This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new d871a2c3 fix: when secret created later than apisixtls it should be
updated (#1715)
d871a2c3 is described below
commit d871a2c3253fc04856ad42d645df06c8f3c70124
Author: Sarasa Kisaragi <[email protected]>
AuthorDate: Fri Mar 17 18:09:35 2023 +0800
fix: when secret created later than apisixtls it should be updated (#1715)
---
cmd/ingress/ingress.go | 5 +-
cmd/ingress/ingress_test.go | 2 +-
pkg/providers/apisix/apisix_tls.go | 43 ++++---
pkg/providers/controller.go | 5 +-
pkg/providers/k8s/endpoint/endpoint.go | 2 +-
pkg/providers/k8s/endpoint/endpointslice.go | 4 +-
pkg/providers/k8s/secret.go | 5 +-
samples/deploy/rbac/apisix_view_clusterrole.yaml | 2 +
.../suite-ingress/suite-ingress-features/secret.go | 133 ++++++++++++++++++++-
9 files changed, 175 insertions(+), 26 deletions(-)
diff --git a/cmd/ingress/ingress.go b/cmd/ingress/ingress.go
index 038705d0..e995927b 100644
--- a/cmd/ingress/ingress.go
+++ b/cmd/ingress/ingress.go
@@ -125,7 +125,7 @@ the apisix cluster and others are created`,
dief("failed to initialize logging: %s", err)
}
log.DefaultLogger = logger
- log.Info("apisix ingress controller started")
+ log.Info("init apisix ingress controller")
log.Info("version:\n", version.Long())
@@ -148,6 +148,9 @@ the apisix cluster and others are created`,
wg.Add(1)
go func() {
defer wg.Done()
+
+ log.Info("start ingress controller")
+
if err := ingress.Run(stop); err != nil {
dief("failed to run ingress controller:
%s", err)
}
diff --git a/cmd/ingress/ingress_test.go b/cmd/ingress/ingress_test.go
index fb12781c..5729ae99 100644
--- a/cmd/ingress/ingress_test.go
+++ b/cmd/ingress/ingress_test.go
@@ -126,7 +126,7 @@ func TestNewIngressCommandEffectiveLog(t *testing.T) {
buf := bufio.NewReader(file)
f := parseLog(t, buf)
- assert.Contains(t, f.Message, "apisix ingress controller started")
+ assert.Contains(t, f.Message, "init apisix ingress controller")
assert.Equal(t, "info", f.Level)
f = parseLog(t, buf)
diff --git a/pkg/providers/apisix/apisix_tls.go
b/pkg/providers/apisix/apisix_tls.go
index 2a432604..a5167cd2 100644
--- a/pkg/providers/apisix/apisix_tls.go
+++ b/pkg/providers/apisix/apisix_tls.go
@@ -148,6 +148,17 @@ func (c *apisixTlsController) sync(ctx context.Context, ev
*types.Event) error {
case config.ApisixV2beta3:
tls := multiVersionedTls.V2beta3()
ssl, err := c.translator.TranslateSSLV2Beta3(tls)
+
+ // We should cache the relations regardless the translation
succeed or not
+ secretKey := tls.Spec.Secret.Namespace + "/" +
tls.Spec.Secret.Name
+ c.storeSecretCache(secretKey, apisixTlsKey, ssl, ev.Type)
+ if tls.Spec.Client != nil {
+ caSecretKey := tls.Spec.Client.CASecret.Namespace + "/"
+ tls.Spec.Client.CASecret.Name
+ if caSecretKey != secretKey {
+ c.storeSecretCache(caSecretKey, apisixTlsKey,
ssl, ev.Type)
+ }
+ }
+
if err != nil {
log.Errorw("failed to translate ApisixTls",
zap.Error(err),
@@ -162,15 +173,6 @@ func (c *apisixTlsController) sync(ctx context.Context, ev
*types.Event) error {
zap.Any("ApisixTls", tls),
)
- secretKey := tls.Spec.Secret.Namespace + "/" +
tls.Spec.Secret.Name
- c.storeSecretCache(secretKey, apisixTlsKey, ssl, ev.Type)
- if tls.Spec.Client != nil {
- caSecretKey := tls.Spec.Client.CASecret.Namespace + "/"
+ tls.Spec.Client.CASecret.Name
- if caSecretKey != secretKey {
- c.storeSecretCache(caSecretKey, apisixTlsKey,
ssl, ev.Type)
- }
- }
-
if err := c.SyncSSL(ctx, ssl, ev.Type); err != nil {
log.Errorw("failed to sync SSL to APISIX",
zap.Error(err),
@@ -186,6 +188,17 @@ func (c *apisixTlsController) sync(ctx context.Context, ev
*types.Event) error {
case config.ApisixV2:
tls := multiVersionedTls.V2()
ssl, err := c.translator.TranslateSSLV2(tls)
+
+ // We should cache the relations regardless the translation
succeed or not
+ secretKey := tls.Spec.Secret.Namespace + "/" +
tls.Spec.Secret.Name
+ c.storeSecretCache(secretKey, apisixTlsKey, ssl, ev.Type)
+ if tls.Spec.Client != nil {
+ caSecretKey := tls.Spec.Client.CASecret.Namespace + "/"
+ tls.Spec.Client.CASecret.Name
+ if caSecretKey != secretKey {
+ c.storeSecretCache(caSecretKey, apisixTlsKey,
ssl, ev.Type)
+ }
+ }
+
if err != nil {
log.Errorw("failed to translate ApisixTls",
zap.Error(err),
@@ -200,15 +213,6 @@ func (c *apisixTlsController) sync(ctx context.Context, ev
*types.Event) error {
zap.Any("ApisixTls", tls),
)
- secretKey := tls.Spec.Secret.Namespace + "/" +
tls.Spec.Secret.Name
- c.storeSecretCache(secretKey, apisixTlsKey, ssl, ev.Type)
- if tls.Spec.Client != nil {
- caSecretKey := tls.Spec.Client.CASecret.Namespace + "/"
+ tls.Spec.Client.CASecret.Name
- if caSecretKey != secretKey {
- c.storeSecretCache(caSecretKey, apisixTlsKey,
ssl, ev.Type)
- }
- }
-
if err := c.SyncSSL(ctx, ssl, ev.Type); err != nil {
log.Errorw("failed to sync SSL to APISIX",
zap.Error(err),
@@ -474,15 +478,18 @@ func (c *apisixTlsController) recordStatus(at
interface{}, reason string, err er
func (c *apisixTlsController) SyncSecretChange(ctx context.Context, ev
*types.Event, secret *corev1.Secret, secretKey string) {
ssls, ok := c.secretSSLMap.Load(secretKey)
if !ok {
+ log.Debugw("ApisixTls: sync secret change, not concerned",
zap.String("key", secretKey))
// This secret is not concerned.
return
}
sslMap, ok := ssls.(*sync.Map) // apisix tls key -> SSLs
if !ok {
+ log.Debugw("ApisixTls: sync secret change, not such SSls map",
zap.String("key", secretKey))
return
}
+ log.Debugw("ApisixTls: sync secret change", zap.String("key",
secretKey))
switch c.Config.Kubernetes.APIVersion {
case config.ApisixV2beta3:
sslMap.Range(c.syncSSLsAndUpdateStatusV2beta3(ctx, ev, secret,
secretKey))
diff --git a/pkg/providers/controller.go b/pkg/providers/controller.go
index 74250380..d293c717 100644
--- a/pkg/providers/controller.go
+++ b/pkg/providers/controller.go
@@ -148,6 +148,7 @@ func (c *Controller) Run(stop chan struct{}) error {
c.MetricsCollector.ResetLeader(false)
go func() {
+ log.Info("start api server")
if err := c.apiServer.Run(rootCtx.Done()); err != nil {
log.Errorf("failed to launch API Server: %s", err)
}
@@ -481,7 +482,7 @@ func (c *Controller) run(ctx context.Context) {
return
}
- // Wait Resouce sync
+ // Wait for resource sync
if ok := c.informers.StartAndWaitForCacheSync(ctx); !ok {
ctx.Done()
return
@@ -495,6 +496,8 @@ func (c *Controller) run(ctx context.Context) {
// Run Phase
+ log.Info("try to run providers")
+
e := utils.ParallelExecutor{}
e.Add(func() {
diff --git a/pkg/providers/k8s/endpoint/endpoint.go
b/pkg/providers/k8s/endpoint/endpoint.go
index 2e12c8c0..779af421 100644
--- a/pkg/providers/k8s/endpoint/endpoint.go
+++ b/pkg/providers/k8s/endpoint/endpoint.go
@@ -144,7 +144,7 @@ func (c *endpointsController) onAdd(obj interface{}) {
return
}
log.Debugw("endpoints add event arrived",
- zap.String("object-key", key))
+ zap.String("key", key))
c.workqueue.Add(&types.Event{
Type: types.EventAdd,
diff --git a/pkg/providers/k8s/endpoint/endpointslice.go
b/pkg/providers/k8s/endpoint/endpointslice.go
index b920f6bf..75e9ea76 100644
--- a/pkg/providers/k8s/endpoint/endpointslice.go
+++ b/pkg/providers/k8s/endpoint/endpointslice.go
@@ -163,7 +163,7 @@ func (c *endpointSliceController) onAdd(obj interface{}) {
}
log.Debugw("endpointSlice add event arrived",
- zap.String("object-key", key),
+ zap.String("key", key),
)
c.workqueue.Add(&types.Event{
@@ -240,7 +240,7 @@ func (c *endpointSliceController) onDelete(obj interface{})
{
return
}
log.Debugw("endpointSlice delete event arrived",
- zap.Any("object-key", key),
+ zap.Any("key", key),
)
c.workqueue.Add(&types.Event{
Type: types.EventDelete,
diff --git a/pkg/providers/k8s/secret.go b/pkg/providers/k8s/secret.go
index d11523db..1ac4f72f 100644
--- a/pkg/providers/k8s/secret.go
+++ b/pkg/providers/k8s/secret.go
@@ -141,6 +141,9 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
sec = ev.Tombstone.(*corev1.Secret)
}
+ log.Debugw("sync secret change",
+ zap.String("key", key),
+ )
secretKey := namespace + "/" + name
c.apisixProvider.SyncSecretChange(ctx, ev, sec, secretKey)
c.ingressProvider.SyncSecretChange(ctx, ev, sec, secretKey)
@@ -181,7 +184,7 @@ func (c *secretController) onAdd(obj interface{}) {
}
log.Debugw("secret add event arrived",
- zap.String("object-key", key),
+ zap.String("key", key),
)
c.workqueue.Add(&types.Event{
Type: types.EventAdd,
diff --git a/samples/deploy/rbac/apisix_view_clusterrole.yaml
b/samples/deploy/rbac/apisix_view_clusterrole.yaml
index c3472b27..dc48b1e0 100644
--- a/samples/deploy/rbac/apisix_view_clusterrole.yaml
+++ b/samples/deploy/rbac/apisix_view_clusterrole.yaml
@@ -83,6 +83,8 @@ rules:
- apisixconsumers/status
- apisixpluginconfigs
- apisixpluginconfigs/status
+ - apisixglobalrules
+ - apisixglobalrules/status
verbs:
- '*'
- apiGroups:
diff --git a/test/e2e/suite-ingress/suite-ingress-features/secret.go
b/test/e2e/suite-ingress/suite-ingress-features/secret.go
index 5b7aa410..9b054e38 100644
--- a/test/e2e/suite-ingress/suite-ingress-features/secret.go
+++ b/test/e2e/suite-ingress/suite-ingress-features/secret.go
@@ -26,9 +26,140 @@ import (
"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
)
-// TODO: FIXME
var _ = ginkgo.Describe("suite-ingress-features: secret controller", func() {
apisixTlsSuites := func(s *scaffold.Scaffold) {
+ ginkgo.It("should update SSL if secret referenced by ApisixTls
is created later", func() {
+ backendSvc, backendSvcPort := s.DefaultHTTPBackend()
+ apisixRoute := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - api6.com
+ paths:
+ - /ip
+ backends:
+ - serviceName: %s
+ servicePort: %d
+`, backendSvc, backendSvcPort[0])
+ assert.Nil(ginkgo.GinkgoT(),
s.CreateVersionedApisixResource(apisixRoute))
+
+ secretName := "test-apisix-tls"
+ // create ApisixTls resource
+ tlsName := "tls-name"
+ host := "api6.com"
+ err := s.NewApisixTls(tlsName, host, secretName)
+ assert.Nil(ginkgo.GinkgoT(), err, "create tls error")
+ time.Sleep(10 * time.Second)
+
+ // create secret later than ApisixTls
+ cert := `-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIJALDqPppBVXQ3MA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
+BAYTAkNOMRAwDgYDVQQIDAdKaWFuZ3N1MQ8wDQYDVQQHDAZTdXpob3UxEDAOBgNV
+BAoMB2FwaTcuYWkxEDAOBgNVBAsMB2FwaTcuYWkxDzANBgNVBAMMBmp3LmNvbTAg
+Fw0yMTA0MDkwNzEyMDBaGA8yMDUxMDQwMjA3MTIwMFowZTELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgMB0ppYW5nc3UxDzANBgNVBAcMBlN1emhvdTEQMA4GA1UECgwHYXBp
+Ny5haTEQMA4GA1UECwwHYXBpNy5haTEPMA0GA1UEAwwGancuY29tMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuEPPnUMlSw41CTdxUNxkQ4gAZ7cPotwY
+Y6sVLGtWoR8gKFSZImQIor3UF+8HhN/ZOFRv5tSeeQ/MTE72cs2T5mp6eRU8OrSV
+0npk/TpZfaCx7zobsfXB4YU1NZcVWKthFF5X8p//l5gxUMU8V4a01P0aDTmZ67wG
+3Fhr0AC067GVYvdwp1yRt6TUUk8ha7JsiySchUIFhX5QMWmrSNhc1bDnHetejMFl
+itFFPZkeYG89O/7Ca1K3ca/VVu+/IJ4h7fbF3rt4uP182cJdHl1L94dQSKCJukaW
+v+xauWnm4hxOzBK7ImpYB/2eP2D33tmuCLeSv4S+bTG1l7hIN9C/xrYPzfun415h
+M2jMK69aAkQL71xa+66kVxioJyNYogYz3ss5ruzDL8K/7bkdO0Zzqldd2+j8lkTl
+X4csA+aMHF3v/U7hL/4Wdwi8ziwToRMq9KK9vuh+mPgcdtFGFml+sU+NQfJNm/BN
+7fRMZKDIHLacSPE0GUkfW+x3dXOP2lWSZe/iOBZ0NOGNdrOnxTRTr7IH7DYU8aXF
+w2GqfAFEQbD4wazCh1AI8lkZr6mPGB1q+HnF2IF7kkgXBHtI5U2KErgcX5BirIVe
+v0Yg/OxbbymeTh/hNCcY1kJ1YUCbm9U3U6ZV+d8lj7dQHtugcAzWxSTwpBLVUPrO
+eFuhSMLVblUCAwEAAaMjMCEwHwYDVR0RBBgwFoIIYXBpNi5jb22CCiouYXBpNi5j
+b20wDQYJKoZIhvcNAQELBQADggIBAFgeSuMPpriYUrQByO3taiY1+56s+KoAmsyA
+LH15n2+thAgorusX2g1Zd7UNBHBtVO8c+ihpQb+2PnmgTTGT70ndpRbV5F6124Mt
+Hui/X0kjm76RYd1QKN1VFp0Zo+JVdRa+VhDsXWjO0VetINmFhNINFEJctyeHB8oi
+aaDL0wZrevHh47hBqtnrmLl+QVG34aLBRhZ5953leiNvXHUJNaT0nLgf0j9p4esS
+b2bx9uP4pFI1T9wcv/TE3K0rQbu/uqGY6MgznXHyi4qIK/I+WCa3fF2UZ5P/5EUM
+k2ptQneYkLLUVwwmj8C04bYhYe7Z6jkYYp17ojxIP+ejOY1eiE8SYKNjKinmphrM
+5aceqIyfbE4TPqvicNzIggA4yEMPbTA0PC/wqbCf61oMc15hwacdeIaQGiwsM+pf
+DTk+GBxp3megx/+0XwTQbguleTlHnaaES+ma0vbl6a1rUK0YAUDUrcfFLv6EFtGD
+6EHxFf7gH9sTfc2RiGhKxUhRbyEree+6INAvXy+AymVYmQmKuAFqkDQJ+09bTfm8
+bDs+00FijzHFBvC8cIhNffj0qqiv35g+9FTwnE9qpunlrtKG/sMgEXX6m8kL1YQ8
+m5DPGhyEZyt5Js2kzzo8TyINPKmrqriYuiD4p4EH13eSRs3ayanQh6ckC7lb+WXq
+3IrSc5hO
+-----END CERTIFICATE-----`
+ key := `-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAuEPPnUMlSw41CTdxUNxkQ4gAZ7cPotwYY6sVLGtWoR8gKFSZ
+ImQIor3UF+8HhN/ZOFRv5tSeeQ/MTE72cs2T5mp6eRU8OrSV0npk/TpZfaCx7zob
+sfXB4YU1NZcVWKthFF5X8p//l5gxUMU8V4a01P0aDTmZ67wG3Fhr0AC067GVYvdw
+p1yRt6TUUk8ha7JsiySchUIFhX5QMWmrSNhc1bDnHetejMFlitFFPZkeYG89O/7C
+a1K3ca/VVu+/IJ4h7fbF3rt4uP182cJdHl1L94dQSKCJukaWv+xauWnm4hxOzBK7
+ImpYB/2eP2D33tmuCLeSv4S+bTG1l7hIN9C/xrYPzfun415hM2jMK69aAkQL71xa
++66kVxioJyNYogYz3ss5ruzDL8K/7bkdO0Zzqldd2+j8lkTlX4csA+aMHF3v/U7h
+L/4Wdwi8ziwToRMq9KK9vuh+mPgcdtFGFml+sU+NQfJNm/BN7fRMZKDIHLacSPE0
+GUkfW+x3dXOP2lWSZe/iOBZ0NOGNdrOnxTRTr7IH7DYU8aXFw2GqfAFEQbD4wazC
+h1AI8lkZr6mPGB1q+HnF2IF7kkgXBHtI5U2KErgcX5BirIVev0Yg/OxbbymeTh/h
+NCcY1kJ1YUCbm9U3U6ZV+d8lj7dQHtugcAzWxSTwpBLVUPrOeFuhSMLVblUCAwEA
+AQKCAgApTupoMvlVTiYNnuREYGQJz59noN5cgELndR8WCiotjLDE2dJKp2pYMX4u
+r2NcImKsAiHj+Z5dPXFrWfhd3EBf01cJdf0+m+VKfi3NpxsQ0smQ+9Hhn1qLmDVJ
+gklCy4jD7DKDLeM6tN+5X74bUROQ+/yvIk6jTk+rbhcdVks422LGAPq8SkBQjx8a
+JKs1XZZ/ywFbzmU2fA62RR4lAnwtW680QeO8Yk7FRAzltkHdFJMBtCcZsD13uxd0
+meKbCVhJ5JyPRi/WKN2oY65EdF3na+pPnc3CeLiq5e2gy2D7J6VyknBpUrXRdMXZ
+J3/p8ZrWUXEQhk26ZP50uNdXy/Bx1jYe+U8mpkTMYVYxgu5K4Zea3yJyRn2piiE/
+9LnKNy/KsINt/0QE55ldvtciyP8RDA/08eQX0gvtKWWC/UFVRZCeL48bpqLmdAfE
+cMwlk1b0Lmo2PxULFLMAjaTKmcMAbwl53YRit0MtvaIOwiZBUVHE0blRiKC2DMKi
+SA6xLbaYJVDaMcfix8kZkKbC0xBNmL4123qX4RF6IUTPufyUTz/tpjzH6eKDw/88
+LmSx227d7/qWp5gROCDhZOPhtr4rj70JKNqcXUX9iFga+dhloOwfHYjdKndKOLUI
+Gp3K9YkPT/fCfesrguUx8BoleO5pC6RQJhRsemkRGlSY8U1ZsQKCAQEA5FepCn1f
+A46GsBSQ+/pbaHlbsR2syN3J5RmAFLFozYUrqyHE/cbNUlaYq397Ax7xwQkiN3F2
+z/whTxOh4Sk/HdDF4d+I0PZeoxINxgfzyYkx8Xpzn2loxsRO8fb3g+mOxZidjjXv
+vxqUBaj3Y01Ig0UXuw7YqCwys+xg3ELtvcGLBW/7NWMo8zqk2nUjhfcwp4e4AwBt
+Xcsc2aShUlr/RUrJH4adjha6Yaqc/8xTXHW8gZi5L2lucwB0LA+CBe4ES9BZLZdX
+N575/ohXRdjadHKYceYHiamt2326DzaxVJu2EIXU8dgdgOZ/6krITzuePRQHLPHX
+6bDfdg/WSpFrtwKCAQEAzpVqBcJ1fAI7bOkt89j2zZb1r5uD2f9sp/lA/Dj65QKV
+ShWR7Y6Jr4ShXmFvIenWtjwsl86PflMgtsJefOmLyv8o7PL154XD8SnNbBlds6IM
+MyNKkOJFa5NOrsal7TitaTvtYdKq8Zpqtxe+2kg80wi+tPVQNQS/drOpR3rDiLIE
+La/ty8XDYZsSowlzBX+uoFq7GuMct1Uh2T0/I4Kf0ZLXwYjkRlRk4LrU0BRPhRMu
+MHugOTYFKXShE2a3OEcxqCgvQ/3pn2TV92pPVKBIBGL6uKUwmXQYKaV3G4u10pJ4
+axq/avBOErcKZOReb0SNiOjiIsth8o+hnpYPU5COUwKCAQBksVNV0NtpUhyK4Ube
+FxTgCUQp4pAjM8qoQIp+lY1FtAgBuy6HSneYa59/YQP56FdrbH+uO1bNeL2nhVzJ
+UcsHdt0MMeq/WyV4e6mfPjp/EQT5G6qJDY6quD6n7ORRQ1k2QYqY/6fteeb0aAJP
+w/DKElnYnz9jSbpCJWbBOrJkD0ki6LK6ZDPWrnGr9CPqG4tVFUBL8pBH4B2kzDhn
+fME86TGvuUkZM2SVVQtOsefAyhqKe7KN+cw+4mBYXa5UtxUl6Yap2CcZ2/0aBT2X
+C32qBC69a1a/mheUxuiZdODWEqRCvQGedFLuWLbntnqGlh+9h2tyomM4JkskYO96
+io4ZAoIBAFouLW9AOUseKlTb4dx+DRcoXC4BpGhIsWUOUQkJ0rSgEQ2bJu3d+Erv
+igYKYJocW0eIMys917Qck75UUS0UQpsmEfaGBUTBRw0C45LZ6+abydmVAVsH+6f/
+USzIuOw6frDeoTy/2zHG5+jva7gcKrkxKxcRs6bBYNdvjGkQtUT5+Qr8rsDyntz/
+9f3IBTcUSuXjVaRiGkoJ1tHfg617u0qgYKEyofv1oWfdB0Oiaig8fEBb51CyPUSg
+jiRLBZaCtbGjgSacNB0JxsHP3buikG2hy7NJIVMLs/SSL9GNhpzapciTj5YeOua+
+ksICUxsdgO+QQg9QW3yoqLPy69Pd2dMCggEBANDLoUf3ZE7Dews6cfIa0WC33NCV
+FkyECaF2MNOp5Q9y/T35FyeA7UeDsTZ6Dy++XGW4uNStrSI6dCyQARqJw+i7gCst
+2m5lIde01ptzDQ9iO1Dv1XasxX/589CyLq6CxLfRgPMJPDeUEg0X7+a0lBT5Hpwk
+gNnZmws4l3i7RlVMtACCenmof9VtOcMK/9Qr502WHEoGkQR1r6HZFb25841cehL2
+do+oXlr8db++r87a8QQUkizzc6wXD9JffBNo9AO9Ed4HVOukpEA0gqVGBu85N3xW
+jW4KB95bGOTa7r7DM1Up0MbAIwWoeLBGhOIXk7inurZGg+FNjZMA5Lzm6qo=
+-----END RSA PRIVATE KEY-----`
+ // key compare
+ keyCompare :=
"HrMHUvE9Esvn7GnZ+vAynaIg/8wlB3r0zm0htmnwofaOw61M98WSdvoWLaQa8YKSdemgQUz2W4MYk2rRZcVSzHfJOLRG7g4ieZau6peDYOmPmp/0ZZFpOzBKoWHN3QP/8i/7SF+JX+EDLD2JO2+GM6iR3f2Zj7v0vx+CcoQ1rjxaXNETSSHo8yvW6pdFZOLgJk4rOHKGypnqzygxxamM8Hq7WSPrWhNe47y1QAfz42kBQXRUJpNNd7W749cTsMWCqBlR+8klTlnSFHkjyijBZjg5ihqZsi/8JzHGrmAixZ54ugPgbufD0/ZJdo3w7opJc4WTnUI2GhiBL+ENCA0X1s/6H8JG8zsC50PvxOBpRgK455TTvejm1JHyt0GTh7c4WFEeQSrbEFzS89BpVrPtre2enO38pkILI8ty8r6tIbZzuOJhM6ZpxQQcAe8OUvFuIIlx21yBvlljbu3eH5Hg7X+wtJ
[...]
+ // create secret
+ err = s.NewSecret(secretName, cert, key)
+ assert.Nil(ginkgo.GinkgoT(), err, "create secret error")
+ // check ssl in APISIX
+ time.Sleep(10 * time.Second)
+
+ // verify SSL resource
+ tls, err := s.ListApisixSsl()
+ assert.Nil(ginkgo.GinkgoT(), err, "list tls error")
+ assert.Len(ginkgo.GinkgoT(), tls, 1, "tls number not
expect")
+ assert.Equal(ginkgo.GinkgoT(), cert, tls[0].Cert, "tls
cert not expect")
+ assert.Equal(ginkgo.GinkgoT(), keyCompare, tls[0].Key,
"tls key not expect")
+
+ // check DP
+
s.NewAPISIXHttpsClient(host).GET("/ip").WithHeader("Host",
host).Expect().Status(http.StatusOK).Body().Raw()
+ })
+
ginkgo.It("should update SSL if secret referenced by ApisixTls
is updated", func() {
backendSvc, backendSvcPort := s.DefaultHTTPBackend()
apisixRoute := fmt.Sprintf(`
