open-consul/test/integration/connect/envoy/case-ingress-gateway-sds/verify.bats

#!/usr/bin/env bats

load helpers

@test "ingress proxy admin is up on :20000" {
  retry_default curl -f -s localhost:20000/stats -o /dev/null
}

@test "s1 proxy admin is up on :19000" {
  retry_default curl -f -s localhost:19000/stats -o /dev/null
}

@test "s2 proxy admin is up on :19001" {
  retry_default curl -f -s localhost:19001/stats -o /dev/null
}

@test "s1 proxy listener should be up and have right cert" {
  assert_proxy_presents_cert_uri localhost:21000 s1
}

@test "s2 proxy listener should be up and have right cert" {
  assert_proxy_presents_cert_uri localhost:21001 s2
}

@test "ingress-gateway should have healthy endpoints for s1" {
   assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
}

@test "ingress-gateway should have healthy endpoints for s2" {
   assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s2 HEALTHY 1
}

@test "ingress should be able to connect to s1 using Host header" {
  assert_expected_fortio_name s1 https://s1.ingress.consul 9999
}

@test "ingress should be able to connect to s2 using Host header" {
  assert_expected_fortio_name s2 https://s2.ingress.consul 9999
}

@test "ingress should be able to connect to s1 using a user-specified Host" {
  assert_expected_fortio_name s1 https://foo.example.com 9998
}

@test "ingress should serve SDS-supplied cert for wildcard service" {
  # Make sure the Cert was the one SDS served and didn't just happen to have the
  # right domain from Connect.
  assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
    localhost:9999 '*.ingress.consul'
}

@test "ingress should serve SDS-supplied cert for specific service" {
  # Make sure the Cert was the one SDS served and didn't just happen to have the
  # right domain from Connect.
  assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
    localhost:9998 foo.example.com
}

@test "ingress should serve SDS-supplied cert for second specific service on same http listener" {
  # Make sure the Cert was the one SDS served and didn't just happen to have the
  # right domain from Connect. This also ensures that listeners work when we've
  # had to split their routing tables due to different certs for different
  # hostnames.
  assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
    localhost:9998 www.example.com
}
Add basic integration test for Envoy ingress with SDS 2021-08-24 12:48:30 +00:00			`#!/usr/bin/env bats`

			`load helpers`

			`@test "ingress proxy admin is up on :20000" {`
			`retry_default curl -f -s localhost:20000/stats -o /dev/null`
			`}`

			`@test "s1 proxy admin is up on :19000" {`
			`retry_default curl -f -s localhost:19000/stats -o /dev/null`
			`}`

			`@test "s2 proxy admin is up on :19001" {`
			`retry_default curl -f -s localhost:19001/stats -o /dev/null`
			`}`

			`@test "s1 proxy listener should be up and have right cert" {`
			`assert_proxy_presents_cert_uri localhost:21000 s1`
			`}`

			`@test "s2 proxy listener should be up and have right cert" {`
			`assert_proxy_presents_cert_uri localhost:21001 s2`
			`}`

			`@test "ingress-gateway should have healthy endpoints for s1" {`
			`assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1`
			`}`

			`@test "ingress-gateway should have healthy endpoints for s2" {`
			`assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s2 HEALTHY 1`
			`}`

			`@test "ingress should be able to connect to s1 using Host header" {`
			`assert_expected_fortio_name s1 https://s1.ingress.consul 9999`
			`}`

			`@test "ingress should be able to connect to s2 using Host header" {`
			`assert_expected_fortio_name s2 https://s2.ingress.consul 9999`
			`}`

			`@test "ingress should be able to connect to s1 using a user-specified Host" {`
			`assert_expected_fortio_name s1 https://foo.example.com 9998`
			`}`

			`@test "ingress should serve SDS-supplied cert for wildcard service" {`
			`# Make sure the Cert was the one SDS served and didn't just happen to have the`
			`# right domain from Connect.`
			`assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \`
Add Envoy integration test for split-route SDS case 2021-09-23 09:17:03 +00:00			`localhost:9999 '*.ingress.consul'`
Add basic integration test for Envoy ingress with SDS 2021-08-24 12:48:30 +00:00			`}`

			`@test "ingress should serve SDS-supplied cert for specific service" {`
			`# Make sure the Cert was the one SDS served and didn't just happen to have the`
			`# right domain from Connect.`
			`assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \`
			`localhost:9998 foo.example.com`
			`}`
Add Envoy integration test for split-route SDS case 2021-09-23 09:17:03 +00:00
			`@test "ingress should serve SDS-supplied cert for second specific service on same http listener" {`
			`# Make sure the Cert was the one SDS served and didn't just happen to have the`
			`# right domain from Connect. This also ensures that listeners work when we've`
			`# had to split their routing tables due to different certs for different`
			`# hostnames.`
			`assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \`
			`localhost:9998 www.example.com`
			`}`