.NoError(t, err)
tests := []struct{
filename string
expectedSha256 string
}{
{
filename: "/etc/nginx/certs/rsa.crt",
expectedSha256: "f50457089e715bbc9d5a31a16cf53cc2f13a68333df71559bb5d06be2d2b8a63",
},
{
filename: "/etc/nginx/certs/rsa.key",
expectedSha256: "18580c25b2807b4c95502dd7051d414299e40d8d14024ad5d69c9915ec41e66e",
},
{
filename: "/etc/nginx/certs/custom_dir/custom_name.crt",
expectedSha256: "159af275ab3b22d9737617e51daca64efafb48287ecb3650661d2116cb4ef0c9",
},
{
filename: "/etc/nginx/certs/custom_dir/custom_name.key",
expectedSha256: "253b9795dcd80c493dcfade6b3dc5506fac1a38850abaa4e639fada5ea3dad5e",
},
}
for _, tt := range tests {
output, err := kubectl("exec", podName, "-n", testingNamespace, "--", "sha256sum", tt.filename)
require.NoError(t, err)
assert.Contains(t, string(output), tt.expectedSha256)
}
})
}
func getReadyNginx(name string, expectedPods int, expectedSvcs int) (*v1alpha1.Nginx, error) {
......@@ -62,3 +118,19 @@ func getReadyNginx(name string, expectedPods int, expectedSvcs int) (*v1alpha1.N
}
}
}
func waitPodBeAvailable(name, namespace string) error {
timeout := time.After(5 * time.Minute)
pingMessage := "PING"
for {
output, err := kubectl("exec", name, "-n", namespace, "--", "echo", "-n", pingMessage)
if err == nil && string(output) == pingMessage {
return nil
}
select {
case <-timeout:
return fmt.Errorf("Timeout waiting pod %q becomes available. Last output: %s. Last error: %v", name, string(output), err)
case <-time.After(100 * time.Millisecond):
}
}
}
apiVersion: v1
kind: Secret
metadata:
name: my-secured-nginx-certs
data:
rsa.crt: |-
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI5VENDQVY2Z0F3SUJBZ0lSQUlEMmNIZVFN
Y2MvU2R2NXMyYjlCL0F3RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQ2hNSFFXTnRa
U0JEYnpBZUZ3MHhPVEExTXpBeE9USXpNakJhRncweU1EQTFNamt4T1RJegpNakJhTUJJeEVEQU9C
Z05WQkFvVEIwRmpiV1VnUTI4d2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKCkFvR0JB
SzRYaWFjdDh0U1liS0ZQVzE3Qk9mWFpBUm9LWTVIdWNWZVdnN1lLK2pSSEJCelVlZy93SGFtUTJZ
aUUKRVVaM1NKZVVkUWRFaC9nT3hPajBsVmtZcjhKN2FxdzVQOGpFVFc1OGRHZ3BuQ0U3bXFQU2tq
UDJvbGdvSXZiZwplSHcwQ1NEdzBJMDQ2WUJ5czZLTGJDZ3pPS0tRZU4yczBXM1pueVhtMDUyYXpn
S3JBZ01CQUFHalN6QkpNQTRHCkExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJn
RUZCUWNEQVRBTUJnTlZIUk1CQWY4RUFqQUEKTUJRR0ExVWRFUVFOTUF1Q0NXeHZZMkZzYUc5emRE
QU5CZ2txaGtpRzl3MEJBUXNGQUFPQmdRQ2tHYWkvRlBBRgpXSmVsaGF3TjM4T29JZWdOQUJjZGM4
STV0c25MNjY2N3NSNWxyaDRTRmE1b1U5N09oWEVWSG0xT2Y3N1F4TzZQCkQ5dmsxNmVsQUp3UUNr
MzByQTJZR1ZFVFgxTytEZndER1FGempubG5pNE9lSzZjZmR1Nk5DUUxaOGt0NTRuZlcKUTNvdkVy
Yy9FbCtLNllZcmxjMjU5SmROTkhwMk02Nmpqdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
rsa.key: |-
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWFFJQkFBS0JnUUN1RjRtbkxmTFVt
R3loVDF0ZXdUbjEyUUVhQ21PUjduRlhsb08yQ3ZvMFJ3UWMxSG9QCjhCMnBrTm1JaEJGR2QwaVhs
SFVIUklmNERzVG85SlZaR0svQ2UycXNPVC9JeEUxdWZIUm9LWndoTzVxajBwSXoKOXFKWUtDTDI0
SGg4TkFrZzhOQ05PT21BY3JPaWkyd29Nemlpa0hqZHJORnQyWjhsNXRPZG1zNENxd0lEQVFBQgpB
b0dBTWtuRVRwRjhTcUw1QmlPNVBnYk02bEpUK2lTMEhHeG5PeWpVUlJxb3FiODExZW9lbEVvRkYz
MHJDVDgxCkNramNwRVNUQlpWclBXRnV5ZWdVMkJiRWRneGJnS2lYVEVHM05MOFZCZzR1SmcwZWZR
R2V3S1dUNkdObS9GSC8KcnplOEI2NDNyZTIxckNBUlYzV0ZONTRjNDRBQ2lqQkhFMW4rc3daMFFH
V0FUaEVDUVFEUHN5M1ZrTE90SjZxTApjK1dQUnFaYlMzNG5jZGZDS2grZGd6WFhBZVNlVkdRc3VX
SndmbTYxT0FRWXFnb1RLTG9aZXNTZlIzMW4rNzJQCk5uOEpXWVdqQWtFQTFwT2FuNnZ2QXBLMldO
d3pHWC9lN1lBSHhLSTNTSVF6MkVzOWh5dkxiTzV5Y1B6eHgyKzgKcFEzdHJpQ3h1Tmx1RWtZMlZR
czFhTURPVFZHMGJsNFBXUUpBSFlpbUFOTkZxVjZWa3FUVlJLMVFKSFUwcUJrNQpDK1AvZ045U2Za
TklWZmM4RTF2OUVtLzRBQTdLRGxQSGdQZnVsb2J0aEpTZTBYVnJlL3pNemFDTUx3SkJBTlI1CmZw
QURrWDJMeDNLQVFUMUx5SFNHNWFwSk10TGt6ZTJzdTNWZzRXT3hUYk1pVlV1MkVpZWlmaXVCaGxw
VE8xSnYKSWhmZUxIblpDYSs0YXlFcWxLa0NRUURDZTdUeFJRdzhJTk9BZWZrNGRSTU91NHM0SmM0
YjZHTVJodGJydTB4bgo5R1Z5bUNXa2dwT0EvcUZzWE4yVTREd0kxMTlrL2hOZjJQdjAxaDM4VVZW
MgotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
ecdsa.crt: |-
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJiRENDQVJPZ0F3SUJBZ0lRSE9PYUM0ZGRJ
RVJ1T2JPYXhEdU0wakFLQmdncWhrak9QUVFEQWpBU01SQXcKRGdZRFZRUUtFd2RCWTIxbElFTnZN
QjRYRFRFNU1EVXpNREU1TWpVeU0xb1hEVEl3TURVeU9URTVNalV5TTFvdwpFakVRTUE0R0ExVUVD
aE1IUVdOdFpTQkRiekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSU1oCnB2MWFG
QnhNcTNVelc2c0VLYXJ3YU10dlJRczRSQXZrL2FuTUx5U3IwOWJFa05GKzNjN3c3UDZ0NlJ5d0o4
MnIKUkt2UWg4TjNIalZGWHpXYmp5NmpTekJKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhT
VUVEREFLQmdncgpCZ0VGQlFjREFUQU1CZ05WSFJNQkFmOEVBakFBTUJRR0ExVWRFUVFOTUF1Q0NX
eHZZMkZzYUc5emREQUtCZ2dxCmhrak9QUVFEQWdOSEFEQkVBaUJTUXVXWVlJNlRTdmZWdHl4eHIv
UjlkT2piajFVUUNBMWU1S2RoTUxmS2lRSWcKWS9aN1oxa0VUczBpOXRUeE4zNEpidDMwN29vTm55
WnFLVnlHbmZyMm1Xbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
ecdsa.key: |-
LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhhL3BuY1BCZzdqNkdaNi95
S1MxRDNLR2dibXVtT0k2ZjE2ZElFRmxjNXVvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFZ3lHbS9W
b1VIRXlyZFROYnF3UXBxdkJveTI5RkN6aEVDK1Q5cWN3dkpLdlQxc1NRMFg3ZAp6dkRzL3EzcEhM
QW56YXRFcTlDSHczY2VOVVZmTlp1UExnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
---
apiVersion: nginx.tsuru.io/v1alpha1
kind: Nginx
metadata:
name: my-secured-nginx
spec:
image: nginx:alpine
certificates:
secretName: my-secured-nginx-certs
items:
- certificateField: rsa.crt
keyField: rsa.key
- certificateField: ecdsa.crt
certificatePath: custom_dir/custom_name.crt
keyField: ecdsa.key
keyPath: custom_dir/custom_name.key
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment