From a3981dd3cdc9d81b5db52c4fd1ee3340d874df51 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 28 Jul 2021 16:08:06 +0200
Subject: [PATCH] providers/proxy: fix hosts for ingress not being compared
 correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 .../proxy/controllers/k8s/ingress.py          |  6 +-
 tests/integration/test_proxy_kubernetes.py    | 55 +++++++++++++++----
 2 files changed, 48 insertions(+), 13 deletions(-)

diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py
index 401db2e89..2cb2153bc 100644
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@@ -60,12 +60,12 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
         expected_hosts.sort()
         expected_hosts_tls.sort()
 
-        have_hosts = [rule.host for rule in reference.spec.rules]
+        have_hosts = [rule.host for rule in current.spec.rules]
         have_hosts.sort()
 
         have_hosts_tls = []
-        for tls_config in reference.spec.tls:
-            if tls_config:
+        for tls_config in current.spec.tls:
+            if tls_config and tls_config.hosts:
                 have_hosts_tls += tls_config.hosts
         have_hosts_tls.sort()
 
diff --git a/tests/integration/test_proxy_kubernetes.py b/tests/integration/test_proxy_kubernetes.py
index 11b319696..ba498fdad 100644
--- a/tests/integration/test_proxy_kubernetes.py
+++ b/tests/integration/test_proxy_kubernetes.py
@@ -1,20 +1,36 @@
 """Test Controllers"""
+from typing import Optional
+
 import yaml
 from django.test import TestCase
+from structlog.stdlib import get_logger
 
 from authentik.flows.models import Flow
+from authentik.outposts.controllers.kubernetes import KubernetesController
 from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType
 from authentik.outposts.tasks import outpost_local_connection
+from authentik.providers.proxy.controllers.k8s.ingress import IngressReconciler
 from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController
-from authentik.providers.proxy.models import ProxyProvider
+from authentik.providers.proxy.models import ProxyMode, ProxyProvider
+
+LOGGER = get_logger()
 
 
 class TestProxyKubernetes(TestCase):
     """Test Controllers"""
 
+    controller: Optional[KubernetesController]
+
     def setUp(self):
         # Ensure that local connection have been created
         outpost_local_connection()
+        self.controller = None
+
+    def tearDown(self) -> None:
+        if self.controller:
+            for log in self.controller.down_with_logs():
+                LOGGER.info(log)
+        return super().tearDown()
 
     def test_kubernetes_controller_static(self):
         """Test Kubernetes Controller"""
@@ -33,18 +49,26 @@ class TestProxyKubernetes(TestCase):
         outpost.providers.add(provider)
         outpost.save()
 
-        controller = ProxyKubernetesController(outpost, service_connection)
-        manifest = controller.get_static_deployment()
+        self.controller = ProxyKubernetesController(outpost, service_connection)
+        manifest = self.controller.get_static_deployment()
         self.assertEqual(len(list(yaml.load_all(manifest, Loader=yaml.SafeLoader))), 4)
 
-    def test_kubernetes_controller_deploy(self):
-        """Test Kubernetes Controller"""
+    def test_kubernetes_controller_ingress(self):
+        """Test Kubernetes Controller's Ingress"""
         provider: ProxyProvider = ProxyProvider.objects.create(
             name="test",
             internal_host="http://localhost",
-            external_host="http://localhost",
+            external_host="https://localhost",
             authorization_flow=Flow.objects.first(),
         )
+        provider2: ProxyProvider = ProxyProvider.objects.create(
+            name="test2",
+            internal_host="http://otherhost",
+            external_host="https://otherhost",
+            mode=ProxyMode.FORWARD_SINGLE,
+            authorization_flow=Flow.objects.first(),
+        )
+
         service_connection = KubernetesServiceConnection.objects.first()
         outpost: Outpost = Outpost.objects.create(
             name="test",
@@ -52,8 +76,19 @@ class TestProxyKubernetes(TestCase):
             service_connection=service_connection,
         )
         outpost.providers.add(provider)
-        outpost.save()
 
-        controller = ProxyKubernetesController(outpost, service_connection)
-        controller.up()
-        controller.down()
+        self.controller = ProxyKubernetesController(outpost, service_connection)
+
+        ingress_rec = IngressReconciler(self.controller)
+        ingress = ingress_rec.retrieve()
+
+        self.assertEqual(len(ingress.spec.rules), 1)
+        self.assertEqual(ingress.spec.rules[0].host, "localhost")
+
+        # add provider, check again
+        outpost.providers.add(provider2)
+        ingress = ingress_rec.retrieve()
+
+        self.assertEqual(len(ingress.spec.rules), 2)
+        self.assertEqual(ingress.spec.rules[0].host, "localhost")
+        self.assertEqual(ingress.spec.rules[1].host, "otherhost")