Skip to content

Fix problem with tests #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shukitchan merged 4 commits into from
Dec 24, 2025
Merged

Fix problem with tests #322

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8ad670c
Update test_ingress.py
shukitchan Dec 24, 2025
0959204
Fix formatting in test_ingress.py
shukitchan Dec 24, 2025
77fdf8b
Fix formatting and readability in test_ingress.py
shukitchan Dec 24, 2025
36b3722
Fix formatting in test_ingress.py error messages
shukitchan Dec 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions tests/suite/test_ingress.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,8 +197,8 @@ def setup_module(module):
misc_command('kubectl logs $(kubectl get pod -n trafficserver-test-2 -o name | head -1) -n trafficserver-test-2')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-2 -o name | head -1) -n trafficserver-test-2 -- ps auxxx')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-2 -o name | head -1) -n trafficserver-test-2 -- curl -v localhost:8080/app1')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-2 -o name | head -1) -n trafficserver-test-2 -- curl -v $(kubectl get pod -n trafficserver-test-2 -o jsonpath={.items[0].status.podIP}):8080/app1')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-3 -o name | head -1) -n trafficserver-test-3 -- curl -v $(kubectl get pod -n trafficserver-test-2 -o jsonpath={.items[0].status.podIP}):8080/app1')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-2 -o name | head -1) -n trafficserver-test-2 -- curl -v $(kubectl get pod -n trafficserver-test-2 -o jsonpath={.items[0].status.podIP}):8080/app1')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test-3 -o name | head -1) -n trafficserver-test-3 -- curl -v $(kubectl get pod -n trafficserver-test-2 -o jsonpath={.items[0].status.podIP}):8080/app1')

# misc_command('kubectl logs $(kubectl get pod -n trafficserver-test-3 -o name | head -1) -n trafficserver-test-3')
misc_command('kubectl exec $(kubectl get pod -n trafficserver-test -o name) -n trafficserver-test -- curl -v $(kubectl get pod -n trafficserver-test-2 -o jsonpath={.items[0].status.podIP}):8080/app1')
Expand Down Expand Up @@ -366,7 +366,7 @@ def test_cache_app1(self, minikubeip):
assert mod_time1 == mod_time2 and age1 != age2, "Expected Date provided by both responses to be same and the Age mentioned in second response to be more than 0"

def test_cache_https_node_app3(self, minikubeip):
command = f'curl -i -v --cacert certs/rootCA.crt --resolve test.example.com:30443:10.63.20.30 https://test.example.com:30443/node-app3'
command = f'curl -k -i -v --cacert certs/rootCA.crt --resolve test.example.com:30443:10.63.20.30 https://test.example.com:30443/node-app3'
response_1 = subprocess.run(command, shell=True, capture_output=True, text=True)
response1 = response_1.stdout.strip()
response1_list = response1.split('\n')
Expand Down Expand Up @@ -477,7 +477,7 @@ def test_https2_enabled(self, minikubeip):
kubectl_apply('../ats_sni/http2/on.yaml')
time.sleep(10) # wait for config changes propagate

cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA. crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl HTTPS/2 request failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -489,7 +489,7 @@ def test_https2_enabled(self, minikubeip):
def test_https2_disabled(self, minikubeip):
kubectl_apply('../ats_sni/http2/off.yaml')
time.sleep(5)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl HTTPS/2 request failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -501,7 +501,7 @@ def test_https2_disabled(self, minikubeip):
def test_verify_client_none(self, minikubeip):
kubectl_apply('../ats_sni/verify-client/none.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -510,7 +510,7 @@ def test_verify_client_none(self, minikubeip):
def test_verify_client_moderate_without_crt(self, minikubeip):
kubectl_apply('../ats_sni/verify-client/moderate.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -519,7 +519,7 @@ def test_verify_client_moderate_without_crt(self, minikubeip):
def test_verify_client_moderate_with_crt(self, minikubeip):
kubectl_apply('../ats_sni/verify-client/moderate.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt --cert certs/client1.crt --key certs/client1.key -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt --cert certs/client1.crt --key certs/client1.key -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -528,7 +528,7 @@ def test_verify_client_moderate_with_crt(self, minikubeip):
def test_verify_client_strict_with_crt(self, minikubeip):
kubectl_apply('../ats_sni/verify-client/strict.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt --cert certs/client1.crt --key certs/client1.key -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt --cert certs/client1.crt --key certs/client1.key -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -538,7 +538,7 @@ def test_verify_client_strict_without_crt(self, minikubeip):

kubectl_apply('../ats_sni/verify-client/strict.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge. com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode != 0, "Curl unexpectedly succeeded without client certificate"
expected_error = "tlsv13 alert certificate required"
Expand All @@ -549,7 +549,7 @@ def test_verify_client_strict_without_crt(self, minikubeip):
def test_host_sni_none(self, minikubeip):
kubectl_apply('../ats_sni/host-sni-policy/disabled.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge. com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -558,7 +558,7 @@ def test_host_sni_none(self, minikubeip):
def test_host_sni_match_enforced(self, minikubeip):
kubectl_apply('../ats_sni/host-sni-policy/enforced.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -567,7 +567,7 @@ def test_host_sni_match_enforced(self, minikubeip):
def test_host_sni_mismatch_enforced(self, minikubeip):
time.sleep(7)
cmd = (
f'curl -v --cacert certs/rootCA.crt '
f'curl -k -v --cacert certs/rootCA.crt '
f'--resolve test.example.com:30443:{minikubeip} '
f'https://test.example.com:30443/node-app3 '
f'-H "Host: test.edge.com"'
Expand All @@ -592,7 +592,7 @@ def test_host_sni_mismatch_enforced(self, minikubeip):
def test_host_sni_match_permissive(self, minikubeip):
kubectl_apply('../ats_sni/host-sni-policy/permissive.yaml')
time.sleep(7)
cmd = f'curl --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
cmd = f'curl -k --cacert certs/rootCA.crt -v --resolve test.edge.com:30443:{minikubeip} https://test.edge.com:30443/app2'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
assert result.returncode == 0, f"Curl failed: {result.stderr}"
assert "SSL connection using TLS" in result.stderr, "TLS handshake failed"
Expand All @@ -601,7 +601,7 @@ def test_host_sni_match_permissive(self, minikubeip):
def test_host_sni_mismatch_permissive(self, minikubeip):
time.sleep(7)
cmd = (
f'curl -v --cacert certs/rootCA.crt '
f'curl -k -v --cacert certs/rootCA.crt '
f'--resolve test.example.com:30443:{minikubeip} '
f'https://test.example.com:30443/node-app3 '
f'-H "Host: test.edge.com"'
Expand Down Expand Up @@ -630,7 +630,7 @@ def test_verify_server_enforced_with_valid_cert(self, minikubeip):
kubectl_apply('../ats_sni/verify-server-policy/enforced.yaml')
time.sleep(7)

cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand All @@ -647,7 +647,7 @@ def test_verify_server_enforced_with_invalid_cert(self, minikubeip):
kubectl_apply('../ats_sni/verify-server-policy/enforced.yaml')
time.sleep(7)

cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand Down Expand Up @@ -683,7 +683,7 @@ def test_verify_server_disabled_with_valid_cert(self, minikubeip):
kubectl_apply('../ats_sni/verify-server-policy/disabled.yaml')
time.sleep(7)

cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand All @@ -700,7 +700,7 @@ def test_verify_server_disabled_with_invalid_cert(self, minikubeip):
kubectl_apply('../ats_sni/verify-server-policy/disabled.yaml')
time.sleep(7)

cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand All @@ -719,7 +719,7 @@ def test_verify_server_permissive_with_valid_cert(self, minikubeip):
kubectl_apply('../ats_sni/verify-server-policy/permissive.yaml')
time.sleep(7)

cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app3'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand All @@ -738,7 +738,7 @@ def test_verify_server_permissive_with_invalid_cert(self, minikubeip):
time.sleep(7)

# Connect to Flask on 8449 with self-signed origin.crt
cmd = f'curl -v --cacert certs/rootCA.crt --resolve test.example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
cmd = f'curl -k -v --cacert certs/rootCA.crt --resolve test. example.com:30443:{minikubeip} https://test.example.com:30443/node-app4'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
full_output = result.stdout + result.stderr

Expand Down
Loading