From a3981dd3cdc9d81b5db52c4fd1ee3340d874df51 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 28 Jul 2021 16:08:06 +0200 Subject: [PATCH] providers/proxy: fix hosts for ingress not being compared correctly Signed-off-by: Jens Langhammer --- .../proxy/controllers/k8s/ingress.py | 6 +- tests/integration/test_proxy_kubernetes.py | 55 +++++++++++++++---- 2 files changed, 48 insertions(+), 13 deletions(-) diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py index 401db2e89..2cb2153bc 100644 --- a/authentik/providers/proxy/controllers/k8s/ingress.py +++ b/authentik/providers/proxy/controllers/k8s/ingress.py @@ -60,12 +60,12 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]): expected_hosts.sort() expected_hosts_tls.sort() - have_hosts = [rule.host for rule in reference.spec.rules] + have_hosts = [rule.host for rule in current.spec.rules] have_hosts.sort() have_hosts_tls = [] - for tls_config in reference.spec.tls: - if tls_config: + for tls_config in current.spec.tls: + if tls_config and tls_config.hosts: have_hosts_tls += tls_config.hosts have_hosts_tls.sort() diff --git a/tests/integration/test_proxy_kubernetes.py b/tests/integration/test_proxy_kubernetes.py index 11b319696..ba498fdad 100644 --- a/tests/integration/test_proxy_kubernetes.py +++ b/tests/integration/test_proxy_kubernetes.py @@ -1,20 +1,36 @@ """Test Controllers""" +from typing import Optional + import yaml from django.test import TestCase +from structlog.stdlib import get_logger from authentik.flows.models import Flow +from authentik.outposts.controllers.kubernetes import KubernetesController from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType from authentik.outposts.tasks import outpost_local_connection +from authentik.providers.proxy.controllers.k8s.ingress import IngressReconciler from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController -from authentik.providers.proxy.models import ProxyProvider +from authentik.providers.proxy.models import ProxyMode, ProxyProvider + +LOGGER = get_logger() class TestProxyKubernetes(TestCase): """Test Controllers""" + controller: Optional[KubernetesController] + def setUp(self): # Ensure that local connection have been created outpost_local_connection() + self.controller = None + + def tearDown(self) -> None: + if self.controller: + for log in self.controller.down_with_logs(): + LOGGER.info(log) + return super().tearDown() def test_kubernetes_controller_static(self): """Test Kubernetes Controller""" @@ -33,18 +49,26 @@ class TestProxyKubernetes(TestCase): outpost.providers.add(provider) outpost.save() - controller = ProxyKubernetesController(outpost, service_connection) - manifest = controller.get_static_deployment() + self.controller = ProxyKubernetesController(outpost, service_connection) + manifest = self.controller.get_static_deployment() self.assertEqual(len(list(yaml.load_all(manifest, Loader=yaml.SafeLoader))), 4) - def test_kubernetes_controller_deploy(self): - """Test Kubernetes Controller""" + def test_kubernetes_controller_ingress(self): + """Test Kubernetes Controller's Ingress""" provider: ProxyProvider = ProxyProvider.objects.create( name="test", internal_host="http://localhost", - external_host="http://localhost", + external_host="https://localhost", authorization_flow=Flow.objects.first(), ) + provider2: ProxyProvider = ProxyProvider.objects.create( + name="test2", + internal_host="http://otherhost", + external_host="https://otherhost", + mode=ProxyMode.FORWARD_SINGLE, + authorization_flow=Flow.objects.first(), + ) + service_connection = KubernetesServiceConnection.objects.first() outpost: Outpost = Outpost.objects.create( name="test", @@ -52,8 +76,19 @@ class TestProxyKubernetes(TestCase): service_connection=service_connection, ) outpost.providers.add(provider) - outpost.save() - controller = ProxyKubernetesController(outpost, service_connection) - controller.up() - controller.down() + self.controller = ProxyKubernetesController(outpost, service_connection) + + ingress_rec = IngressReconciler(self.controller) + ingress = ingress_rec.retrieve() + + self.assertEqual(len(ingress.spec.rules), 1) + self.assertEqual(ingress.spec.rules[0].host, "localhost") + + # add provider, check again + outpost.providers.add(provider2) + ingress = ingress_rec.retrieve() + + self.assertEqual(len(ingress.spec.rules), 2) + self.assertEqual(ingress.spec.rules[0].host, "localhost") + self.assertEqual(ingress.spec.rules[1].host, "otherhost")