846b80e8a5
There is a delay between an intentions change being made, and it being reflected in the Envoy runtime configuration. Now that the enforcement happens inside of Envoy instead of over in the agent, our tests need to explicitly wait until the xDS reconfiguration is complete before attempting to assert intentions worked. Also remove a few double retry loops.
37 lines
1 KiB
Bash
37 lines
1 KiB
Bash
#!/usr/bin/env bats
|
|
|
|
load helpers
|
|
|
|
@test "s1 proxy admin is up on :19000" {
|
|
retry_default curl -f -s localhost:19000/stats -o /dev/null
|
|
}
|
|
|
|
@test "s2 proxy admin is up on :19001" {
|
|
retry_default curl -f -s localhost:19001/stats -o /dev/null
|
|
}
|
|
|
|
@test "s1 proxy listener should be up and have right cert" {
|
|
assert_proxy_presents_cert_uri localhost:21000 s1
|
|
}
|
|
|
|
@test "s2 proxy listener should be up and have right cert" {
|
|
assert_proxy_presents_cert_uri localhost:21001 s2
|
|
}
|
|
|
|
@test "s2 proxy should be healthy" {
|
|
assert_service_has_healthy_instances s2 1
|
|
}
|
|
|
|
@test "s1 upstream should have healthy endpoints for s2" {
|
|
# protocol is configured in an upstream override so the cluster name is customized here
|
|
assert_upstream_has_endpoints_in_status 127.0.0.1:19000 1a47f6e1~s2.default.primary HEALTHY 1
|
|
}
|
|
|
|
@test "s2 should have http rbac rules loaded from xDS" {
|
|
retry_default assert_envoy_http_rbac_policy_count localhost:19001 1
|
|
}
|
|
|
|
@test "s1 upstream should NOT be able to connect to s2" {
|
|
retry_default must_fail_http_connection localhost:5000
|
|
}
|