67 lines
2.3 KiB
Bash
67 lines
2.3 KiB
Bash
#!/usr/bin/env bats
|
|
|
|
load helpers
|
|
|
|
@test "ingress proxy admin is up on :20000" {
|
|
retry_default curl -f -s localhost:20000/stats -o /dev/null
|
|
}
|
|
|
|
@test "s1 proxy admin is up on :19000" {
|
|
retry_default curl -f -s localhost:19000/stats -o /dev/null
|
|
}
|
|
|
|
@test "s2 proxy admin is up on :19001" {
|
|
retry_default curl -f -s localhost:19001/stats -o /dev/null
|
|
}
|
|
|
|
@test "s1 proxy listener should be up and have right cert" {
|
|
assert_proxy_presents_cert_uri localhost:21000 s1
|
|
}
|
|
|
|
@test "s2 proxy listener should be up and have right cert" {
|
|
assert_proxy_presents_cert_uri localhost:21001 s2
|
|
}
|
|
|
|
@test "ingress-gateway should have healthy endpoints for s1" {
|
|
assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
|
|
}
|
|
|
|
@test "ingress-gateway should have healthy endpoints for s2" {
|
|
assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s2 HEALTHY 1
|
|
}
|
|
|
|
@test "ingress should be able to connect to s1 using Host header" {
|
|
assert_expected_fortio_name s1 https://s1.ingress.consul 9999
|
|
}
|
|
|
|
@test "ingress should be able to connect to s2 using Host header" {
|
|
assert_expected_fortio_name s2 https://s2.ingress.consul 9999
|
|
}
|
|
|
|
@test "ingress should be able to connect to s1 using a user-specified Host" {
|
|
assert_expected_fortio_name s1 https://foo.example.com 9998
|
|
}
|
|
|
|
@test "ingress should serve SDS-supplied cert for wildcard service" {
|
|
# Make sure the Cert was the one SDS served and didn't just happen to have the
|
|
# right domain from Connect.
|
|
assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
|
|
localhost:9999 '*.ingress.consul'
|
|
}
|
|
|
|
@test "ingress should serve SDS-supplied cert for specific service" {
|
|
# Make sure the Cert was the one SDS served and didn't just happen to have the
|
|
# right domain from Connect.
|
|
assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
|
|
localhost:9998 foo.example.com
|
|
}
|
|
|
|
@test "ingress should serve SDS-supplied cert for second specific service on same http listener" {
|
|
# Make sure the Cert was the one SDS served and didn't just happen to have the
|
|
# right domain from Connect. This also ensures that listeners work when we've
|
|
# had to split their routing tables due to different certs for different
|
|
# hostnames.
|
|
assert_cert_signed_by_ca /workdir/test-sds-server/certs/ca-root.crt \
|
|
localhost:9998 www.example.com
|
|
}
|