E2E test

Signed-off-by: Lubron Zhan <lubronzhan@gmail.com>
Signed-off-by: lubronzhan <lubronzhan@gmail.com>

apis/projectcontour/v1alpha1/contourdeployment.go

@@ -133,7 +133,6 @@ type ContourSettings struct {
 	// +kubebuilder:validation:UniqueItems=true
 	WatchNamespaces []contour_api_v1.Namespace `json:"watchNamespaces,omitempty"`
 
-
 	// DisabledFeatures defines an array of Gateway API CRDs that will be ignored by
 	// contour reconciler.
 	// +optional

internal/provisioner/objects/rbac/util/util_test.go

@@ -3,7 +3,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//	http://www.apache.org/licenses/LICENSE-2.0
+//     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,

test/e2e/gatewayapi_predicates.go

@@ -145,6 +145,31 @@ func TCPRouteAccepted(route *gatewayapi_v1alpha2.TCPRoute) bool {
 	return false
 }
 
+// TLSRouteIgnoredByContour returns true if the route has an empty .status.parents.conditions list
+func TLSRouteIgnoredByContour(route *gatewayapi_v1alpha2.TLSRoute) bool {
+	if route == nil {
+		return false
+	}
+
+	return len(route.Status.Parents) == 0
+}
+
+// TLSRouteAccepted returns true if the route has a .status.conditions
+// entry of "Accepted: true".
+func TLSRouteAccepted(route *gatewayapi_v1alpha2.TLSRoute) bool {
+	if route == nil {
+		return false
+	}
+
+	for _, gw := range route.Status.Parents {
+		if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.RouteConditionAccepted), metav1.ConditionTrue) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // BackendTLSPolicyAccepted returns true if the backend TLS policy has a .status.conditions
 // entry of "Accepted: true".
 func BackendTLSPolicyAccepted(btp *gatewayapi_v1alpha2.BackendTLSPolicy) bool {

test/e2e/provisioner/provisioner_test.go

@@ -669,6 +669,7 @@ var _ = Describe("Gateway provisioner", func() {
 					// Root proxy in non-watched namespace should fail
 					By(fmt.Sprintf("Expect namespace %s not to be watched by contour", t.namespace))
 					hr, ok := f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteIgnoredByContour)
+					require.True(f.T(), ok, fmt.Sprintf("httproute's is %v", hr))
 
 					By(fmt.Sprintf("Expect httproute under namespace %s is not accepted for a period of time", t.namespace))
 					require.Never(f.T(), func() bool {
@@ -678,7 +679,6 @@ var _ = Describe("Gateway provisioner", func() {
 						}
 						return e2e.HTTPRouteAccepted(hr)
 					}, 10*time.Second, time.Second, hr)
-					require.True(f.T(), ok, fmt.Sprintf("httproute's is %v", hr))
 				}
 			}
 		})
@@ -769,12 +769,12 @@ var _ = Describe("Gateway provisioner", func() {
 			By("Skip reconciling TCPRoute if disabledFeatures includes it")
 
 			f.Fixtures.Echo.Deploy(namespace, "echo")
-			route := &gatewayapi_v1alpha2.TCPRoute{
+			route := &gatewayapi_v1alpha2.TLSRoute{
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: namespace,
-					Name:      "tcproute-1",
+					Name:      "tlsroute-1",
 				},
-				Spec: gatewayapi_v1alpha2.TCPRouteSpec{
+				Spec: gatewayapi_v1alpha2.TLSRouteSpec{
 					CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{
 						ParentRefs: []gatewayapi_v1alpha2.ParentReference{
 							{
@@ -783,28 +783,23 @@ var _ = Describe("Gateway provisioner", func() {
 							},
 						},
 					},
-					Rules: []gatewayapi_v1alpha2.TCPRouteRule{
+					Rules: []gatewayapi_v1alpha2.TLSRouteRule{
 						{
 							BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ref.To(int32(1))),
 						},
 					},
 				},
 			}
-			route, ok = f.CreateTCPRouteAndWaitFor(route, e2e.TCPRouteAccepted)
-			require.True(f.T(), ok)
-			require.NotNil(f.T(), route)
-
-			res, ok := f.HTTP.RequestUntil(&e2e.HTTPRequestOpts{
-				Condition: e2e.HasStatusCode(200),
-			})
-			assert.Truef(f.T(), ok, "expected 200 response code, got %d", res.StatusCode)
-			assert.Equal(f.T(), "echo", f.GetEchoResponseBody(res.Body).Service)
-
-			// Envoy is expected to add the "server: envoy" and
-			// "x-envoy-upstream-service-time" HTTP headers when
-			// proxying HTTP; this ensures we are proxying TCP only.
-			assert.Equal(f.T(), "", res.Headers.Get("server"))
-			assert.Equal(f.T(), "", res.Headers.Get("x-envoy-upstream-service-time"))
+			tr, ok := f.CreateTLSRouteAndWaitFor(route, e2e.TLSRouteIgnoredByContour)
+			require.True(f.T(), ok, fmt.Sprintf("tlsroute's is %v", tr))
+			By("Expect tlsroute not to be accepted")
+			require.Never(f.T(), func() bool {
+				tr = &gatewayapi_v1alpha2.TLSRoute{}
+				if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(tr), tr); err != nil {
+					return false
+				}
+				return e2e.TLSRouteAccepted(tr)
+			}, 10*time.Second, time.Second, tr)
 		})
 	})
 })