From 67f5cc7dcdef9c81a35b49c8e899e3f718c833d3 Mon Sep 17 00:00:00 2001 From: Spencer Hance Date: Wed, 3 Jun 2020 12:19:20 -0700 Subject: [PATCH] Initial migration of TargetProxy to Translator --- pkg/loadbalancers/loadbalancers_test.go | 84 +++-------- pkg/loadbalancers/target_proxies.go | 184 +++++++++-------------- pkg/translator/translator.go | 82 +++++++++++ pkg/translator/translator_test.go | 185 ++++++++++++++++++++++++ 4 files changed, 355 insertions(+), 180 deletions(-) diff --git a/pkg/loadbalancers/loadbalancers_test.go b/pkg/loadbalancers/loadbalancers_test.go index d5c48b816d..7898b66796 100644 --- a/pkg/loadbalancers/loadbalancers_test.go +++ b/pkg/loadbalancers/loadbalancers_test.go @@ -20,7 +20,6 @@ import ( "context" "fmt" "net/http" - "reflect" "strconv" "strings" "testing" @@ -1059,59 +1058,16 @@ func TestFrontendConfigSslPolicy(t *testing.T) { } } -func TestGetSslPolicyLink(t *testing.T) { - t.Parallel() - j := newTestJig(t) - - testCases := []struct { - desc string - fc *frontendconfigv1beta1.FrontendConfig - want *string - }{ - { - desc: "Empty frontendconfig", - fc: nil, - want: nil, - }, - { - desc: "frontendconfig with no ssl policy", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{}}, - want: nil, - }, - { - desc: "frontendconfig with ssl policy", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, - want: utils.NewStringPointer("global/sslPolicies/test-policy"), - }, - { - desc: "frontendconfig with empty string ssl policy", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("")}}, - want: utils.NewStringPointer(""), - }, - } - - for _, tc := range testCases { - l7 := L7{runtimeInfo: &L7RuntimeInfo{FrontendConfig: tc.fc}, cloud: j.fakeGCE, scope: meta.Global} - result, err := l7.getSslPolicyLink() - if err != nil { - t.Errorf("desc: %q, l7.getSslPolicyLink() = %v, want nil", tc.desc, err) - } - - if !reflect.DeepEqual(result, tc.want) { - t.Errorf("desc: %q, l7.getSslPolicyLink() = %v, want %+v", tc.desc, result, tc.want) - } - } -} - func TestEnsureSslPolicy(t *testing.T) { t.Parallel() j := newTestJig(t) testCases := []struct { - desc string - fc *frontendconfigv1beta1.FrontendConfig - proxy *composite.TargetHttpsProxy - want string + desc string + fc *frontendconfigv1beta1.FrontendConfig + proxy *composite.TargetHttpsProxy + policyLink string + want string }{ { desc: "Empty frontendconfig", @@ -1126,22 +1082,25 @@ func TestEnsureSslPolicy(t *testing.T) { want: "", }, { - desc: "frontendconfig with ssl policy", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, - proxy: &composite.TargetHttpsProxy{Name: "test-proxy-2"}, - want: "global/sslPolicies/test-policy", + desc: "frontendconfig with ssl policy", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, + proxy: &composite.TargetHttpsProxy{Name: "test-proxy-2"}, + policyLink: "global/sslPolicies/test-policy", + want: "global/sslPolicies/test-policy", }, { - desc: "proxy with different ssl policy", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, - proxy: &composite.TargetHttpsProxy{Name: "test-proxy-3", SslPolicy: "global/sslPolicies/wrong-policy"}, - want: "global/sslPolicies/test-policy", + desc: "proxy with different ssl policy", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, + proxy: &composite.TargetHttpsProxy{Name: "test-proxy-3", SslPolicy: "global/sslPolicies/wrong-policy"}, + policyLink: "global/sslPolicies/test-policy", + want: "global/sslPolicies/test-policy", }, { - desc: "proxy with ssl policy and frontend config policy is nil", - fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: nil}}, - proxy: &composite.TargetHttpsProxy{Name: "test-proxy-4", SslPolicy: "global/sslPolicies/test-policy"}, - want: "global/sslPolicies/test-policy", + desc: "proxy with ssl policy and frontend config policy is nil", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: nil}}, + proxy: &composite.TargetHttpsProxy{Name: "test-proxy-4", SslPolicy: "global/sslPolicies/test-policy"}, + policyLink: "global/sslPolicies/test-policy", + want: "global/sslPolicies/test-policy", }, { desc: "remove ssl policy", @@ -1157,8 +1116,9 @@ func TestEnsureSslPolicy(t *testing.T) { t.Error(err) } l7 := L7{runtimeInfo: &L7RuntimeInfo{FrontendConfig: tc.fc}, cloud: j.fakeGCE, scope: meta.Global} + env := &translator.Env{FrontendConfig: tc.fc} - if err := l7.ensureSslPolicy(tc.proxy); err != nil { + if err := l7.ensureSslPolicy(env, tc.proxy, tc.policyLink); err != nil { t.Errorf("desc: %q, l7.ensureSslPolicy() = %v, want nil", tc.desc, err) } diff --git a/pkg/loadbalancers/target_proxies.go b/pkg/loadbalancers/target_proxies.go index 4ade09188e..5de9276fb3 100644 --- a/pkg/loadbalancers/target_proxies.go +++ b/pkg/loadbalancers/target_proxies.go @@ -17,9 +17,9 @@ limitations under the License. package loadbalancers import ( - "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud" "k8s.io/ingress-gce/pkg/composite" "k8s.io/ingress-gce/pkg/flags" + "k8s.io/ingress-gce/pkg/translator" "k8s.io/ingress-gce/pkg/utils" "k8s.io/ingress-gce/pkg/utils/namer" "k8s.io/klog" @@ -32,161 +32,148 @@ const ( // checkProxy ensures the correct TargetHttpProxy for a loadbalancer func (l *L7) checkProxy() (err error) { - key, err := l.CreateKey(l.um.Name) + isL7ILB := flags.F.EnableL7Ilb && utils.IsGCEL7ILBIngress(l.runtimeInfo.Ingress) + tr := translator.NewTranslator(isL7ILB, l.namer) + + description, err := l.description() if err != nil { return err } - resourceID := cloud.ResourceID{ProjectID: "", Resource: "urlMaps", Key: key} - urlMapLink := resourceID.ResourcePath() - proxyName := l.namer.TargetProxy(namer.HTTPProtocol) - key, err = l.CreateKey(proxyName) + urlMapKey, err := l.CreateKey(l.um.Name) if err != nil { return err } + version := l.Versions().TargetHttpProxy - proxy, _ := composite.GetTargetHttpProxy(l.cloud, key, version) - if proxy == nil { + proxy := tr.ToCompositeTargetHttpProxy(description, version, urlMapKey) + + key, err := l.CreateKey(proxy.Name) + if err != nil { + return err + } + + currentProxy, _ := composite.GetTargetHttpProxy(l.cloud, key, version) + if currentProxy == nil { klog.V(3).Infof("Creating new http proxy for urlmap %v", l.um.Name) - description, err := l.description() - if err != nil { - return err - } - newProxy := &composite.TargetHttpProxy{ - Name: proxyName, - UrlMap: urlMapLink, - Description: description, - Version: version, - } - key, err := l.CreateKey(newProxy.Name) + + key, err := l.CreateKey(proxy.Name) if err != nil { return err } - if err = composite.CreateTargetHttpProxy(l.cloud, key, newProxy); err != nil { + if err = composite.CreateTargetHttpProxy(l.cloud, key, proxy); err != nil { return err } - key, err = l.CreateKey(proxyName) + key, err = l.CreateKey(proxy.Name) if err != nil { return err } - proxy, err = composite.GetTargetHttpProxy(l.cloud, key, version) + currentProxy, err = composite.GetTargetHttpProxy(l.cloud, key, version) if err != nil { return err } - l.tp = proxy + l.tp = currentProxy return nil } - if !utils.EqualResourcePaths(proxy.UrlMap, urlMapLink) { + if !utils.EqualResourcePaths(currentProxy.UrlMap, proxy.UrlMap) { klog.V(3).Infof("Proxy %v has the wrong url map, setting %v overwriting %v", - proxy.Name, urlMapLink, proxy.UrlMap) - key, err := l.CreateKey(proxy.Name) + currentProxy.Name, proxy.UrlMap, currentProxy.UrlMap) + key, err := l.CreateKey(currentProxy.Name) if err != nil { return err } - if err := composite.SetUrlMapForTargetHttpProxy(l.cloud, key, proxy, urlMapLink); err != nil { + if err := composite.SetUrlMapForTargetHttpProxy(l.cloud, key, currentProxy, proxy.UrlMap); err != nil { return err } } - l.tp = proxy + l.tp = currentProxy return nil } func (l *L7) checkHttpsProxy() (err error) { + isL7ILB := flags.F.EnableL7Ilb && utils.IsGCEL7ILBIngress(l.runtimeInfo.Ingress) + tr := translator.NewTranslator(isL7ILB, l.namer) + env := &translator.Env{FrontendConfig: l.runtimeInfo.FrontendConfig} + if len(l.sslCerts) == 0 { - klog.V(3).Infof("No SSL certificates for %q, will not create HTTPS proxy.", l) + klog.V(3).Infof("No SSL certificates for %q, will not create HTTPS Proxy.", l) return nil } - key, err := l.CreateKey(l.um.Name) + urlMapKey, err := l.CreateKey(l.um.Name) if err != nil { return err } - resourceID := cloud.ResourceID{ProjectID: "", Resource: "urlMaps", Key: key} - urlMapLink := resourceID.ResourcePath() - proxyName := l.namer.TargetProxy(namer.HTTPSProtocol) - key, err = l.CreateKey(proxyName) + description, err := l.description() + version := l.Versions().TargetHttpProxy + proxy, sslPolicySet, err := tr.ToCompositeTargetHttpsProxy(env, description, version, urlMapKey, l.sslCerts) if err != nil { return err } - version := l.Versions().TargetHttpProxy - proxy, _ := composite.GetTargetHttpsProxy(l.cloud, key, version) - description, err := l.description() + + key, err := l.CreateKey(proxy.Name) if err != nil { return err } - if proxy == nil { - klog.V(3).Infof("Creating new https proxy for urlmap %q", l.um.Name) - newProxy := &composite.TargetHttpsProxy{ - Name: proxyName, - UrlMap: urlMapLink, - Description: description, - Version: version, - } - for _, c := range l.sslCerts { - newProxy.SslCertificates = append(newProxy.SslCertificates, c.SelfLink) - } + currentProxy, _ := composite.GetTargetHttpsProxy(l.cloud, key, version) + if err != nil { + return err + } - key, err := l.CreateKey(newProxy.Name) - if err != nil { - return err - } - if err = composite.CreateTargetHttpsProxy(l.cloud, key, newProxy); err != nil { - return err - } + if currentProxy == nil { + klog.V(3).Infof("Creating new https Proxy for urlmap %q", l.um.Name) - if flags.F.EnableFrontendConfig { - if err := l.ensureSslPolicy(newProxy); err != nil { - return err - } + if err = composite.CreateTargetHttpsProxy(l.cloud, key, proxy); err != nil { + return err } - key, err = l.CreateKey(proxyName) + key, err = l.CreateKey(proxy.Name) if err != nil { return err } - proxy, err = composite.GetTargetHttpsProxy(l.cloud, key, version) + currentProxy, err = composite.GetTargetHttpsProxy(l.cloud, key, version) if err != nil { return err } - l.tps = proxy + l.tps = currentProxy return nil } - if !utils.EqualResourcePaths(proxy.UrlMap, urlMapLink) { - klog.V(3).Infof("Https proxy %v has the wrong url map, setting %v overwriting %v", - proxy.Name, urlMapLink, proxy.UrlMap) - key, err := l.CreateKey(proxy.Name) + if !utils.EqualResourcePaths(currentProxy.UrlMap, proxy.UrlMap) { + klog.V(3).Infof("Https Proxy %v has the wrong url map, setting %v overwriting %v", + currentProxy.Name, proxy.UrlMap, currentProxy.UrlMap) + key, err := l.CreateKey(currentProxy.Name) if err != nil { return err } - if err := composite.SetUrlMapForTargetHttpsProxy(l.cloud, key, proxy, urlMapLink); err != nil { + if err := composite.SetUrlMapForTargetHttpsProxy(l.cloud, key, currentProxy, proxy.UrlMap); err != nil { return err } } - if !l.compareCerts(proxy.SslCertificates) { - klog.V(3).Infof("Https proxy %q has the wrong ssl certs, setting %v overwriting %v", - proxy.Name, toCertNames(l.sslCerts), proxy.SslCertificates) + if !l.compareCerts(currentProxy.SslCertificates) { + klog.V(3).Infof("Https Proxy %q has the wrong ssl certs, setting %v overwriting %v", + currentProxy.Name, toCertNames(l.sslCerts), currentProxy.SslCertificates) var sslCertURLs []string for _, cert := range l.sslCerts { sslCertURLs = append(sslCertURLs, cert.SelfLink) } - key, err := l.CreateKey(proxy.Name) + key, err := l.CreateKey(currentProxy.Name) if err != nil { return err } - if err := composite.SetSslCertificateForTargetHttpsProxy(l.cloud, key, proxy, sslCertURLs); err != nil { + if err := composite.SetSslCertificateForTargetHttpsProxy(l.cloud, key, currentProxy, sslCertURLs); err != nil { return err } } - if flags.F.EnableFrontendConfig { - if err := l.ensureSslPolicy(proxy); err != nil { + if flags.F.EnableFrontendConfig && sslPolicySet { + if err := l.ensureSslPolicy(env, currentProxy, proxy.SslPolicy); err != nil { return err } } - l.tps = proxy + l.tps = currentProxy return nil } @@ -206,54 +193,15 @@ func (l *L7) getSslCertLinkInUse() ([]string, error) { // ensureSslPolicy ensures that the SslPolicy described in the frontendconfig is // properly applied to the proxy. -func (l *L7) ensureSslPolicy(proxy *composite.TargetHttpsProxy) error { - policyLink, err := l.getSslPolicyLink() - if err != nil { - return err - } - - if policyLink != nil && !utils.EqualResourceIDs(*policyLink, proxy.SslPolicy) { - key, err := l.CreateKey(proxy.Name) +func (l *L7) ensureSslPolicy(env *translator.Env, currentProxy *composite.TargetHttpsProxy, policyLink string) error { + if !utils.EqualResourceIDs(policyLink, currentProxy.SslPolicy) { + key, err := l.CreateKey(currentProxy.Name) if err != nil { return err } - if err := composite.SetSslPolicyForTargetHttpsProxy(l.cloud, key, proxy, *policyLink); err != nil { + if err := composite.SetSslPolicyForTargetHttpsProxy(l.cloud, key, currentProxy, policyLink); err != nil { return err } } return nil } - -// getSslPolicyLink returns the ref to the ssl policy that is described by the -// frontend config. Since Ssl Policy is a *string, there are three possible I/O situations -// 1) policy is nil -> this returns nil -// 2) policy is an empty string -> this returns an empty string -// 3) policy is non-empty -> this constructs the resourcce path and returns it -func (l *L7) getSslPolicyLink() (*string, error) { - var link string - - if l.runtimeInfo.FrontendConfig == nil { - return nil, nil - } - - policyName := l.runtimeInfo.FrontendConfig.Spec.SslPolicy - if policyName == nil { - return nil, nil - } - if *policyName == "" { - return &link, nil - } - - key, err := l.CreateKey(*policyName) - if err != nil { - return nil, err - } - resourceID := cloud.ResourceID{ - Resource: "sslPolicies", - Key: key, - ProjectID: l.cloud.ProjectID(), - } - resID := resourceID.ResourcePath() - - return &resID, nil -} diff --git a/pkg/translator/translator.go b/pkg/translator/translator.go index 844bd548e0..e2f32617a3 100644 --- a/pkg/translator/translator.go +++ b/pkg/translator/translator.go @@ -27,6 +27,8 @@ import ( "k8s.io/api/networking/v1beta1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" + frontendconfigv1beta1 "k8s.io/ingress-gce/pkg/apis/frontendconfig/v1beta1" + "k8s.io/ingress-gce/pkg/flags" "k8s.io/ingress-gce/pkg/composite" "k8s.io/ingress-gce/pkg/utils" @@ -37,6 +39,9 @@ import ( type Env struct { // Ing is the Ingress we are translating. Ing *v1beta1.Ingress + // TODO(shance): this should be a map, similar to SecretsMap + // FrontendConfig is the frontendconfig associated with the Ingress + FrontendConfig *frontendconfigv1beta1.FrontendConfig // SecretsMap contains a mapping from Secret name to the actual resource. // It is assumed that the map contains resources from a single namespace. // This is the same namespace as the Ingress namespace. @@ -222,3 +227,80 @@ func (t *Translator) ToCompositeForwardingRule(env *Env, protocol namer.NamerPro return fr } + +func (t *Translator) ToCompositeTargetHttpProxy(description string, version meta.Version, urlMapKey *meta.Key) *composite.TargetHttpProxy { + resourceID := cloud.ResourceID{ProjectID: "", Resource: "urlMaps", Key: urlMapKey} + urlMapLink := resourceID.ResourcePath() + proxyName := t.FrontendNamer.TargetProxy(namer.HTTPProtocol) + + proxy := &composite.TargetHttpProxy{ + Name: proxyName, + UrlMap: urlMapLink, + Description: description, + Version: version, + } + + return proxy +} + +//TODO(shance): find a way to remove the second return value for sslPolicySet. We currently need to this to maintain the behavior where we do not update the policy if the frontendconfig is empty/deleted +func (t *Translator) ToCompositeTargetHttpsProxy(env *Env, description string, version meta.Version, urlMapKey *meta.Key, sslCerts []*composite.SslCertificate) (*composite.TargetHttpsProxy, bool, error) { + resourceID := cloud.ResourceID{ProjectID: "", Resource: "urlMaps", Key: urlMapKey} + urlMapLink := resourceID.ResourcePath() + proxyName := t.FrontendNamer.TargetProxy(namer.HTTPSProtocol) + + var certs []string + for _, c := range sslCerts { + certs = append(certs, c.SelfLink) + } + + proxy := &composite.TargetHttpsProxy{ + Name: proxyName, + UrlMap: urlMapLink, + Description: description, + SslCertificates: certs, + Version: version, + } + var sslPolicySet bool + if flags.F.EnableFrontendConfig { + sslPolicy, err := sslPolicyLink(env) + if err != nil { + return nil, sslPolicySet, err + } + if sslPolicy != nil { + proxy.SslPolicy = *sslPolicy + sslPolicySet = true + } + } + + return proxy, sslPolicySet, nil +} + +// sslPolicyLink returns the ref to the ssl policy that is described by the +// frontend config. Since Ssl Policy is a *string, there are three possible I/O situations +// 1) policy is nil -> this returns nil +// 2) policy is an empty string -> this returns an empty string +// 3) policy is non-empty -> this constructs the resource path and returns it +func sslPolicyLink(env *Env) (*string, error) { + var link string + + if env.FrontendConfig == nil { + return nil, nil + } + + policyName := env.FrontendConfig.Spec.SslPolicy + if policyName == nil { + return nil, nil + } + if *policyName == "" { + return &link, nil + } + + resourceID := cloud.ResourceID{ + Resource: "sslPolicies", + Key: meta.GlobalKey(*policyName), + } + resID := resourceID.ResourcePath() + + return &resID, nil +} diff --git a/pkg/translator/translator_test.go b/pkg/translator/translator_test.go index 655e6bd898..da0c96cefb 100644 --- a/pkg/translator/translator_test.go +++ b/pkg/translator/translator_test.go @@ -16,6 +16,7 @@ package translator import ( "context" "fmt" + "reflect" "testing" "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta" @@ -24,6 +25,8 @@ import ( "k8s.io/api/networking/v1beta1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" + frontendconfigv1beta1 "k8s.io/ingress-gce/pkg/apis/frontendconfig/v1beta1" + "k8s.io/ingress-gce/pkg/flags" "k8s.io/ingress-gce/pkg/composite" "k8s.io/ingress-gce/pkg/utils" @@ -383,3 +386,185 @@ func TestToForwardingRule(t *testing.T) { }) } } + +func TestToCompositeTargetHttpProxy(t *testing.T) { + t.Parallel() + description := "foo" + + testCases := []struct { + desc string + urlMapKey *meta.Key + version meta.Version + want *composite.TargetHttpProxy + }{ + { + desc: "http xlb", + urlMapKey: meta.GlobalKey("my-url-map"), + version: meta.VersionGA, + want: &composite.TargetHttpProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionGA, + UrlMap: "global/urlMaps/my-url-map", + }, + }, + { + desc: "http ilb", + urlMapKey: meta.RegionalKey("my-url-map", "fakeRegion"), + version: meta.VersionGA, + want: &composite.TargetHttpProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionGA, + UrlMap: "regions/fakeRegion/urlMaps/my-url-map", + }, + }, + { + desc: "http xlb with beta version", + urlMapKey: meta.GlobalKey("my-url-map"), + version: meta.VersionBeta, + want: &composite.TargetHttpProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionBeta, + UrlMap: "global/urlMaps/my-url-map", + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.desc, func(t *testing.T) { + // isL7ILB doesn't affect the outcome here since the key is creating during ensure + tr := NewTranslator(false, &testNamer{"foo"}) + got := tr.ToCompositeTargetHttpProxy(description, tc.version, tc.urlMapKey) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Fatalf("Got diff for TargetHttpProxy (-want +got):\n%s", diff) + } + }) + } +} + +func TestToCompositeTargetHttpsProxy(t *testing.T) { + t.Parallel() + flags.F.EnableFrontendConfig = true + description := "foo" + + testCases := []struct { + desc string + urlMapKey *meta.Key + sslCerts []*composite.SslCertificate + sslPolicy *string + version meta.Version + want *composite.TargetHttpsProxy + }{ + { + desc: "https xlb", + urlMapKey: meta.GlobalKey("my-url-map"), + version: meta.VersionGA, + want: &composite.TargetHttpsProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionGA, + UrlMap: "global/urlMaps/my-url-map", + }, + }, + { + desc: "https ilb", + urlMapKey: meta.RegionalKey("my-url-map", "fakeRegion"), + version: meta.VersionGA, + want: &composite.TargetHttpsProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionGA, + UrlMap: "regions/fakeRegion/urlMaps/my-url-map", + }, + }, + { + desc: "https elb with beta version", + urlMapKey: meta.GlobalKey("my-url-map"), + version: meta.VersionBeta, + want: &composite.TargetHttpsProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionBeta, + UrlMap: "global/urlMaps/my-url-map", + }, + }, + { + desc: "https xlb with ssl policy", + urlMapKey: meta.GlobalKey("my-url-map"), + version: meta.VersionGA, + sslPolicy: utils.NewStringPointer("test-policy"), + want: &composite.TargetHttpsProxy{ + Name: "foo-tp", + Description: description, + Version: meta.VersionGA, + UrlMap: "global/urlMaps/my-url-map", + SslPolicy: "global/sslPolicies/test-policy", + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.desc, func(t *testing.T) { + // isL7ILB doesn't affect the outcome here since the key is creating during ensure + tr := NewTranslator(false, &testNamer{"foo"}) + env := &Env{FrontendConfig: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: tc.sslPolicy}}} + got, sslPolicySet, err := tr.ToCompositeTargetHttpsProxy(env, description, tc.version, tc.urlMapKey, tc.sslCerts) + if err != nil { + t.Fatal(err) + } + wantSslPolicySet := tc.sslPolicy != nil + if sslPolicySet != wantSslPolicySet { + t.Errorf("sslPolicySet = %v, want %v", sslPolicySet, wantSslPolicySet) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Fatalf("Got diff for TargetHttpProxy (-want +got):\n%s", diff) + } + }) + } +} + +func TestSslPolicyLink(t *testing.T) { + t.Parallel() + testCases := []struct { + desc string + fc *frontendconfigv1beta1.FrontendConfig + want *string + }{ + { + desc: "Empty frontendconfig", + fc: nil, + want: nil, + }, + { + desc: "frontendconfig with no ssl policy", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{}}, + want: nil, + }, + { + desc: "frontendconfig with ssl policy", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("test-policy")}}, + want: utils.NewStringPointer("global/sslPolicies/test-policy"), + }, + { + desc: "frontendconfig with empty string ssl policy", + fc: &frontendconfigv1beta1.FrontendConfig{Spec: frontendconfigv1beta1.FrontendConfigSpec{SslPolicy: utils.NewStringPointer("")}}, + want: utils.NewStringPointer(""), + }, + } + + for _, tc := range testCases { + t.Run(tc.desc, func(t *testing.T) { + env := &Env{FrontendConfig: tc.fc} + result, err := sslPolicyLink(env) + if err != nil { + t.Errorf("sslPolicyLink() = %v, want nil", err) + } + + if !reflect.DeepEqual(result, tc.want) { + t.Errorf("sslPolicyLink() = %v, want %+v", result, tc.want) + } + }) + } +}